Commit f4f2a708 by Qiang Xue

Added authentication filters to guide. [skip ci]

parent d02bbd7c
...@@ -5,7 +5,7 @@ Unlike Web applications, RESTful APIs are usually stateless, which means session ...@@ -5,7 +5,7 @@ Unlike Web applications, RESTful APIs are usually stateless, which means session
be used. Therefore, each request should come with some sort of authentication credentials because be used. Therefore, each request should come with some sort of authentication credentials because
the user authentication status may not be maintained by sessions or cookies. A common practice is the user authentication status may not be maintained by sessions or cookies. A common practice is
to send a secret access token with each request to authenticate the user. Since an access token to send a secret access token with each request to authenticate the user. Since an access token
can be used to uniquely identify and authenticate a user, **the API requests should always be sent can be used to uniquely identify and authenticate a user, **API requests should always be sent
via HTTPS to prevent from man-in-the-middle (MitM) attacks**. via HTTPS to prevent from man-in-the-middle (MitM) attacks**.
There are different ways to send an access token: There are different ways to send an access token:
......
...@@ -139,6 +139,34 @@ public function behaviors() ...@@ -139,6 +139,34 @@ public function behaviors()
For more details about access control in general, please refer to the [Authorization](security-authorization.md) section. For more details about access control in general, please refer to the [Authorization](security-authorization.md) section.
### Authentication Method Filters <a name="auth-method-filters"></a>
Authentication method filters are used to authenticate a user based using various methods, such as
[HTTP Basic Auth](http://en.wikipedia.org/wiki/Basic_access_authentication), [OAuth 2](http://oauth.net/2/).
These filter classes are all under the `yii\filters\auth` namespace.
The following example shows how you can use [[yii\filters\auth\HttpBasicAuth]] to authenticate a user using
an access token based on HTTP Basic Auth method. Note that in order for this to work, your
[[yii\web\User::identityClass|user identity class]] must implement the [[yii\web\IdentityInterface::findIdentityByAccessToken()|findIdentityByAccessToken()]]
method.
```php
use yii\filters\auth\HttpBasicAuth;
public function behaviors()
{
return [
'basicAuth' => [
'class' => HttpBasicAuth::className(),
],
];
}
```
Authentication method filters are commonly used in implementing RESTful APIs. For more details, please refer to the
RESTful [Authentication](rest-authentication.md) section.
### [[yii\filters\ContentNegotiator|ContentNegotiator]] <a name="content-negotiator"></a> ### [[yii\filters\ContentNegotiator|ContentNegotiator]] <a name="content-negotiator"></a>
ContentNegotiator supports response format negotiation and application language negotiation. It will try to ContentNegotiator supports response format negotiation and application language negotiation. It will try to
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment