In my REST API, I want to use JWT for authorization.
So, I enable this extension - https://github.com/sizeg/yii2-jwt
How can I understand how to create a JWT token, but how to check the token in the API? Heart, I have to use two tokens - auth_token and refresh_token. For what? What makes me different when I validate and validate a user?
I mean - well, when I get the username and password, I create auth_token (JWT) and update the token in the user database, after I return the token to the interface.
After the interface sends an authorization token in each request, I will check the token and check the user in the user database and check access, etc. How to implement an update token and why?
For example, my controller:
class UploadController extends Controller {
public $serializer = [
'class' => 'yii\rest\Serializer',
'collectionEnvelope' => 'items',
];
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => JwtHttpBearerAuth::className()
];
return $behaviors;
}
public function actionIndex() {
}
}
How to get a token from the headers?
source
share