Ability to Disable Cookie Auth for login-token #863
Comments
|
You can alter the resource definition of any resource by implementing: |
|
Let me know if that does not fix the issue and I will re-open. |
|
Hello, function my_module_restful_resource_alter(\Drupal\restful\Plugin\resource\ResourceInterface &$resource) {
$plugin_definition = $resource->getPluginDefinition();
$plugin_definition['authenticationTypes'] = array(0 => 'token');
$resource->setPluginDefinition($plugin_definition);
}Does this code seem right ? |
|
Fortunately the access checks happen very early in the bootstrap process, unfortunately for us that means that they happen before To address this you'll need to create a new version of the token resource. It's not a big deal. Something close to this should do: <?php
/**
* @file
* Contains Drupal\my_module\Plugin\resource\AccessToken__1_1.
*/
namespace Drupal\restful_token_auth\Plugin\resource;
use Drupal\restful\Plugin\resource\ResourceInterface;
use Drupal\restful_token_auth\Plugin\resource\AccessToken__1_0;
/**
* Class AccessToken__1_1
* @package Drupal\my_module\Plugin\resource
*
* @Resource(
* name = "access_token:1.1",
* resource = "access_token",
* label = "Access token authentication",
* description = "Export the access token authentication resource.",
* authenticationTypes = {
* "basic_auth"
* },
* authenticationOptional = FALSE,
* dataProvider = {
* "entityType": "restful_token_auth",
* "bundles": {
* "access_token"
* },
* },
* formatter = "single_json",
* menuItem = "login-token",
* majorVersion = 1,
* minorVersion = 1
* )
*/
class AccessToken__1_1 extends AccessToken__1_1 implements ResourceInterface {} |
|
It's working great after changing the namespace to 'Drupal\my_module\Plugin\resource;' and making AccessToken__1_1 extend AccessToken__1_0 instead of AccessToken__1_1. Thank you very much ! |
|
Yay for OO and modern PHP! I've referenced the above example from the wiki here: https://github.com/RESTful-Drupal/restful/wiki/3.-Authentication#using-token-auth-module. Thank you @e0ipso! |
In RESTful 1.x, one could write a hook_ctools_plugin_pre_alter to disable cookie authentication for the login-token route, example https://gist.github.com/josephdpurcell/393fd64dd24d098ee1f3
In RESTful 2.x, the only way I know of is to write a patch for the module and apply the patch with composer, here is an example patch: https://gist.github.com/josephdpurcell/f2744a7ac38957b1e04e
Is there a way to modify what authentication is supported at login-token?
The use case is an API and SPA that exist on the same domain, and therefore share a cookie. Consequently, the API requests to login-token will see the cookie and will prioritize that over Basic authentication.
The text was updated successfully, but these errors were encountered: