In Symfony 5.1 we introduced a new security authentication system as an experimental feature. Twelve months after its introduction, and having been tested by many developers in real applications, we’re confident enough to mark it as stable and recommend using it in all Symfony applications.
That’s why we made the decision to deprecate the old authentication mechanism and also deprecate the Guard component in Symfony 5.3. This change came a bit late (during the Release Candidate phase) and some of you might be unaware of it.
The new authentication system changes the internals of Symfony security to make it more extensible and more understandable. It’s mostly backwards compatible with the previous Guard-based system, with some important exceptions:
All this is explained in the new authentication system docs, which also explains how to create your own custom authenticator.
Thanks to these changes, we’re finally happy with the Symfony security authentication system, and we hope to use it to implement many interesting new features in upcoming Symfony versions.
What a Symfony developer should know about the framework: News, Jobs, Tweets, Events, Videos,...