Added authentication filters to guide. [skip ci]

f4f2a708 · Qiang Xue · d02bbd7c · f4f2a708 · f4f2a708
Commit f4f2a708 authored Jul 04, 2014 by Qiang Xue
Hide whitespace changes
Inline Side-by-side

Showing with 29 additions and 1 deletion

rest-authentication.md docs/guide/rest-authentication.md +1 -1

structure-filters.md docs/guide/structure-filters.md +28 -0

No files found.
--- a/docs/guide/rest-authentication.md
+++ b/docs/guide/rest-authentication.md
@@ -5,7 +5,7 @@ Unlike Web applications, RESTful APIs are usually stateless, which means session
 be used. Therefore, each request should come with some sort of authentication credentials because
 the user authentication status may not be maintained by sessions or cookies. A common practice is
 to send a secret access token with each request to authenticate the user. Since an access token
-can be used to uniquely identify and authenticate a user, **the API requests should always be sent
+can be used to uniquely identify and authenticate a user, **API requests should always be sent
 via HTTPS to prevent from man-in-the-middle (MitM) attacks**.

 There are different ways to send an access token:

--- a/docs/guide/structure-filters.md
+++ b/docs/guide/structure-filters.md
@@ -139,6 +139,34 @@ public function behaviors()
 For more details about access control in general, please refer to the [Authorization](security-authorization.md) section.


+### Authentication Method Filters <a name="auth-method-filters"></a>
+
+Authentication method filters are used to authenticate a user based using various methods, such as
+[HTTP Basic Auth](http://en.wikipedia.org/wiki/Basic_access_authentication), [OAuth 2](http://oauth.net/2/).
+These filter classes are all under the `yii\filters\auth` namespace.
+
+The following example shows how you can use [[yii\filters\auth\HttpBasicAuth]] to authenticate a user using
+an access token based on HTTP Basic Auth method. Note that in order for this to work, your
+[[yii\web\User::identityClass|user identity class]] must implement the [[yii\web\IdentityInterface::findIdentityByAccessToken()|findIdentityByAccessToken()]]
+method.
+
+```php
+use yii\filters\auth\HttpBasicAuth;
+
+public function behaviors()
+{
+    return [
+        'basicAuth' => [
+            'class' => HttpBasicAuth::className(),
+        ],
+    ];
+}
+```
+
+Authentication method filters are commonly used in implementing RESTful APIs. For more details, please refer to the
+RESTful [Authentication](rest-authentication.md) section.
+
+
 ### [[yii\filters\ContentNegotiator|ContentNegotiator]] <a name="content-negotiator"></a>

 ContentNegotiator supports response format negotiation and application language negotiation. It will try to