Yii2 Rest API承载身份验证 [英] Yii2 Rest API Bearer Authentication
问题描述
我已经制作了一个Yii2 REST API.使用API,您可以获得汽车列表.现在,我想使用承载身份验证来保护API.但是我不知道它是如何工作的.
I've made a Yii2 REST API. With the API you can get a list of cars. Now I want to use the Bearer Authentication to protect the API. But I don't know how it works.
首先.我在控制器的行为方法中设置了身份验证器.
First of all. I set up the authenticator in the behaviors method of my controller.
public function behaviors(){
return [
'contentNegotiator' => [
'class' => ContentNegotiator::className(),
'formats' => [
'application/json' => Response::FORMAT_JSON,
],
],
'authenticator' => [
'class' => CompositeAuth::className(),
'authMethods' => [
HttpBearerAuth::className(),
],
]
];
}
这很好用.如果我转到URL,我会收到一条未经授权"的消息.
This works just fine. If I go to the URL I will get an 'Unauthorized' message.
在我的wordpress插件中,我做了一个使用API的函数,并设置了带有身份验证密钥的标头.
In my wordpress plugin I've made an function to use the API and set the header with the authentication key.
function getJSON($template_url) {
$authorization = "Authorization: Bearer " . get_option("auth_key");
// Create curl resource
$ch = curl_init();
// Set URL
curl_setopt($ch, CURLOPT_URL, $template_url);
// Return transfer as a string
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// Set headers
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json', $authorization));
// $output contains output as a string
$output = curl_exec($ch);
// Close curl resource
curl_close($ch);
return json_decode($output, true);
}
但是现在我的问题是.如果该密钥有效,我该如何检入API并给我答复.我想在数据库中搜索密钥,如果它存在,还应该在同一行中给我ID或电子邮件.
But now my question is. How can I check in the API if this key is valid and give me the response. I want to search for the key in de database and if it exists it should also give me the id or email thats in the same row.
我不知道该怎么做.
推荐答案
\yii\filters\auth\HttpBearerAuth::authenticate()
将仅调用因此,您只需要实现
So you just need to implement findIdentityByAccessToken()
in your user identity class, e.g. :
public static function findIdentityByAccessToken($token, $type = null)
{
return static::findOne(['auth_key' => $token]);
}
这篇关于Yii2 Rest API承载身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!