PHPackages upchuk/userapp-symfony - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. upchuk/userapp-symfony ActiveLibrary[Authentication & Authorization](/categories/authentication) upchuk/userapp-symfony ====================== Integration of the Userapp.io service as a user provider for Symfony. 2171PHP Since Jun 13Pushed 10y ago1 watchersCompare [ Source](https://github.com/upchuk/userapp-symfony)[ Packagist](https://packagist.org/packages/upchuk/userapp-symfony)[ RSS](/packages/upchuk-userapp-symfony/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) With this library you can use [UserApp.io](https://www.userapp.io/) to manage your users that can authenticate with your Symfony application. For more information about Symfony security, check the [docs](http://symfony.com/doc/current/book/security.html). Features -------- [](#features) - All users stored in UserApp.io can login/logout but they must have at least one permission which preferably then needs to correlate with a Symfony role. - User information (basic details, permissions and properties) are stored in the Symfony user session upon login to avoid calls to the API on each request. This means that this data is only refreshed in the Symfony application when the user logs back in. - On each request, a heartbeat can be sent to the API to prolong the life of the UserApp.io token. This also means that the Symfony session gets destroyed if the UserApp.io token has expired in the meantime -> the user is forced to log back in. - You can specify if the heartbeat request should be sent on every request or after a defined number of minutes have passed since the previous one. - If you lock a user in UserApp.io, the locked status of the Symfony user gets updated in the next request through the heartbeat. - There is a service available that you can use to manage the password reset and change. Installation ------------ [](#installation) You can install this library with composer: ``` { "require": { "upchuk/userapp-symfony": "dev-master" } } ``` *(semver release tags will follow)* Before using this package, make sure that your UserApp.io users have at least one permission enabled. These permissions are used as roles in Symfony and are cached in the user session. Once the package is in your vendors folder, you'll need to import the `services.yml` file that comes with the library. Assuming that your own `services.yml` file is located in the default `app/config` folder, add this to it: ``` imports: - { resource: '../../vendor/upchuk/userapp-symfony/services.yml' } ``` Make sure you adjust the path if your directory structure differs. Configuration ------------- [](#configuration) ### Required [](#required) #### Security configuration [](#security-configuration) Edit the `security.yml` file and add the new user provider and firewall authentication provider: **The user provider:** ``` providers: user_app: id: user_app_provider ``` **The firewall** ``` firewalls: demo_secured_area: pattern: ^/secured/path simple_form: authenticator: user_app_authenticator check_path: _demo_security_check login_path: _demo_login logout: path: _demo_logout handlers: [user_app_logout] target: _demo ``` The `authenticator` key specifies the authenticator class used within the `simple_form` type of authentication (more information [here](http://symfony.com/doc/current/cookbook/security/custom_password_authenticator.html) about this type of authentication). The `handlers` key specifies the services that get instantiated and called when the user logs out (used in this case to log users out from the UserApp.io service as well). The rest is Symfony demo setup of a custom firewall. Make sure you read the [documentation](http://symfony.com/doc/current/book/security.html) for more info. #### App ID [](#app-id) You need to make sure you create a parameter inside your `parameters.yml` file called `userapp_id` that contains the App ID of your UserApp.io account ### Optional [](#optional) **Parameters** ``` userapp_heartbeat_frequency: ~ ``` With this you can specify the number of minutes (in seconds) that need to pass after a heartbeat request, for a new one to be made. Setting this to 0 will make it send a request on each authenticated page refresh. By default it is `2700` (45 minutes). ``` userapp_admin_token: ~ ``` With this you can specify your admin token from UserApp.io. This parameter **is required** if you are want to use the password reset functionality described below. **Password reset** There is a service you can use (`user_app_password_change`) to reset and/or change the password of the current user. Example usage of resetting the current user's password and then changing it based on the resulting security token: ``` $changer = $this->get('user_app_password_change'); try { $token = $changer->resetPassword('the_username'); $changed = $changer->changePassword(array( 'token' => $token, 'new_password' => 'new_password', )); } catch(PasswordChangeException $e) { // $e->getMessage() == 'No admin token set.'; // $e->getMessage() == 'Invalid token.'; // $e->getMessage() == 'User not found.'; } ``` The point of this technique is to provide a form where people can reset their own password by providing their username. Based on that, you can request a password change token that you can attach to a link you send users in an email. When they click on that link, you retrieve the token and use it to change the password. Standard *forgot my password* pattern. **Password change** Alternatively to resetting passwords, you can also change the currently logged in user's password: ``` $changer = $this->get('user_app_password_change'); try { $changed = $changer->changePassword(array( 'old_password' => 'old_password', 'new_password' => 'new_password', )); } catch(PasswordChangeException $e) { // $e->getMessage() == 'Invalid current password.'; // $e->getMessage() == 'User not found.'; } ``` Standard pattern for users to change their own passwords. For this you don't need to have an admin token set as a parameter. Development ----------- [](#development) I plan to extend this functionality as needed to incorporate more of what UserApp provides (subscriptions, payment plan information, social account integration, etc). If you find any bugs, problems or things that can be improved, please open an issue and I'll take a look. ### Health Score 22 — LowBetter than 22% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity10 Limited adoption so far Community8 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/ead34a2945b4f19b8f3e38acbbcaea589355357ad231aefe2709b3ef9ec0f6e0?d=identicon)[upchuk](/maintainers/upchuk) --- Top Contributors [![upchuk](https://avatars.githubusercontent.com/u/5848933?v=4)](https://github.com/upchuk "upchuk (2 commits)") ### Embed Badge ![Health badge](/badges/upchuk-userapp-symfony/health.svg) ``` [![Health](https://phpackages.com/badges/upchuk-userapp-symfony/health.svg)](https://phpackages.com/packages/upchuk-userapp-symfony) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)