I have a rest server and a client both implemented in Yii2. The server needs to authenticate the user in order to return result. The client keeps a database table with access tokens and sends a token with each request:
$token = new OAuthToken();
$token->setToken(UserAccount::getToken(Yii::$app->user->id));
$client->setAccessToken($token);
return $client->api($apiSubUrl, $method, $params, $headers);
The server authenticates the user by using the QueryParamAuth:
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
QueryParamAuth::className(),
];
return $behaviors;
}
When I send a GET request, everything works fine, but when I send a post request, the access_token is added by the framework to the post body, not as a get param. This way I cannot authenticate the user.
What I can think of so far is:
-
To implement a new authenticator e.g. PostParamAuth, that checks the POST body for access_token param;
-
To check whether the request is POST and to add the access_token as a get param;
-
To add it to the header (Bearer authenticaton) every time, no matter what type the request is.
My case must have already been implemented by the framework and maybe I am missing something. Please tell me which is the best way that to handle this situation.