Hi,
trying to find best way to realize next API behavior:
API (REST) is located on different subdomain and have method /post triggered by Javascript for posting messages.
The idea to have one entry point for Web and REST api in way:
- If there are cookies/sessions available from main app login - use it
- If not - try to validate using QueryParamAuth or HttpHeaderAuth.
Currently I stuck with implementing - how to check whether user authenticated by frontednd (using session) utilizing CompositeAuth behavior
Any ideas ?
— Updates:
for those who struggle with same issue - here is simple dummy workaround:
$behaviors['authenticator'] = [
'class' => CompositeAuth::className(),
'authMethods' => [
...,
\common\helpers\SessionAuth::className()
],
];
and class itslef:
<?php
namespace common\helpers;
class SessionAuth extends \yii\filters\auth\AuthMethod
{
public function authenticate($user, $request, $response)
{
$identity = $user->getIdentity();
if ($identity === null) {
$this->handleFailure($response);
}
return $identity;
}
}