I always got "You are requesting with an invalid credential." but I need to have a public endpoint specifically "view" action that everybody can access whitout send access token and keep the other actions with token validation
This is part of my Api controller:
/**
* @inheritdoc
*/
public function behaviors()
{
return [
'contentNegotiator' => [
'class' => ContentNegotiator::className(),
'formats' => [
'application/json' => Response::FORMAT_JSON,
//'application/xml' => Response::FORMAT_XML,
],
],
'verbFilter' => [
'class' => VerbFilter::className(),
'actions' => $this->verbs(),
],
'access' => [
'class' => AccessControl::className(),
'only' => ['view'],
'rules' => [
[
'actions' => ['view'],
'allow' => true,
'roles' => ['?'],
],
],
],
'authenticator' => [
'class' => CompositeAuth::className(),
'authMethods' => [
HttpBasicAuth::className(),
HttpBearerAuth::className(),
QueryParamAuth::className(),
],
],
'rateLimiter' => [
'class' => RateLimiter::className(),
],
];
}
I try using:
'access' => [
'class' => AccessControl::className(),
'only' => ['view'],
'rules' => [
[
'actions' => ['view'],
'allow' => true,
'roles' => ['?'],
],
],
],
But the authenticator behavior does not allow that my view action are a public action
I found the solutions is just using 'only' or 'except' key on the authenticator behavior
'authenticator' => [
'class' => CompositeAuth::className(),
'except' => ['view'],
'authMethods' => [
HttpBasicAuth::className(),
HttpBearerAuth::className(),
QueryParamAuth::className(),
],
],
Source: https://github.com/yiisoft/yii2/issues/4575 https://github.com/yiisoft/yii2/blob/master/docs/guide/structure-filters.md#using-filters-
Thanks, Enjoy Yii2 and REST ;)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With