Customizing authentication and response
Yii allows us to quickly create a custom authentication method for our application. This is useful because in some cases, the previously mentioned authentications are not sufficient.
A custom authentication model can be made by extending the yii\filters\auth\AuthMethod
class, which implements yii\filters\auth\AuthInterface
that requires overriding the authenticate
($user
, $request
, and $response
) method:
<?php namespace api\components; use yii\filters\auth\AuthMethod; use Yii; class CustomAuthMethod extends AuthMethod { public function authenticate($user, $request, $response) { … … … } … … … }
Even though the REST API should be stateless, or rather should not save session data, it could be necessary to store some information or preferences during a session across requests.
So, if we need to support a session, we can start it through the authenticate()
method called in the beforeAction()
...