Learn how to manually sign-in a registered user in your Symfony 5 project.

If you followed our article about how to create a registration form in your Symfony 5 application using the Symfony default security component, you may be probably thinking right now, how the hell can I automatically sign in the user that just registered in my application automatically? In this short article, I will explain to you how to easily sign-in any user manually in your Symfony 5 application.

A. Signing-in a recently registered user

The first situation that you will find to login your user automatically, is just after the registration step in your application. This, usually happens in the register action of your security controller. You can easily authenticate your user by returning as response the result of the authenticator (onAuthenticationSuccess):

<?php

// src/Controller/SecurityController.php
namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
use App\Form\RegistrationFormType;
use App\Entity\User;
use App\Security\LoginFormAuthenticator;
use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;

class SecurityController extends AbstractController
{
    /**
     * Registers a new user.
     * 
     * @param Request $request
     * @param UserPasswordEncoderInterface $passwordEncoder
     * @param LoginFormAuthenticator $loginAuthenticator
     * @param GuardAuthenticatorHandler $guard
     * @return Response
     */
    public function register(
        Request $request, 
        UserPasswordEncoderInterface $passwordEncoder,
        LoginFormAuthenticator $loginAuthenticator,
        GuardAuthenticatorHandler $guard
    ): Response
    {
        $user = new User();
        $form = $this->createForm(RegistrationFormType::class, $user);
        $form->handleRequest($request);
        
        if ($form->isSubmitted() && $form->isValid()) {
            // encode the plain password
            $user->setPassword(
                $passwordEncoder->encodePassword(
                    $user,
                    $form->get('plainPassword')->getData()
                )
            );

            $entityManager = $this->getDoctrine()->getManager();
            $entityManager->persist($user);
            $entityManager->flush();
            
            // Handle user as if he just logged-in
            // after validating the user and saving it to the database
            // authenticate the user and use onAuthenticationSuccess on the authenticator
            return $guard->authenticateUserAndHandleSuccess(
                $user,
                $request,
                $loginAuthenticator,
                'main'
            );
        }

        return $this->render('security/register.html.twig', [
            'registrationForm' => $form->createView(),
        ]);
    }
}

This will automatically sign in your user, following the current main firewall of your application. 

B. Signing-in any user entity following the LoginFormAuthenticator onAuthenticationSuccess event

On the other hand, if all that you are looking for is to authenticate a specific user entity/object that you can obtain from your database, then the following short snippet will show you how to do it while preserving what the application should do after every successful authentication (onAuthenticationSuccess method of your authenticator):

<?php

// src/Controller/SecurityController.php
namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Request;
use App\Entity\User;
use App\Security\LoginFormAuthenticator;
use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;

class SecurityController extends AbstractController
{
    public function example(
        Request $request, 
        LoginFormAuthenticator $loginAuthenticator,
        GuardAuthenticatorHandler $guard
    ): Response
    {
        // Find Some User in your application, in this example the one with ID #1
        $user = $this->getDoctrine()->getManager()->getRepository(User::class)->find(1);
        
        // Authenticate user and follow the LoginFormAuthenticator steps (redirect to index page which is common maybe?)
        return $guard->authenticateUserAndHandleSuccess(
            $user,
            $request,
            $loginAuthenticator,
            'main'
        );
    }
}

C. Signing-in any user entity

Finally, the other option is to simply sign in the user, however ignoring the onAuthenticationSuccess function of your LoginFormAuthenticator, why by default redirects normally to the index page of your project. Use the same authenticateUserAndHandleSuccess method, however, don't return its result as response, just call the method and do whatever you need afterwards:

<?php

// src/Controller/SecurityController.php
namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Request;
use App\Entity\User;
use App\Security\LoginFormAuthenticator;
use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;

class SecurityController extends AbstractController
{
    public function example(
        Request $request, 
        LoginFormAuthenticator $loginAuthenticator,
        GuardAuthenticatorHandler $guard
    ): Response
    {
        // Find Some User in your application, in this example the one with ID #1
        $user = $this->getDoctrine()->getManager()->getRepository(User::class)->find(1);
        
        // Authenticate user 
        $guard->authenticateUserAndHandleSuccess(
            $user,
            $request,
            $loginAuthenticator,
            'main'
        );
        
        // At this point the user is now authenticated!
        
        // you may redirect the user to another page
        // execute other logic or whatever you need ;)
        return $this->redirectToRoute("articles_index");
    }
}

Happy coding ❤️!


Senior Software Engineer at Software Medico. Interested in programming since he was 14 years old, Carlos is a self-taught programmer and founder and author of most of the articles at Our Code World.

Sponsors