ddruganov / yii2-api-auth-proxy
There is no license information available for the latest version (0.2.3) of this package.
Authentication proxy tools for yii2
0.2.3
2022-04-17 15:09 UTC
Requires
- ddruganov/yii2-api-essentials: ^1
- firebase/php-jwt: ^6.0
- yiisoft/yii2: ^2.0
Requires (Dev)
- codeception/codeception: ^4.1
- codeception/module-asserts: ^1.0.0
- codeception/module-phpbrowser: ^1.0.0
- fakerphp/faker: ^1.19
README
An authentication proxy component library that connects your app with the yii2-api-auth server
Installation
composer require ddruganov/yii2-api-auth-proxy
Configuration
- Add this to your app's main config:
... 'components' => [ AccessTokenProviderInterface::class => HeaderAccessTokenProvider::class, AuthServiceInterface::class => AuthService::class, AuthServiceRequestInterface::class => GuzzleAuthServiceRequest::class ], 'controllerMap' => [ 'auth' => AuthController::class ], ...
- Add this to your app's params config:
... 'authentication' => [ 'externalService' => [ 'url' => 'https://server-that-has-yii2-api-auth-installed' ] ] ...
How to use
POST /auth/login
with an access token that you got from logging in on the yii2-api-auth server to check that your log in is validPOST /auth/refresh
with your refresh token to get a fresh pair of tokens form the main serverPOST /auth/logout
to send a logout request to the main server- Use
Yii::$app->get(AuthServiceInterface::class)->getUser()
to get theddruganov\Yii2ApiAuthProxy\components\AuthServiceUser
- Attach
AuthFilter
as a behavior to yourApiController
to only allow authenticated users to access the endpoints - Attach
RbacFilter
as a behavior to yourApiController
to only allow users with specific permissions to access the endpoints
Extending AuthServiceInterface::getUser()
example
class YourAuthService extends Yii2ApiAuthProxyAuthService { public function getUser(string $accessToken): YourAuthServiceUser { $baseUrl = Yii::$app->params['authentication']['externalService']['url']; $result = Yii::$app->get(AuthServiceRequestInterface::class)->make( method: AuthServiceRequestInterface::GET, url: $baseUrl . '/' . self::CURRENT_USER_ENDPOINT, data: [], accessToken: $accessToken ); if (!$result->isSuccessful()) { throw new Exception('Error getting user from a remote auth server'); } return new YourAuthServiceUser($result->getData()); } }