Feature: #100278 - PSR-14 Event after failed logins in backend or frontend users

See forge#100278


A new PSR-14 event \TYPO3\CMS\Core\Authentication\Event\LoginAttemptFailedEvent has been introduced. The event allows to notify remote systems about failed logins.

The event features the following methods:

  • isFrontendAttempt(): Whether this was a login attempt from a frontend login form

  • isBackendAttempt(): Whether this was a login attempt in the backend

  • getUser(): Returns the \TYPO3\CMS\Core\Authentication\AbstractUserAuthentication derivative in question

  • getRequest(): Returns the current PSR-7 request object

  • getLoginData(): The attempted login data without sensitive information

Registration of the event in your extension's Services.yaml:

      - name: event.listener
        identifier: 'my-extension/login-attempt-failed'

The corresponding event listener class:

namespace MyVendor\MyExtension\Authentication\EventListener;

use TYPO3\CMS\Core\Authentication\Event\LoginAttemptFailedEvent;

final class MyEventListener
    public function __invoke(LoginAttemptFailedEvent $event): void
        if ($event->getRequest()->getAttribute('normalizedParams')->getRemoteAddress() !== '') {
            // send an email because an external user login attempt failed


It is now possible to notify external loggers about failed login attempts while having the full request.