-
Copy the migration file to your own migrations directory (inside of your yii2 project) , and run the migrations. Make sure you update the client_id and client_secret before using it in your project, since they are not safe the way they are added in the migration!
-
Edit your yii2 configuration to include the following under "components"
'ResourceServerComponent'=> [
'class' => 'rowasc\yii2oauthserver\components\ResourceServerComponent'
],
'AuthServerComponent'=> [
'class' => 'rowasc\yii2oauthserver\components\AuthServerComponent'
],
- Edit your yii2 configuration to include the following under "modules"
'yii2oauthserver' => [
'class' => '@vendor\rowasc\yii2oauthserver\Module',
]
- In your .htaccess file, allow the Authorization headers to pass, since they will be stripped most of the time witouth this line
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
-
Have your base api controller extend " \rowasc\yii2oauthserver\controllers\ApiController" .
-
Create an AuthorizationController, and extend \rowasc\yii2oauthserver\controllers\AuthorizationController in it.
-
In your User model, extend rowasc\yii2oauthserver\models\User
This will create an "/authorization/login" and a "/authorization/logout" endpoint which will allow you to get and expire bearer tokens for your api auth.
POST /v1/authorization/login HTTP/1.1 Host: api.yii2-starter-kit.dev Content-Type: application/json Cache-Control: no-cache Postman-Token: 7dd28588-b30d-a252-5c7e-5ecc9d1ab740
{
"client_id": "client_name",
"client_secret": "client_secret",
"username": "webmaster",
"password": "webmaster"
}
Response:
{
"access_token": "ENMTcmTSgQTmwCpVbaO3AHHbhbJYgziiZzjWzWUd",
"token_type": "Bearer",
"expires_in": 43200
}
POST /v1/authorization/logout HTTP/1.1 Host: api.yii2-starter-kit.dev Content-Type: application/json Authorization: Bearer ENMTcmTSgQTmwCpVbaO3AHHbhbJYgziiZzjWzWUd Cache-Control: no-cache Postman-Token: 9b86bad2-dd05-898b-5888-6047e0dd2772
{
"client_id": "client_name",
"client_secret": "client_secret",
"username": "webmaster",
"password": "webmaster"
}
Response:
{
"status": true
}