yii2/docs/guide/security-authentication.md

Authentication
==============

> Note: This chapter is under development.

Authentication is the act of verifying who a user is, and is the basis of the login process. Typically, authentication uses the combination of an identifier--a username or email address--and a password. The user submits these values  through a form, and the application then compares the submitted information against that previously stored (e.g., upon registration).

In Yii, this entire process is performed semi-automatically, leaving the developer to merely implement [[yii\web\IdentityInterface]], the most important class in the authentication system. Typically, implementation of `IdentityInterface` is accomplished using the `User` model.

You can find a fully featured example of authentication in the
[advanced application template](installation.md). Below, only the interface methods are listed:

```php
class User extends ActiveRecord implements IdentityInterface
{
    // ...

    /**
     * Finds an identity by the given ID.
     *
     * @param string|integer $id the ID to be looked for
     * @return IdentityInterface|null the identity object that matches the given ID.
     */
    public static function findIdentity($id)
    {
        return static::findOne($id);
    }

    /**
     * Finds an identity by the given token.
     *
     * @param string $token the token to be looked for
     * @return IdentityInterface|null the identity object that matches the given token.
     */
    public static function findIdentityByAccessToken($token)
    {
        return static::findOne(['access_token' => $token]);
    }

    /**
     * @return int|string current user ID
     */
    public function getId()
    {
        return $this->id;
    }

    /**
     * @return string current user auth key
     */
    public function getAuthKey()
    {
        return $this->auth_key;
    }

    /**
     * @param string $authKey
     * @return boolean if auth key is valid for current user
     */
    public function validateAuthKey($authKey)
    {
        return $this->getAuthKey() === $authKey;
    }
}
```

Two of the outlined methods are simple: `findIdentity` is provided with an  ID value and returns a model instance associated with that ID. The `getId` method returns the ID itself.
Two of the other methods--`getAuthKey` and `validateAuthKey`--are used to provide extra security to the "remember me" cookie. The `getAuthKey` method should return a string that is unique for each user. You can create reliably create a unique string using `Security::generateRandomKey()`. It's a good idea to also save this as part of the user's record:

```php
public function beforeSave($insert)
{
    if (parent::beforeSave($insert)) {
        if ($this->isNewRecord) {
            $this->auth_key = Security::generateRandomKey();
        }
        return true;
    }
    return false;
}
```

The `validateAuthKey` method just needs to compare the `$authKey` variable, passed as parameter (itself retrieved from a cookie), with the value fetched from database.
some docs on Authentication 11 years ago			`Authentication`
			`==============`

guide wip [skip ci] 11 years ago			`> Note: This chapter is under development.`

Mild edits 11 years ago			`Authentication is the act of verifying who a user is, and is the basis of the login process. Typically, authentication uses the combination of an identifier--a username or email address--and a password. The user submits these values through a form, and the application then compares the submitted information against that previously stored (e.g., upon registration).`
some docs on Authentication 11 years ago
fixed absolute class links in guide 11 years ago			In Yii, this entire process is performed semi-automatically, leaving the developer to merely implement [[yii\web\IdentityInterface]], the most important class in the authentication system. Typically, implementation of `IdentityInterface` is accomplished using the `User` model.
Mild edits 11 years ago
rest api WIP 11 years ago			`You can find a fully featured example of authentication in the`
Mild edits 11 years ago			`[advanced application template](installation.md). Below, only the interface methods are listed:`
some docs on Authentication 11 years ago
			```php
			`class User extends ActiveRecord implements IdentityInterface`
			`{`
replaced tabs with spaces in docs. 11 years ago			`// ...`
some docs on Authentication 11 years ago
replaced tabs with spaces in docs. 11 years ago			`/**`
			`* Finds an identity by the given ID.`
			`*`
			`* @param string\|integer $id the ID to be looked for`
			`* @return IdentityInterface\|null the identity object that matches the given ID.`
			`*/`
			`public static function findIdentity($id)`
			`{`
Refactored AR find 11 years ago			`return static::findOne($id);`
replaced tabs with spaces in docs. 11 years ago			`}`
some docs on Authentication 11 years ago
replaced tabs with spaces in docs. 11 years ago			`/**`
			`* Finds an identity by the given token.`
			`*`
			`* @param string $token the token to be looked for`
			`* @return IdentityInterface\|null the identity object that matches the given token.`
			`*/`
			`public static function findIdentityByAccessToken($token)`
			`{`
Refactored AR find 11 years ago			`return static::findOne(['access_token' => $token]);`
replaced tabs with spaces in docs. 11 years ago			`}`
rest api WIP 11 years ago
replaced tabs with spaces in docs. 11 years ago			`/**`
			`* @return int\|string current user ID`
			`*/`
			`public function getId()`
			`{`
			`return $this->id;`
			`}`
some docs on Authentication 11 years ago
replaced tabs with spaces in docs. 11 years ago			`/**`
			`* @return string current user auth key`
			`*/`
			`public function getAuthKey()`
			`{`
			`return $this->auth_key;`
			`}`
some docs on Authentication 11 years ago
replaced tabs with spaces in docs. 11 years ago			`/**`
			`* @param string $authKey`
			`* @return boolean if auth key is valid for current user`
			`*/`
			`public function validateAuthKey($authKey)`
			`{`
			`return $this->getAuthKey() === $authKey;`
			`}`
some docs on Authentication 11 years ago			`}`
			```

Mild edits 11 years ago			Two of the outlined methods are simple: `findIdentity` is provided with an ID value and returns a model instance associated with that ID. The `getId` method returns the ID itself.
			Two of the other methods--`getAuthKey` and `validateAuthKey`--are used to provide extra security to the "remember me" cookie. The `getAuthKey` method should return a string that is unique for each user. You can create reliably create a unique string using `Security::generateRandomKey()`. It's a good idea to also save this as part of the user's record:
some docs on Authentication 11 years ago
			```php
			`public function beforeSave($insert)`
			`{`
replaced tabs with spaces in docs. 11 years ago			`if (parent::beforeSave($insert)) {`
			`if ($this->isNewRecord) {`
			`$this->auth_key = Security::generateRandomKey();`
			`}`
			`return true;`
			`}`
			`return false;`
some docs on Authentication 11 years ago			`}`
			```

Mild edits 11 years ago			The `validateAuthKey` method just needs to compare the `$authKey` variable, passed as parameter (itself retrieved from a cookie), with the value fetched from database.