Configuration reference

The bundle is configured under the derafu_identity: key. All values have sensible defaults — most apps need zero configuration.

# config/packages/derafu_identity.yaml (only needed for overrides)

derafu_identity:

    # ── Entity classes ──────────────────────────────────────────────
    # FQCN of the concrete entity for each base. Defaults follow the
    # convention App\Entity\Auth\{Name}.

    user_class:                     App\Entity\Auth\User
    organization_class:             App\Entity\Auth\Organization
    role_class:                     App\Entity\Auth\Role
    permission_class:               App\Entity\Auth\Permission
    user_role_class:                App\Entity\Auth\UserRole
    role_permission_class:          App\Entity\Auth\RolePermission
    verification_token_class:       App\Entity\Auth\VerificationToken
    organization_membership_class:  App\Entity\Auth\OrganizationMembership
    organization_invitation_class:  App\Entity\Auth\OrganizationInvitation
    api_key_class:                  App\Entity\Auth\ApiKey
    login_record_class:             App\Entity\Auth\LoginRecord

    # ── Invitation TTL ──────────────────────────────────────────────
    # How long an organization invitation stays valid (seconds).

    invitation_ttl: 604800          # 7 days

    # ── Sudo mode ───────────────────────────────────────────────────
    # Seconds after login/password-confirm before sudo mode expires.

    sudo_ttl: 900                   # 15 minutes

    # ── Account lockout ─────────────────────────────────────────────

    lockout_max_attempts: 5         # lock after 5 failures
    lockout_duration: 1800          # lock for 30 minutes

    # ── Verification token TTLs ─────────────────────────────────────
    # Per-type TTL for one-use verification tokens (seconds).
    # Minimum 60 seconds for all.

    verification_ttl:
        email_verify:  86400        # 1 day
        password_reset: 3600        # 1 hour
        email_change:  86400        # 1 day
        magic_link:    900          # 15 minutes

Container parameters

Every config value is exposed as a container parameter for injection into custom services:

Parameter Example value
derafu_identity_bundle.user_class App\Entity\Auth\User
derafu_identity_bundle.organization_class App\Entity\Auth\Organization
derafu_identity_bundle.invitation_ttl 604800
derafu_identity_bundle.verification_ttl.email_verify 86400
derafu_identity_bundle.verification_ttl.password_reset 3600
derafu_identity_bundle.verification_ttl.email_change 86400
… (one per entity class and TTL)

Service aliases

The bundle aliases every service interface to its default implementation. Type-hint the interface in your constructors:

public function __construct(
    private readonly RegistrarInterface $registrar,
    private readonly PermissionCheckerInterface $checker,
    private readonly OrganizationManagerInterface $orgManager,
    private readonly InvitationManagerInterface $invitations,
    private readonly OrganizationContextInterface $orgContext,
) {}

To swap an implementation, bind your service to the interface in services.yaml:

services:
    Derafu\IdentityBundle\Contract\Service\PermissionCheckerInterface:
        alias: App\Service\CachingPermissionChecker
On this page
Last updated on 16/04/2026 by Anonymous
Previous
Multi-tenancy & RLS
Next
System Administration Category