Skip to content

Deprecated HTTP-Digest authentication #8521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Deprecated HTTP-Digest authentication #8521

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions components/security.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ The Security Component

The Security component provides a complete security system for your web
application. It ships with facilities for authenticating using HTTP basic
or digest authentication, interactive form login or X.509 certificate
login, but also allows you to implement your own authentication strategies.
Furthermore, the component provides ways to authorize authenticated users
based on their roles, and it contains an advanced ACL system.
authentication, interactive form login or X.509 certificate login, but also
allows you to implement your own authentication strategies. Furthermore, the
component provides ways to authorize authenticated users based on their
roles, and it contains an advanced ACL system.

Installation
------------
Expand Down
4 changes: 2 additions & 2 deletions components/security/authentication.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ firewall map is able to extract the user's credentials from the current
a token, containing these credentials. The next thing the listener should
do is ask the authentication manager to validate the given token, and return
an *authenticated* token if the supplied credentials were found to be valid.
The listener should then store the authenticated token using
The listener should then store the authenticated token using
:class:`the token storage <Symfony\\Component\\Security\\Core\\Authentication\\Token\\Storage\\TokenStorageInterface>`::

use Symfony\Component\Security\Http\Firewall\ListenerInterface;
Expand Down Expand Up @@ -306,7 +306,7 @@ logged into your website. It is important to distinguish this action from
non-interactive authentication methods, such as:

* authentication based on your session.
* authentication using a HTTP basic or HTTP digest header.
* authentication using a HTTP basic header.

You could listen on the ``security.interactive_login`` event, for example, in
order to give your user a welcome flash message every time they log in.
Expand Down
4 changes: 4 additions & 0 deletions reference/configuration/security.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -690,6 +690,10 @@ multiple firewalls, the "context" could actually be shared:
HTTP-Digest Authentication
--------------------------

.. versionadded:: 3.4
HTTP-Digest Authentication was deprecated in Symfony 3.4 and it will be
removed in Symfony 4.0.

To use HTTP-Digest authentication you need to provide a realm and a secret:

.. configuration-block::
Expand Down