HTTP Basic Authentication for REST API

I am building a REST API using (the so cool) Yii2 . I have all the basic CRUD functionality in place. Now I am trying to implement HTTP Basic Authentication. I used the Yii2 advanced template to start with which provides the “User” table with auth_key. However the “access_token” column is excluded from the table. So, with the authentication layer using $behaviors[‘authenticator’], when I am trying to login, I am getting error message as shown below:

    public function behaviors()


        $behaviors = parent::behaviors();

        $behaviors['authenticator'] = [

            'class' => HttpBasicAuth::className(),


        $behaviors['bootstrap'] = [

            'class' => ContentNegotiator::className(),

            'formats' => [

                'application/json' => Response::FORMAT_JSON,



        return $behaviors;


    public static function findIdentityByAccessToken($token, $type = null)


        throw new NotSupportedException('"findIdentityByAccessToken" is not implemented.');



<name>Not Supported</name>

<message>"findIdentityByAccessToken" is not implemented.</message>




What I understand is that findIdentityByAccessToken() method in User.php does not yet implement the "access_token" feature. So the question is what steps do I need to take to implement that. Kindly help me in that. I prefer to do this without installing any extensions.


Also, I need to provide access to users based on in which group(role) they fall. So how do I implement that in REST API. Should I just send the role information as a response to the client upon successful authentication. Will that suffice the requirement? Or do I have to think more than that?

Brief of roles in my use case: Users are grouped as admin, retailer, distributor and mechanic. They will see different content on the same page based on which role they fall in.