I am building a REST API using (the so cool) Yii2 . I have all the basic CRUD functionality in place. Now I am trying to implement HTTP Basic Authentication. I used the Yii2 advanced template to start with which provides the “User” table with auth_key. However the “access_token” column is excluded from the table. So, with the authentication layer using $behaviors[‘authenticator’], when I am trying to login, I am getting error message as shown below:
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => HttpBasicAuth::className(),
];
$behaviors['bootstrap'] = [
'class' => ContentNegotiator::className(),
'formats' => [
'application/json' => Response::FORMAT_JSON,
],
];
return $behaviors;
}
public static function findIdentityByAccessToken($token, $type = null)
{
throw new NotSupportedException('"findIdentityByAccessToken" is not implemented.');
}
<response>
<name>Not Supported</name>
<message>"findIdentityByAccessToken" is not implemented.</message>
<code>0</code>
<type>yii\base\NotSupportedException</type>
</response>
What I understand is that findIdentityByAccessToken() method in User.php does not yet implement the "access_token" feature. So the question is what steps do I need to take to implement that. Kindly help me in that. I prefer to do this without installing any extensions.
Authorization
Also, I need to provide access to users based on in which group(role) they fall. So how do I implement that in REST API. Should I just send the role information as a response to the client upon successful authentication. Will that suffice the requirement? Or do I have to think more than that?
Brief of roles in my use case: Users are grouped as admin, retailer, distributor and mechanic. They will see different content on the same page based on which role they fall in.