Security Events

During the authentication process, multiple events are dispatched that allow you to hook into the process or customize the response sent back to the user. You can do this by creating an event listener or subscriber for these events. ![authentication events](images/security_events.svg) ###### Authentication Events

|Event|Description| |---------|---------| |**CheckPassportEvent**|Dispatched after the authenticator created the security passport. Listeners of this event do the actual authentication checks (like checking the passport, validating the CSRF token, etc.)| |**AuthenticationTokenCreatedEvent**|Dispatched after the passport was validated and the authenticator created the security token (and user). This can be used in advanced use-cases where you need to modify the created token (e.g. for multi factor authentication).| |**AuthenticationSuccessEvent**|Dispatched when authentication is nearing success. This is the last event that can make an authentication fail by throwing an AuthenticationException.| |**LoginSuccessEvent**|Dispatched after authentication was fully successful. Listeners to this event can modify the response sent back to the user.| |**LoginFailureEvent**|Dispatched after an AuthenticationException was thrown during authentication. Listeners to this event can modify the error response sent back to the user.| ###### Other Events

|Event|Description| |---------|---------| |**InteractiveLoginEvent**|Dispatched after authentication was fully successful only when the authenticator implements InteractiveAuthenticatorInterface, which indicates login requires explicit user action (e.g. a login form). Listeners to this event can modify the response sent back to the user.| |**LogoutEvent**|Dispatched just before a user logs out of your application.| |**TokenDeauthenticatedEvent**|Dispatched when a user is deauthenticated, for instance because the password was changed.| |**SwitchUserEvent**|Dispatched after impersonation is completed. See **Impersonating a User** below.|

**Note** Security events requires event listener or subscriber classes. Do NOT use ``AddListener()``.

###### Creating an Event Listener The most common way to listen to an event is to register an event listener. You can create a listener by [Custom Files](customfile.html?id=example-3) (see Example 3 on how to add a custom class to your project). Make sure you set the path as "src/" (no quotes). For example, if you want to listen to ``AuthenticationSuccessEvent``, your content is like this: Then you need to register it as a service and notify the security system that it is an event listener by using a special "tag". You can add your listener to the services by the **Services_Config** server event, e.g. The security system follows this logic to decide which method to call inside the event listener class: 1. If the ``kernel.event_listener`` tag defines the method attribute, calls the method. 1. If no method attribute is defined, calls the ``__invoke()`` magic method (which makes event listeners invokable). 1. If the ``__invoke()`` method is not defined either, throws an exception. **Note** There is an optional attribute for the ``kernel.event_listener`` tag called ``priority``, which is a positive or negative integer that defaults to 0 and it controls the order in which listeners are executed (the higher the number, the earlier a listener is executed). This is useful when you need to guarantee that one listener is executed before another. The priorities of the internal Symfony listeners usually range from -256 to 256 but your own listeners can use any positive or negative integer. ###### Creating an Event subscriber Another way to listen to events is via an event subscriber, which is a class that defines one or more methods that listen to one or various events. The main difference with the event listeners is that subscribers always know the events to which they are listening. If different event subscriber methods listen to the same event, their order is defined by the ``priority`` parameter. This value is a positive or negative integer which defaults to 0. The higher the number, the earlier the method is called. Priority is aggregated for all listeners and subscribers, so your methods could be called before or after the methods defined in other listeners and subscribers. The following example shows an event subscriber which listen to the `CheckPassportEvent` event: Then you need to register it as a service and notify the security system that it is an event subscriber by using a special "tag". You can add your subscriber to the services by the **Services_Config** server event, e.g. See [Events and Event Listeners](https://symfony.com/doc/current/event_dispatcher.html) for more information about listener and subscriber.