public function actionLogin() { $params = Yii::$app->getRequest()->getBodyParams(); $supportedClients = Yii::$app->params['clients']; if (!isset($params['client_id']) or !isset($supportedClients[$params['client_id']])) { throw new \yii\web\ForbiddenHttpException('Request Not allowed.'); } $model = new LoginForm(); if ($model->load($params, '') && $model->login()) { return ['user' => ['name' => Yii::$app->user->identity->username, 'access_token' => Yii::$app->user->identity->authKey]]; } else { $model->validate(); return $model; } }