All geek questions in one place

How to check oAuth2 areas in Apigility?

I am creating an apigility project where we will host all our APIs. We need to be able to use OAuth2 for authentication, but we cannot understand how to control access to certain APIs, it seems that as soon as the client authenticates, they can use any of our APIs, but we want to limit them to the use of only specific ones that we defined. After reading about the OAuth2 library that apigility uses, I saw that there are areas that can be defined, but I did not find any documentation on how to check user coverage to see if they have access. I want to find out if this is the best way to restrict access to certain APIs and how to configure it, if so, or is there a better way to control access?

+4
source share
1 answer

This functionality is simply implemented using the following recipe ...

https://github.com/remiq/apigility-zfc-rbac-recipe

It worked very well, and it only took a few hours for it to work.

Alternatively, you can simply perform a check in the controller action (resource method)

$identity =  $this->getIdentity()->getAuthenticationIdentity();
$scope = $identity["scope"]

if (! in_array('admin', $scope)) {
     return new ApiProblem(Response::STATUS_CODE_401, 'No Auth');
}

The above code is untested, but should get you on the right track if you want to do it this way

+3
source

Source: https://habr.com/ru/post/1609542/

More articles:


All Articles