{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 做个烂人 的问题《Yii2: How exactly does user authentication works?》','https://www.manongdao.com/q-503867.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I don't understand Authentication in Yii2. In Yii 1 there was an identity class where we need to work with the authentication() method and call CWebUser::login() to achieve our goals.
What are the main processes of authentication in Yii 2? And how does it work exactly?
Can you please explain the following:
- All the steps required to complete authentication.
- Required database fields or schema.
- How to authenticate multiple user types.
- What may be a few other things I need to consider?
To answer your questions, it is needed to understand one thing -
Yii2provides some helper classes / interfaces for developers to implement user authentication easily, but it is not always required to follow or use any of them. So my following answer is just explaining the default behavior of some classes.And it is always a good starting point to look at the Yii2 Advanced template and the source code to understand the workflow of the framework, it is surprisingly easy to read, in my opinion.
- how does it work exactly
Yii2framework provides a number of core components in its static context, you can always call them throughYii::$app->. One of the core components isuser, it is actually an instance ofyii\web\Userand all the default magic are inside this class.Not only
user, you may also need to use other core components as well. I am not sure how deep you want to understand the way it works, if I don't give you a deep enough explanation, I strongly suggest you to read source code. You will have the source code on your hand once you didcomposer install, or go to their github to have a code tracing - https://github.com/yiisoft/yii2/tree/master/framework- All the steps required to complete authentication.
Firstly, you should have a
Userclass which implementsIdentityInterfaceand extendsActiveRecord, please see the example in Advance template: https://github.com/yiisoft/yii2-app-advanced/blob/master/common/models/User.php .And in your configuration, set the
$identityClassofusercomponent to the above customUserclass. This is the minimal setup forUser.Next, you must have a controller with a method mapped to a request url such as "/login". In this method, you should use your way to extract the
Userinstance -$u. This is the location where your authentication should be.Then you can call
Yii::$app->user->login($u)to login;Yii::$app->user->logout()to logout.After you login, you can get the current user instance anywhere through
Yii::$app->user->identity.- Required database fields or schema.
It is up to you, depending on your need. The template just gives you an idea on how to design the
UserActiveRecord class but not bounded by it -usernameandpasswordHashare something very common but you can always have your own schema.- How to authenticate multiple user types.
I don't quite understand the problem. Hope others could help.
- What may be a few other things I need to consider?
If you decide to use RESTful supported by the framework, remember to implement
findIdentityByAccessToken()in yourUserclass, see details in http://www.yiiframework.com/doc-2.0/guide-rest-authentication.htmlI can think of one at this moment, may add other things later.