FOSUserBundle FTW!

Tip: This course is built on Symfony 3. While many of the concepts, events and philosophies are still the same in Symfony 4, many of the directories and paths where you need to change things are different.

Ready to master Symfony's most popular bundle! FOSUserBundle can be a great way to get your application up and running quickly, giving you a User entity, registration pages, reset password and more. But to make it really shine, you need to integrate it into your layout, customize its text, tweak its forms and hook into its actions!

In this tutorial, you'll learn how to:

  • Install & setup FOSUserBundle
  • Understanding and configuring security
  • Using your own base layout
  • Overriding templates
  • Customizing and extending the forms
  • Removing the username field entirely
  • Updating any text via translations
  • Creating an event subscriber to do things before/after registration (or anything else)
  • Using Guard Authentication with FOSUSerBundle

Let's rock!

Your Guides

Ryan Weaver

Questions? Conversation?

  • 2018-02-05 weaverryan

    Hey Nacer!

    Ah, interesting! So..... I can give you a short answer :). If you're building a web app (even one with a SPA), you should just use session cookies - simpler than JWT. If you *do* need API authentication, then create a JWT authenticator with Guard ( There's really nothing special with FOSUserBundle for this: you won't really use any of its features for the authenticator. You'll just query the database for the user like normal :).


  • 2018-02-01 Nacer

    Super screencasts about FOSuserBundle ! but can we have just another about JWT and FOSuserBundle ?

  • 2017-11-24 Egor

    Thanks, Victor!

  • 2017-11-24 Victor Bocharsky

    Hey Egor,

    Not yet, see Ryan's opened PR about Symfony 4 support: . So you'll be able to use it only after it's merged.


  • 2017-11-24 Egor

    Hi Ryan!
    Is that possible to use the bundle with symfony 4?

  • 2017-10-22 nielsongonzales

    Awesome tutorial! To the point, no bullshit or unnecessary stuff, easy to follow and fun to watch. Thanks so much, your Symfony track helps putting together the big picture and fill the gaps. And extra thanks for demystifying terms like dependency injection ;) Keep up the good work.

  • 2017-08-28 Diego Aguiar

    We are glad to hear you are liking our tutorials :)


  • 2017-08-28 Carlitosry

    Super cool, thank u.

  • 2017-07-03 Victor Bocharsky

    Hey Shaun,

    Yes, you can upload your screenshot to a cloud like Imgur and then paste a link to it in your comment ;)


  • 2017-07-01 Shaun

    Hey, I have followed the setup instructions, but my screen layout looks different, is there a way I can send you a screenshot?

  • 2017-05-28 Mykyta Popov

    How to explain FOSUserBundle dont change password if it leaves empty, and do not validate password if it editing but validate if adding(registering).
    Thank you

  • 2017-05-05 weaverryan

    Hey Napester Shine!

    The best way to handle this.... depends on your app! The big question for me isn't whether or not users have a different or the same login form, but whether or not those different users will access the same areas of the site? For example, suppose you have "admin" users and "normal" users. And suppose that "admin" users can ONLY visit URLs starting with /admin/ (i.e. they CANNOT access the rest of the site, like /products). And the "normal" users can ONLY visit the URLs that don't start with /admin/. AND, admin users and normal users have a lot of different information in the database. If - and only if - you have all of these, then you might consider creating 2 user entities and 2 firewalls. In this situation, I would not use FOSUserBundle.

    But for the vast majority of setups, I would only have *one* User entity and *one* firewall. Having multiple registration forms is fine - you can create as many as you want. Having multiple login forms is also fine - I would create a Guard authenticator to process each. You could assign different roles (or set some boolean property on each user) for the different user types. Then add security checks so that different users can only access different parts of the site.

    tl;dr; Even if you only have one User entity and one firewall... there's nothing stopping you from creating as many login and registration forms as you want. But, you might not want to use FOSUserBundle - it will just start to get in the way. The only real negative with one User entity is that you may have extra fields on it that are used by one user type, but not a different user type. Unless you have a lot of fields... it wouldn't really concern me.


  • 2017-05-05 Napester Shine

    HI can you include multiuser auth system?
    For example, in an application different users can have different login form or same login form, but they all have separate registration form. May be these user entities can have different fields in them.

  • 2017-05-02 Emre Akıncı

    God bless you :)

  • 2017-05-01 weaverryan

    I've got that added to our list! I think it's quite time that we talked about OAuth and Symfony :). But, it won't be too soon (sorry! Lots to do).

  • 2017-04-28 Cristian Merli

    Can you make one for the FOSOAuthServerBundle too? Tha would be fantastic, especially in combination with FOSUserBundle!

  • 2017-04-21 Blueblazer172

    yeeeees :) nice