There are three kinds of authentication:
HTTP Basic Auth (the
HttpBasicAuth
class): This method uses the WWW-Authenticate HTTP header to send the username and password for every requestQuery parameter (the
QueryParamAuth
class): This method uses an access token passed as query parameter in the API URLOAuth 2 (the
HttpBearerAuth
class): This method uses an access token that is obtained by the consumer from an authorization server and sent to the API server via HTTP bearer tokens
Yii supports all the methods mentioned, but we can also easily create a new one.
To enable authentication, follow these steps:
Configure the user application component in the configuration, setting
enableSession
tofalse
in order to make user authentication status not persistent using a session across requests. Next, setloginUrl
tonull
to show the HTTP 403 error instead of redirecting it to the login page.Specify which authentication method we want to use, configuring the
authenticator
behavior in...