vraith/symfony-auth-starter
Composer 安装命令:
composer require vraith/symfony-auth-starter
包简介
The Laravel Breeze of Symfony — scaffold complete authentication in minutes
README 文档
README
The Laravel Breeze of Symfony — scaffold complete authentication into your app in one command.
One composer require, one php bin/console auth:install, and you have a fully working auth system. After install, you own all the code — no runtime dependency on this package.
Quick Start
composer require vraith/symfony-auth-starter
php bin/console auth:install
# Follow the interactive prompts, then:
php bin/console make:migration
php bin/console doctrine:migrations:migrate
The installer will ask whether to enable Google OAuth and prompt for your sender email address. It generates all files directly into your project.
What Gets Generated
src/
Entity/User.php # Doctrine entity with email, password, googleId, isVerified
Controller/Auth/
LoginController.php # Login + logout
RegistrationController.php # Register + email verification
ResetPasswordController.php # Forgot password + reset
GoogleController.php # Google OAuth (optional)
Form/
RegistrationFormType.php # Email + password fields
ResetPasswordRequestFormType.php # Email field
ChangePasswordFormType.php # Repeated password field
Security/
LoginFormAuthenticator.php # Form login with CSRF + remember me
GoogleAuthenticator.php # OAuth2 authenticator (optional)
templates/auth/
login.html.twig # Login page
register.html.twig # Registration page
forgot_password.html.twig # Request password reset
check_email.html.twig # "Check your email" confirmation
reset_password.html.twig # New password form
email/verification.html.twig # Verification email
email/reset_password.html.twig # Password reset email
config/packages/
security.yaml # Full firewall + access control config
knpu_oauth2_client.yaml # Google OAuth client (optional)
Routes
| Method | Path | Name |
|---|---|---|
| GET | /login |
app_login |
| GET | /logout |
app_logout |
| GET|POST | /register |
app_register |
| GET | /verify/email |
app_verify_email |
| GET|POST | /reset-password |
app_forgot_password_request |
| GET | /reset-password/check-email |
app_check_email |
| GET|POST | /reset-password/reset/{token} |
app_reset_password |
| GET | /connect/google |
connect_google_start * |
| GET | /connect/google/check |
connect_google_check * |
* Only when Google OAuth is enabled.
What Each Component Does
LoginFormAuthenticator creates a Symfony Security Passport with UserBadge, PasswordCredentials, CsrfTokenBadge, and RememberMeBadge. It uses TargetPathTrait to redirect users back to where they were before login.
GoogleAuthenticator extends KnpU's OAuth2Authenticator. It fetches the Google user profile, finds or creates a local User, and automatically links Google accounts to existing users with matching email addresses. OAuth users are auto-verified.
ResetPasswordController uses SymfonyCasts' ResetPasswordBundle with an anti-enumeration pattern — it always redirects to the "check your email" page even when no user is found, preventing attackers from probing which emails have accounts.
RegistrationController hashes the password, persists the user, generates a signed email verification URL, and auto-logs in the user via UserAuthenticatorInterface.
Customization
All generated code lives in your src/ and templates/ directories. Edit it directly — there are no bundle overrides, no config layers, no abstractions to learn.
Want to add a username field? Add it to User.php and RegistrationFormType.php.
Want to change the email template? Edit templates/auth/email/verification.html.twig.
Want to redirect somewhere else after login? Change the route in LoginFormAuthenticator::onAuthenticationSuccess().
Google OAuth Setup
If you enabled Google OAuth during install:
- Go to Google Cloud Console
- Create a project and enable the Google+ API
- Create OAuth 2.0 credentials
- Add authorized redirect URI:
https://yourdomain.com/connect/google/check - Set the credentials in
.env.local:
GOOGLE_CLIENT_ID=your-client-id GOOGLE_CLIENT_SECRET=your-client-secret
If you didn't install Google OAuth initially, run auth:install again with --force.
To add Google OAuth to an existing install, first require the packages:
composer require knpuniversity/oauth2-client-bundle league/oauth2-google php bin/console auth:install --force
Prerequisites
All dependencies are pulled in automatically via composer require, including:
symfony/security-bundlesymfony/twig-bundlesymfony/formsymfony/validatorsymfony/mailerdoctrine/doctrine-bundle+doctrine/ormsymfonycasts/verify-email-bundlesymfonycasts/reset-password-bundle
The installer also checks at runtime that the required bundles are registered.
Re-running the Installer
Running auth:install a second time will skip files that already exist. Use --force to overwrite:
php bin/console auth:install --force
Removing the Package
After installation, all auth code lives in your project. You can safely remove the package:
composer remove vraith/symfony-auth-starter
Your auth system will continue to work since it has zero runtime dependency on the bundle.
Roadmap
- Multi-provider OAuth (GitHub, Facebook, LinkedIn)
- Two-Factor Authentication (2FA)
- Rate limiting on login/registration
- Account management (change email, change password)
License
MIT. See LICENSE.
vraith/symfony-auth-starter 适用场景与选型建议
vraith/symfony-auth-starter 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 5 次下载、GitHub Stars 达 1, 最近一次更新时间为 2026 年 03 月 12 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「symfony」 「security」 「Authentication」 「oauth2」 「login」 「google」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 vraith/symfony-auth-starter 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 vraith/symfony-auth-starter 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 vraith/symfony-auth-starter 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Automatically logs-in users if they are already authenticated by a remote source. (e.g. environment variable REMOTE_USER)
GraphQL authentication for your headless Craft CMS applications.
The bundle for easy using json-rpc api on your project
Provide a way to secure accesses to all routes of an symfony application.
Laravel middleware to restrict a site or specific routes using HTTP basic authentication
It's a barebone security class written on PHP
统计信息
- 总下载量: 5
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 1
- 点击次数: 30
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-03-12