3

I have an authenticator class which extends AbstractLoginFormAuthenticator and I declared it with the security.firewalls.main.custom_authenticator setting.

However, I omitted to set the security.enable_authenticator_manager setting - but everything works just as expected with no extra deprecations etc. I guess that when enable_authenticator_manager is not set it defaults to false, but the authenticator class is used anyway. What's the purpose of this setting?

IanMcL
  • 366
  • 2
  • 10
  • 5
    It was used in Symfony 5 to select between the older Guard based authentication and the newer Http authentication. Since the Guard software is now completely removed in Symfony 6 then the setting is no longer needed. I suppose eventually it will be removed. – Cerad Sep 12 '22 at 13:26
  • It is deprecated now in 6.2. https://github.com/symfony/symfony/pull/47890 – Tomsgu Dec 15 '22 at 13:35

1 Answers1

0

Symfony introduced a new authentication manager in 5.1. Setting security.enable_authenticator_manager allowed you to opt into it.

From 6.0 the new authentication manager was mandatory, and from 6.2 this setting was deprecated altogether.

To summarise, do not set this from Symfony 6.2 onwards.

Jonathan
  • 13,947
  • 17
  • 94
  • 123