用于 yii2 的 REST API，身份验证器 (HttpBearerAuth) 在服务器上不起作用 [英] REST API for yii2, the authenticator (HttpBearerAuth) is not working on server

问题描述

我刚刚创建了一个使用 REST API 的项目(使用 yii2 框架).
REST API 的所有问题在本地主机上都运行得非常好.但是当将项目带到服务器上时(也采用相同的数据库)，授权不可用.现在我正在使用yii\filters\auth\HttpBearerAuth"

I've just created a project for working with REST API (using yii2 framework).
All issues of REST API is working really cool on localhost. But when bringing the project on server (also the same database is taken by), the authorization is not available. Now I'm using "yii\filters\auth\HttpBearerAuth"

在实现IdentityInterface"的模型中，有一个非常简单的查找令牌函数findIdentityByAccessToken"，validateAuthKey"函数总是返回true；见下图:

Inside the model "implements IdentityInterface", there's finding-token function "findIdentityByAccessToken" that's so simple, the "validateAuthKey" function is returning always true; see below:

public static function findIdentityByAccessToken($token, $type = null){  
    return static::findOne(["token" => $token]);  
}

public function validateAuthKey($token)    
{ 
    return true;  
}  

查看任何图片:https://www.flickr.com/photos/40158620@N03/20701523349/in/dateposted-public/任何人都可以在这个问题上有一些经验，你能告诉我如何解决它吗?谢谢你的好心.

See any pictures: https://www.flickr.com/photos/40158620@N03/20701523349/in/dateposted-public/ Anyone can have some experience on this problem, can you tell me how to solve it? Thanks for your kindness.

• 注意:
• 该项目，我正在关注 https://github.com/NguyenDuyPhong/yii2_advanced_api_phong(它在本地主机上运行良好；我也在我的服务器上部署了该项目，它提出了同样的问题)
• 为了确保服务器配置正确:我创建了 2 个操作，1 个已授权，另一个未授权.我检查了未经授权的操作，效果很好.========>
• actionView 未被授权 => 获取 API 信息.没问题
• actionIndex 被 "yii\filters\auth\HttpBearerAuth" 授权 => FAIL

• Note:
• The project, I'm following https://github.com/NguyenDuyPhong/yii2_advanced_api_phong (It works fine on localhost; I also deployed exactly the project on my server, it raised the same problem )
• To make sure that the server is configured right: I created 2 actions, 1 is authorized, another is not. I checked unauthorized action, it works very well. =======>
• actionView is not authorized => getting API info. is ok
• actionIndex is authorized by "yii\filters\auth\HttpBearerAuth" => FAIL

推荐答案

就我而言，问题是服务器删除了 Authorization Header我需要将此添加到 .htaccess

In my case the Problem was that the server removes Authorization Header I needed to add this to .htaccess

 SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

这篇关于用于 yii2 的 REST API，身份验证器 (HttpBearerAuth) 在服务器上不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！