Skip to content
This repository has been archived by the owner on Jan 21, 2020. It is now read-only.

Question on protecting an API using AbstractRestfulController with OAuth2 #130

Jump to bottom
Jump to bottom
Open
Open
Question on protecting an API using AbstractRestfulController with OAuth2#130
@humphrey09

Description

@humphrey09
humphrey09
opened on Feb 11, 2016

I've finally managed securing my controller (extending the AuthController class) as mentioned in the documentation ( https://github.com/zfcampus/zf-oauth2#how-to-protect-your-api-using-oauth2 ) :

class MyTestController extends AuthController {

    ...

    public function __construct($serverFactory, UserIdProviderInterface $userIdProvider) {

        parent::__construct($serverFactory, $userIdProvider);
    }

    public function onDispatch(\Zend\Mvc\MvcEvent $e) {

        $server = call_user_func($this->serverFactory, "oauth");

        if (!$server->verifyResourceRequest($this->getOAuth2Request())) {

            $response = $server->getResponse();
            return $this->getApiProblemResponse($response);
        }

        return parent::onDispatch($e);
    }

    ...

As my API is RESTful, I would like to use the AbstractRestfulController as base for my controller. Could you please give me a hint/code example, how to secure a controller which extends the AbstractRestfulController? I have not found any useful information so far regarding this topic (and as I'm still quite new to ZF2, there's a lot to learn).

Any help would be greatly appreciated!

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions