如何解决带有承载和查询参数选项的 API
我正在尝试进行 API 验证。以下是我的行为
public function behaviors()
{
return ArrayHelper::merge(parent::behaviors(),[
'authenticator' => [
'class' => CompositeAuth::class,'authMethods' => [
['class' => HttpBearerAuth::class],['class' => QueryParamAuth::class,'tokenParam' => 'admin-token'],],'corsFilter' => [
'class' => Cors::class,'access' => [
'class' => AccessControl::className(),'rules' => [
[
'ips' => Yii::$app->params['allowedIPs'],//Fill in the allowed IPs here
'allow' => true,[
'ips' => Yii::$app->params['adminIPs'],'matchCallback' => function ($rule,$action) {
return (!empty($_GET['admin-token']) && $_GET['admin-token'] === Yii::$app->params['adminApiToken']);
}
],]
]);
bearer 方法有效并检查匹配的访问令牌和 IP。但是对于管理员匹配的 IP 和 admin-token
失败,我收到此错误
stdClass#1
(
[success] => false
[data] => stdClass#2
(
[name] => 'Unauthorized'
[message] => 'Your request was made with invalid credentials.'
[code] => 0
[status] => 401
)
)
如何仅对管理员使用 admin-token
获取验证凭据?
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。