Error202
/
yii2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Added authentication filters to guide. [skip ci]

tags/2.0.0-rc
Qiang Xue 10 years ago
parent
d02bbd7c49
commit
f4f2a708b2
2 changed files with 29 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      docs/guide/rest-authentication.md
  2. 28
      docs/guide/structure-filters.md

2
docs/guide/rest-authentication.md
Unescape View File

@ -5,7 +5,7 @@ Unlike Web applications, RESTful APIs are usually stateless, which means session
be used. Therefore, each request should come with some sort of authentication credentials because be used. Therefore, each request should come with some sort of authentication credentials because
the user authentication status may not be maintained by sessions or cookies. A common practice is the user authentication status may not be maintained by sessions or cookies. A common practice is
to send a secret access token with each request to authenticate the user. Since an access token to send a secret access token with each request to authenticate the user. Since an access token
can be used to uniquely identify and authenticate a user, **the API requests should always be sent can be used to uniquely identify and authenticate a user, **API requests should always be sent
via HTTPS to prevent from man-in-the-middle (MitM) attacks**. via HTTPS to prevent from man-in-the-middle (MitM) attacks**.
There are different ways to send an access token: There are different ways to send an access token:

28
docs/guide/structure-filters.md
Unescape View File

@ -139,6 +139,34 @@ public function behaviors()
For more details about access control in general, please refer to the [Authorization](security-authorization.md) section. For more details about access control in general, please refer to the [Authorization](security-authorization.md) section.
### Authentication Method Filters <a name="auth-method-filters"></a>
Authentication method filters are used to authenticate a user based using various methods, such as
[HTTP Basic Auth](http://en.wikipedia.org/wiki/Basic_access_authentication), [OAuth 2](http://oauth.net/2/).
These filter classes are all under the `yii\filters\auth` namespace.
The following example shows how you can use [[yii\filters\auth\HttpBasicAuth]] to authenticate a user using
an access token based on HTTP Basic Auth method. Note that in order for this to work, your
[[yii\web\User::identityClass|user identity class]] must implement the [[yii\web\IdentityInterface::findIdentityByAccessToken()|findIdentityByAccessToken()]]
method.
```php
use yii\filters\auth\HttpBasicAuth;
public function behaviors()
{
return [
'basicAuth' => [
'class' => HttpBasicAuth::className(),
],
];
}
```
Authentication method filters are commonly used in implementing RESTful APIs. For more details, please refer to the
RESTful [Authentication](rest-authentication.md) section.
### [[yii\filters\ContentNegotiator|ContentNegotiator]] <a name="content-negotiator"></a> ### [[yii\filters\ContentNegotiator|ContentNegotiator]] <a name="content-negotiator"></a>
ContentNegotiator supports response format negotiation and application language negotiation. It will try to ContentNegotiator supports response format negotiation and application language negotiation. It will try to

Write Preview
Loading…
Cancel
Save