Provides two-factor authentication for Symfony applications


This Symfony bundle provides two-factor authentication for your website. Currently it is shipped with two authentication methods:

  • Google Authenticator (via sonata-project/google-authenticator)
  • Authentication code sent via email

In addition to this it provides an interface for implementing your own custom two-factor authentication methods.

Compatibility: Use bundle version 1.x for Symfony < 2.6.

Build Status PHP 7 ready HHVM Status Coverage Status Latest Stable Version License


After the initial login happened, the user is already fully authenticated to the Symfony security layer. The bundle then prevents access to secured and non-secured content by intercepting any request and showing the two-factor authentication form instead.

If you execute code based on the authentication status, make sure to take the two-factor status into account. This can be done by checking access with isGranted (security voter has to be registered, see configuration).

Warning: Just doing a getUser on security.token_storage (or the old security.context) is not secure. You will get a user object even when two-factor authentication is not complete yet.


The documentation can be found in the Resources/doc directory.


You're welcome to contribute to this bundle by creating a pull requests or feature request in the issues section.

Besides new features, translations are highly welcome.


This bundle is available under the MIT license.