Yii 2.0 Restful interface three methods problems

The company needs to call the backend interface when making mobile phones. The main reason is because it wants to be safer, so it chooses Yii2.0. Because it has been using the Qee framework before, Yii is not particularly familiar with it. And later on when I started working on Ionic, I was even less familiar with the framework. . Now let me (newbie) study how to write a set of Restful interfaces. .

I would like to ask if HttpBasicAuth simply means that after logging in, the server returns an access_token to the mobile phone, and then all subsequent url requests add the access-token in the header. Is the key-value pair in the form of Authorization: Basic xxxxx? .

QueryParamAuth is the only one I implemented in postman, but it feels relatively simple. Security is generally just adding the access_token field to the database and then adding access-token=xxx after the request URL, and then I will get The contents of the entire database, rather than the data corresponding to a single user (maybe I didn’t set the limit and don’t understand it very well)

HttpBearerAuth I don’t quite understand. It feels a bit similar to HttpBasicAuth. After logging in, should I add a form like Authorization:Bearer XXXX to the header?

Now there is a problem. There is a validatePassword method in my model User which returns password

<code>return $this->password === ($password);
</code>

But this $this->password is null (I don’t know the Yii framework very well. Do I have to go to the database to find the password and assign it to $password? Or is there any other way?) The current demo uses $password = 123 directly. ;In this form
I hope I can briefly explain the entire running routine in three ways. . I’ve read stackoverflow, google segmentfault and it’s much better, but I still don’t understand it very well. .
Thank you everyone.

Reply content:

The company needs to call the backend interface when making mobile phones. The main reason is because it wants to be safer, so it chooses Yii2.0. Because it has been using the Qee framework before, Yii is not particularly familiar with it. And later on when I started working on Ionic, I was even less familiar with the framework. . Now let me (newbie) study how to write a set of Restful interfaces. .

I would like to ask if HttpBasicAuth simply means that after logging in, the server returns an access_token to the mobile phone, and then all subsequent url requests add the access-token in the header. Is the key-value pair in the form of Authorization: Basic xxxxx? .

QueryParamAuth is the only one I implemented in postman, but it feels relatively simple. Security is generally just adding the access_token field to the database and then adding access-token=xxx after the request URL, and then I will get The contents of the entire database, rather than the data corresponding to a single user (maybe I didn’t set the limit and don’t understand it very well)

HttpBearerAuth I don’t quite understand. It feels a bit similar to HttpBasicAuth. After logging in, should I add a form like Authorization:Bearer XXXX to the header?

Now there is a problem. There is a validatePassword method in my model User which returns password

<code>return $this->password === ($password);
</code>

But this $this->password is null (I don’t know the Yii framework very well. Do I have to go to the database to find the password and assign it to $password? Or is there any other way?) The current demo uses $password = 123 directly. ;In this form
I hope I can briefly explain the entire running routine in three ways. . I’ve read stackoverflow, google segmentfault and it’s much better, but I still don’t understand it very well. .
Thank you everyone.

I have encountered the RESTful API authentication problem of Yii2 before. The authentication method can use the official method, and then you can also expand it yourself. I later wrote an article about Yii2's use of RESTful API and its authentication issues. It can be used as a reference for the topic owner.

I think you don’t need to use Yii, but use a router combined with Qee that you are more familiar with, such as nikic/FastRoute, thephpleague/route;

Or use a lightweight framework like slim;

Currently, I have chosen the simplest QueryParamAuth method. The advanced version could not run on the company computer before. Now it can run. If you are doing restful, it is best to use the advanced version for convenience. . For the QueryParamAuth method, you only need to add ?access-token=xxxx after the url. . There will be no problem if you use the advanced version for password issues, so I highly recommend the advanced version. .