Skip to main content
Version: 4.3

Symfony bundle: advanced usage

Be advised! This documentation will be removed in a future release. For current and up-to-date Symfony bundle specific documentation, please see the Github repository.

The Symfony bundle comes with a number of features to ease the integration of GraphQLite in Symfony.

Login and logout#

Out of the box, the GraphQLite bundle will expose a "login" and a "logout" mutation as well as a "me" query (that returns the current user).

If you need to customize this behaviour, you can edit the "" configuration key.

graphqlite:  security:    enable_login: auto # Default setting    enable_me: auto # Default setting

By default, GraphQLite will enable "login" and "logout" mutations and the "me" query if the following conditions are met:

  • the "security" bundle is installed and configured (with a security provider and encoder)
  • the "session" support is enabled (via the "framework.session.enabled" key).
graphqlite:  security:    enable_login: on

By settings enable_login=on, you are stating that you explicitly want the login/logout mutations. If one of the dependencies is missing, an exception is thrown (unlike in default mode where the mutations are silently discarded).

graphqlite:  security:    enable_login: off

Use the enable_login=off to disable the mutations.

graphqlite:  security:    firewall_name: main # default value

By default, GraphQLite assumes that your firewall name is "main". This is the default value used in the Symfony security bundle so it is likely the value you are using. If for some reason you want to use another firewall, configure the name with

Schema and request security#

You can disable the introspection of your GraphQL API (for instance in production mode) using the introspection configuration properties.

graphqlite:  security:    introspection: false

You can set the maximum complexity and depth of your GraphQL queries using the maximum_query_complexity and maximum_query_depth configuration properties

graphqlite:  security:    maximum_query_complexity: 314    maximum_query_depth: 42

Login using the "login" mutation#

The mutation below will log-in a user:

mutation login {  login(userName:"foo", password:"bar") {    userName    roles  }}

Get the current user with the "me" query#

Retrieving the current user is easy with the "me" query:

{  me {    userName    roles  }}

In Symfony, user objects implement Symfony\Component\Security\Core\User\UserInterface. This interface is automatically mapped to a type with 2 fields:

  • userName: String!
  • roles: [String!]!

If you want to get more fields, just add the @Type annotation to your user class:

#[Type]class User implements UserInterface{    #[Field]    public function getEmail() : string    {        // ...    }

You can now query this field using an inline fragment:

{  me {    userName    roles    ... on User {      email    }  }}

Logout using the "logout" mutation#

Use the "logout" mutation to log a user out

mutation logout {  logout}

Injecting the Request#

You can inject the Symfony Request object in any query/mutation/field.

Most of the time, getting the request object is irrelevant. Indeed, it is GraphQLite's job to parse this request and manage it for you. Sometimes yet, fetching the request can be needed. In those cases, simply type-hint on the request in any parameter of your query/mutation/field.

use Symfony\Component\HttpFoundation\Request;
#[Query]public function getUser(int $id, Request $request): User{    // The $request object contains the Symfony Request.}