Class yii\filters\auth\HttpHeaderAuth

Inheritanceyii\filters\auth\HttpHeaderAuth » yii\filters\auth\AuthMethod » yii\base\ActionFilter » yii\base\Behavior » yii\base\BaseObject
Implementsyii\base\Configurable, yii\filters\auth\AuthInterface
Subclassesyii\filters\auth\HttpBearerAuth
Available since version2.0.14
Source Code https://github.com/yiisoft/yii2/blob/master/framework/filters/auth/HttpHeaderAuth.php

HttpHeaderAuth is an action filter that supports HTTP authentication through HTTP Headers.

You may use HttpHeaderAuth by attaching it as a behavior to a controller or module, like the following:

public function behaviors()
{
    return [
        'basicAuth' => [
            'class' => \yii\filters\auth\HttpHeaderAuth::className(),
        ],
    ];
}

The default implementation of HttpHeaderAuth uses the loginByAccessToken() method of the user application component and passes the value of the X-Api-Key header. This implementation is used for authenticating API clients.

Public Properties

Hide inherited properties

PropertyTypeDescriptionDefined By
$except array List of action IDs that this filter should not apply to. yii\base\ActionFilter
$header string The HTTP header name yii\filters\auth\HttpHeaderAuth
$only array List of action IDs that this filter should apply to. yii\base\ActionFilter
$optional array List of action IDs that this filter will be applied to, but auth failure will not lead to error. yii\filters\auth\AuthMethod
$owner yii\base\Component|null The owner of this behavior yii\base\Behavior
$pattern string A pattern to use to extract the HTTP authentication value yii\filters\auth\HttpHeaderAuth
$request yii\web\Request The current request. yii\filters\auth\AuthMethod
$response yii\web\Response The response to be sent. yii\filters\auth\AuthMethod
$user yii\web\User The user object representing the user authentication status. yii\filters\auth\AuthMethod

Public Methods

Hide inherited methods

MethodDescriptionDefined By
__call() Calls the named method which is not a class method. yii\base\BaseObject
__construct() Constructor. yii\base\BaseObject
__get() Returns the value of an object property. yii\base\BaseObject
__isset() Checks if a property is set, i.e. defined and not null. yii\base\BaseObject
__set() Sets value of an object property. yii\base\BaseObject
__unset() Sets an object property to null. yii\base\BaseObject
afterAction() This method is invoked right after an action is executed. yii\base\ActionFilter
afterFilter() yii\base\ActionFilter
attach() Attaches the behavior object to the component. yii\base\ActionFilter
authenticate() Authenticates the current user. yii\filters\auth\HttpHeaderAuth
beforeAction() This method is invoked right before an action is to be executed (after all possible filters.) You may override this method to do last-minute preparation for the action. yii\base\ActionFilter
beforeFilter() yii\base\ActionFilter
canGetProperty() Returns a value indicating whether a property can be read. yii\base\BaseObject
canSetProperty() Returns a value indicating whether a property can be set. yii\base\BaseObject
challenge() Generates challenges upon authentication failure. yii\filters\auth\AuthMethod
className() Returns the fully qualified name of this class. yii\base\BaseObject
detach() Detaches the behavior object from the component. yii\base\ActionFilter
events() Declares event handlers for the $owner's events. yii\base\Behavior
handleFailure() Handles authentication failure. yii\filters\auth\AuthMethod
hasMethod() Returns a value indicating whether a method is defined. yii\base\BaseObject
hasProperty() Returns a value indicating whether a property is defined. yii\base\BaseObject
init() Initializes the object. yii\base\BaseObject

Protected Methods

Hide inherited methods

MethodDescriptionDefined By
getActionId() Returns an action ID by converting yii\base\Action::$uniqueId into an ID relative to the module. yii\base\ActionFilter
isActive() Returns a value indicating whether the filter is active for the given action. yii\base\ActionFilter
isOptional() Checks, whether authentication is optional for the given action. yii\filters\auth\AuthMethod

Property Details

$header public property

The HTTP header name

public string $header 'X-Api-Key'
$pattern public property

A pattern to use to extract the HTTP authentication value

public string $pattern null

Method Details

authenticate() public method

Authenticates the current user.

public yii\web\IdentityInterface authenticate ( $user, $request, $response )
$user yii\web\User
$request yii\web\Request
$response yii\web\Response
return yii\web\IdentityInterface

The authenticated user identity. If authentication information is not provided, null will be returned.

throws yii\web\UnauthorizedHttpException

if authentication information is provided but is invalid.