Authentication filters
In Chapter 7, Authenticating and Authorizing Users, we covered the basics of user access control filters to control which users can have access to our controllers. Unlike stateful applications that depend upon the presence of session data to persist user data across each request, RESTful APIs are stateless by nature, which means that each request must provide the required information to authenticate each user. To assist us in authenticating users over our API, Yii2 provides three built-in methods to control access to our API:
HTTP basic authentication
Query parameter authentication
OAuth2 authentication
Additionally, we can define our own custom authentication methods.
To get started with authenticating users within our API, we need to make the following changes to our application:
Configuring the user component of our configuration by doing the following:
Disabling sessions by setting
enableSessiontofalseSetting the
loginUrlproperty to null to prevent redirects to the...
