Skip to content

Y
yii2
Commit 22189b3b by Qiang Xue
Options

doc fix [skip ci]

parent 597e470c
Showing with 28 additions and 14 deletions
docs/guide/rest.md
...@@ -607,39 +607,49 @@ To enable authentication for your APIs, do the following two steps: ...@@ -607,39 +607,49 @@ To enable authentication for your APIs, do the following two steps:
in your REST controller classes. in your REST controller classes.
2. Implement [[yii\web\IdentityInterface::findIdentityByAccessToken()]] in your [[yii\web\User::identityClass|user identity class]]. 2. Implement [[yii\web\IdentityInterface::findIdentityByAccessToken()]] in your [[yii\web\User::identityClass|user identity class]].
For example, to enable all three authentication methods explained above, you can configure `authenticator` like following,
For example, to use HTTP Basic Auth, you may configure `authenticator` as follows,
```php ```php
use yii\helpers\ArrayHelper;
use yii\filters\auth\HttpBasicAuth;
public function behaviors() public function behaviors()
{ {
return array_merge(parent::behaviors(), [ return ArrayHelper::merge(parent::behaviors(), [
'authenticator' => [ 'authenticator' => [
'authMethods' => [ 'class' => HttpBasicAuth::className(),
\yii\filters\auth\HttpBasicAuth::className(),
\yii\filters\auth\QueryParamAuth::className(),
\yii\filters\auth\HttpBearerAuth::className(),
],
], ],
]); ]);
} }
``` ```
Each element in `authMethods` should be an auth method class name or a configuration array. An auth class If you want to support all three authentication methods explained above, you can use `CompositeAuth` like the following,
must implement [[yii\rest\AuthInterface]].
If you only want to a single authentication method, such as HTTP Basic Auth, you may use the following code:
```php ```php
use yii\helpers\ArrayHelper;
use yii\filters\auth\CompositeAuth;
use yii\filters\auth\HttpBasicAuth;
use yii\filters\auth\HttpBearerAuth;
use yii\filters\auth\QueryParamAuth;
public function behaviors() public function behaviors()
{ {
return array_merge(parent::behaviors(), [ return ArrayHelper::merge(parent::behaviors(), [
'authenticator' => [ 'authenticator' => [
'class' => \yii\filters\auth\HttpBasicAuth::className(), 'class' => CompositeAuth::className(),
'authMethods' => [
HttpBasicAuth::className(),
HttpBearerAuth::className(),
QueryParamAuth::className(),
],
], ],
]); ]);
} }
``` ```
Each element in `authMethods` should be an auth method class name or a configuration array.
Implementation of `findIdentityByAccessToken()` is application specific. For example, in simple scenarios Implementation of `findIdentityByAccessToken()` is application specific. For example, in simple scenarios
when each user can only have one access token, you may store the access token in an `access_token` column when each user can only have one access token, you may store the access token in an `access_token` column
...@@ -727,10 +737,14 @@ will thrown a [[yii\web\TooManyRequestsHttpException]] if rate limit is exceeded ...@@ -727,10 +737,14 @@ will thrown a [[yii\web\TooManyRequestsHttpException]] if rate limit is exceeded
as follows in your REST controller classes, as follows in your REST controller classes,
```php ```php
use yii\helpers\ArrayHelper;
use yii\filters\RateLimiter;
public function behaviors() public function behaviors()
{ {
return array_merge(parent::behaviors(), [ return ArrayHelper::merge(parent::behaviors(), [
'rateLimiter' => [ 'rateLimiter' => [
'class' => RateLimiter::className(),
'enableRateLimitHeaders' => false, 'enableRateLimitHeaders' => false,
], ],
]); ]);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment