I’ll just share here a quick snippet that serves to pragmatically authenticate the user in Symfony2.

It is very useful, especially after checking an email account using a token for example. In this case you might don’t want to ask again the password to your user and do the authentication for him.

What you need to do is to manually create the AuthenticationToken and give it to the security context:

// create the authentication token
$token = new UsernamePasswordToken(
	$user,
	null,
	'main',
	$user->getRoles());
// give it to the security context
$this->container->get('security.context')->setToken($token);

Note that the third parameter of the token constructor is the name of the security provider associated with your user found in your app/config/security.yaml file.

16 thoughts on “Programmatically authenticate the user in symfony2

  1. Thanks for this snippet, very useful. I’ve tried getting this to work but have had some problems and im pretty sure it’s the firewall/security configuration setup. In my case I try t do it after the user confirms their email address (a non-secured page) then try redirecting them to a secured page. Would you be able to share the security config you have used this snippet with? and also from which routes/urls you did the above?

  2. Hi Daniel,

    Sure, here is my security.yml :
    [cc lang=”yaml”]
    firewalls:
    main:
    pattern: /.*
    form_login:
    check_path: /login_check
    login_path: /login
    use_referer: true
    remember_me:
    key: mycryptedkey
    logout: true
    security: true
    anonymous: true
    bcc_facebook: true
    [/cc]

    If I am right the anonymous must be set to true if you want it to work.
    The action where I do the authenticate has no security requirements whereas the redirected action has a Role requirement.

  3. Le snippet sous-entend d’importer le namespace qui va bien en début de fichier, sinon il y a ça:

    $token = new SymfonyComponentSecurityCoreAuthenticationTokenUsernamePasswordToken();

  4. For some reason I had to add this as well:

    $this->get(‘session’)->set(‘_security_’.’main’, serialize($token));

    Where ‘main’ is the name of the firewall, and $token is the UsernamePasswordToken.

    Without this, the user gets logged out on the next pageview. Anyone know why?

    1. Hi Michel thanks for very useful snippet. I’ve additional question. Do you have any idea how to set remember me cookie from the controller? I just have the same scenario but after token authorization i want to set remember me cookie. Any idea?

      1. I dug into the code using github. It seams tricky but feasible.
        I think the trick is to access too the concrete service of this one https://github.com/symfony/symfony/blob/master/src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml#L44 and then manually call https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php#L102. This is very hackish, but it should do the trick.

  5. @jens: I guess it’s because your are using a custom session storage?
    Or maybe you are running on a different version of SF2.

    @jens, @michel: Actually, it would be a good idea to specify which version you are using

    1. Considering I made this post back in april 2011, it is working since PRs. And still working for me since (I am currently on the lastest github version).
      So it definitely comes from some other configuration issues… Maybe the session storage is involved, or the security firewall/provider.

  6. @Michel
    I tried the tricky method but actually it’s really a hard way to make it work
    (you have to send all the parameters inside the construct method of the “AbstractRememberMeServices” class
    (PersistentTokenBasedRememberMeServices extends this class)

    So i tried the other tricky method from @Jens And it DID work xD
    So thx a lot !🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s