I think sfGuard needs to be improved. Its pretty much the de facto standard user plugin for symfony and its not even finished.
I have had many problems with it and I feel it could be a bit more decoupled. I do not want to use a username and a password.. let me swap it out.
At least finish the lost password feature.
also row level access control would be good
Joel Cuevas commented
+1 for RESTful
I think it would be nice to support different login methods out of the box. Such as google accounts, open id, etc. Hell. Try logging into uservoice. They give you tons of options.
sfGaurd should support account applications, tho, in the purist sense, user registration is not in the scope of sfGaurd, but, as a .com dreamer. I need to install a plugin which will take care of ALL of my user management, from the moment they register for username/password. This way, i can focus on the fun part of web development, which is what symfony has promised me.
make it RESTful !
$authAdapter = new MyAuthAdapter($username, $password);
// Attempt authentication, saving the result
$result = $auth->authenticate($authAdapter);
$result->getIdentity() === $auth->getIdentity()
$result->getIdentity() === $username;
You have a system for maintaining authentication and one for maintaining identity.
i want to point out Zend_Auth: http://framework.zend.com/manual/en/zend.auth.html
I think some things could be learned. I will post another example in another comment due to comment length limits (why?!)