Yii2 OAuth2 - failing to authenticate the user when sending rest post request

I have a rest server and a client both implemented in Yii2. The server needs to authenticate the user in order to return result. The client keeps a database table with access tokens and sends a token with each request:

$token = new OAuthToken();



return $client->api($apiSubUrl, $method, $params, $headers);

The server authenticates the user by using the QueryParamAuth:

public function behaviors()


    $behaviors = parent::behaviors();

    $behaviors['authenticator'] = [



    return $behaviors;


When I send a GET request, everything works fine, but when I send a post request, the access_token is added by the framework to the post body, not as a get param. This way I cannot authenticate the user.

What I can think of so far is:

  • To implement a new authenticator e.g. PostParamAuth, that checks the POST body for access_token param;

  • To check whether the request is POST and to add the access_token as a get param;

  • To add it to the header (Bearer authenticaton) every time, no matter what type the request is.

My case must have already been implemented by the framework and maybe I am missing something. Please tell me which is the best way that to handle this situation.

OAuth2 is about Bearer tokens. I’m not sure if it is possible to make it work with QueryParamAuth.

this is an implementation I made once for OAuth2 supporting access & refresh tokens. it may helps: https://github.com/tunecino/Yii2_foundation-apps/tree/master/backend/auth

the database schema I made for it is in data folder and it stores refresh tokens only. I did used redis within yii cache component to store generated access tokens.