问题
I've just created a project for working with REST API (using yii2 framework).
All issues of REST API is working really cool on localhost. But when bringing the project on server (also the same database is taken by), the authorization is not available. Now I'm using "yii\filters\auth\HttpBearerAuth"
Inside the model "implements IdentityInterface", there's finding-token function "findIdentityByAccessToken" that's so simple, the "validateAuthKey" function is returning always true; see below:
public static function findIdentityByAccessToken($token, $type = null){
return static::findOne(["token" => $token]);
}
public function validateAuthKey($token)
{
return true;
}
See any pictures: https://www.flickr.com/photos/40158620@N03/20701523349/in/dateposted-public/ Anyone can have some experience on this problem, can you tell me how to solve it? Thanks for your kindness.
- Note:
- The project, I'm following https://github.com/NguyenDuyPhong/yii2_advanced_api_phong (It works fine on localhost; I also deployed exactly the project on my server, it raised the same problem )
- To make sure that the server is configured right: I created 2 actions, 1 is authorized, another is not. I checked unauthorized action, it works very well. =======>
- actionView is not authorized => getting API info. is ok
- actionIndex is authorized by "yii\filters\auth\HttpBearerAuth" => FAIL
回答1:
In my case the Problem was that the server removes Authorization Header I needed to add this to .htaccess
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
回答2:
HttpBearerAuth used $user->loginByAccessToken to authorize see
validateAuthKey used by "loginByCookie"(and it seems that in this case not used)
Try to use QueryParamAuth for test purposes (it's easier to test)
来源:https://stackoverflow.com/questions/32217331/rest-api-for-yii2-the-authenticator-httpbearerauth-is-not-working-on-server