I’m creating a website using Yii2 and have a remote API offered by an internal program that my client is using. I’m creating a website that will act kind of a proxy, as I won’t have any data on my server, everything will be stored in the remote API.
So, the client will login into the site I’m developing, and will send an API request to the remote server to check if the login is successful or not. If the login is successful, the remote API will return my an access token.
I have experience with Yii1, but this is going to be my first Yii2 project. I’m a bit lost with the authentication system used in Yii2, and I’m not completely sure about this point.
Can anyone please give an insight or an example to keep me moving?
The authentication is an endpoint that will give me a token that i will need to use in the subsequents calls. I think is old and custom made, so no oauth.
I ended up calling the API and if authenticated, I store the access_token in a session. I’m not quite sure if that’s a security issue (i think it is) but i needed to keep moving, but I will have to take a closer look at it before pushing to production.
The problem with the guide is that it assumes that we have the users to check the credentials, and in this particular (and weird, I know) case I don’t.
Then I’d fetch token by client application and pass it to the server with each request (there’s no session concept in REST). Server would validate and cache token so there will be no constant requests to a third party server.
Did you find a resolution to this issue?
I have exactly the same issue in that I am building a webapp that relies soley on a backend REST API for its content.
As such the authorisation is done through the api login call and an access_token and refresh token are returned on successful login.
How and where to cache these tokens for use in the current web session to make valid api calls to the backend is really confusing me ;(
I cannot seem to work out how to use the IdentityInterface calls (findIdentity, etc) to return an identity as there is no actual identity as such.
Any pointers or samples would be greatly appreciated