Security Events

During the authentication process, multiple events are dispatched that allow you to hook into the process or customize the response sent back to the user. You can do this by creating an event listener or subscriber for these events. ![authentication events](images/security_events.svg) ###### Authentication Events

|Event|Description| |---------|---------| |**CheckPassportEvent**|Dispatched after the authenticator created the security passport. Listeners of this event do the actual authentication checks (like checking the passport, validating the CSRF token, etc.)| |**AuthenticationTokenCreatedEvent**|Dispatched after the passport was validated and the authenticator created the security token (and user). This can be used in advanced use-cases where you need to modify the created token (e.g. for multi factor authentication).| |**AuthenticationSuccessEvent**|Dispatched when authentication is nearing success. This is the last event that can make an authentication fail by throwing an AuthenticationException.| |**LoginSuccessEvent**|Dispatched after authentication was fully successful. Listeners to this event can modify the response sent back to the user.| |**LoginFailureEvent**|Dispatched after an AuthenticationException was thrown during authentication. Listeners to this event can modify the error response sent back to the user.| ###### Other Events

|Event|Description| |---------|---------| |**InteractiveLoginEvent**|Dispatched after authentication was fully successful only when the authenticator implements InteractiveAuthenticatorInterface, which indicates login requires explicit user action (e.g. a login form). Listeners to this event can modify the response sent back to the user.| |**LogoutEvent**|Dispatched just before a user logs out of your application.| |**TokenDeauthenticatedEvent**|Dispatched when a user is deauthenticated, for instance because the password was changed.| |**SwitchUserEvent**|Dispatched after impersonation is completed. See **Impersonating a User** below.|

**Note** Security events requires **event listeners** or **event subscribers**, see examples in [Custom Files](customfile.html?id=example-6-add-event-listener). Do NOT use ``AddListener()``.

Also see [Events and Event Listeners](https://symfony.com/doc/current/event_dispatcher.html) for more information about listeners and subscribers.

JWT Authentication Events

[REST API](api.html) uses LexikJWTAuthenticationBundle for JWT authentication, the bundle supports the following events for customizing JWT creation, validation, and authentication flow: | Event name | Description | | ------------------------ | --------------------------------------------------------------------------------------------------------- | | `JWT_CREATED` | Adding custom data or headers to the JWT at its creation. | | `JWT_DECODED` | After decoding the JWT, for validating data in the payload. | | `JWT_AUTHENTICATED` | Once authentication has succeeded, to customize the security token. | | `AUTHENTICATION_SUCCESS` | After successful authentication, to add public data to the JWT response. | | `JWT_ENCODED` | After encoding the JWT token string (post-JWT creation). | | `AUTHENTICATION_FAILURE` | When authentication fails (e.g. wrong credentials), to customize the failure response. | | `JWT_INVALID` | When the token is invalid, for customizing the invalid-token response. | | `JWT_NOT_FOUND` | When no token is found in a request, to customize that response. | | `JWT_EXPIRED` | When the JWT has expired, to customize the expired-token response. | Read [Data customization and validation](https://symfony.com/bundles/LexikJWTAuthenticationBundle/current/2-data-customization.html) for details and examples.