ddruganov/yii2-api-auth-proxy

There is no license information available for the latest version (0.2.3) of this package.

Authentication proxy tools for yii2

Maintainers

Details

github.com/ddruganov/yii2-api-auth-proxy

Source

Issues

Installs: 9

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

0.2.3 2022-04-17 15:09 UTC

Requires

Requires (Dev)

Unknown License 0712cbb03eabddd46024764b74438bff721393cc

  • ddruganov <ddruganov.woop@bk.ru>

This package is auto-updated.

Last update: 2024-04-17 20:22:50 UTC

README

An authentication proxy component library that connects your app with the yii2-api-auth server

Installation

composer require ddruganov/yii2-api-auth-proxy

Configuration

  1. Add this to your app's main config:
...
    'components' => [
        AccessTokenProviderInterface::class => HeaderAccessTokenProvider::class,
        AuthServiceInterface::class => AuthService::class,
        AuthServiceRequestInterface::class => GuzzleAuthServiceRequest::class
    ],
    'controllerMap' => [
        'auth' => AuthController::class
    ],
...
  1. Add this to your app's params config:
...
    'authentication' => [
        'externalService' => [
            'url' => 'https://server-that-has-yii2-api-auth-installed'
        ]
    ]
...

How to use

  • POST /auth/login with an access token that you got from logging in on the yii2-api-auth server to check that your log in is valid
  • POST /auth/refresh with your refresh token to get a fresh pair of tokens form the main server
  • POST /auth/logout to send a logout request to the main server
  • Use Yii::$app->get(AuthServiceInterface::class)->getUser() to get the ddruganov\Yii2ApiAuthProxy\components\AuthServiceUser
  • Attach AuthFilter as a behavior to your ApiController to only allow authenticated users to access the endpoints
  • Attach RbacFilter as a behavior to your ApiController to only allow users with specific permissions to access the endpoints

Extending AuthServiceInterface::getUser() example

class YourAuthService extends Yii2ApiAuthProxyAuthService
{
    public function getUser(string $accessToken): YourAuthServiceUser
    {
        $baseUrl = Yii::$app->params['authentication']['externalService']['url'];

        $result = Yii::$app->get(AuthServiceRequestInterface::class)->make(
            method: AuthServiceRequestInterface::GET,
            url: $baseUrl . '/' . self::CURRENT_USER_ENDPOINT,
            data: [],
            accessToken: $accessToken
        );

        if (!$result->isSuccessful()) {
            throw new Exception('Error getting user from a remote auth server');
        }

        return new YourAuthServiceUser($result->getData());
    }
}