few doubts

[kalpitpandit]

Hi,

Thanks for your great effort. i am using your template for my api and have couple of doubts. Hope you help me clear those :

1. How to allow some methods to be public (for guest users) in same controller without oauth2 token.
2. How to handle api request which has expired token?
3. The two productController is really confusing me, would be great if you can write article on template flow.
4. How to validate token manually in some cases?
5. How to expire token forcefully?

Thanks

[ikaras]

Hi, thanks.

1. Have you learned this? To open particular action you need to add ['allow' => true, 'roles' => ['?'], 'actions' => ['<your action>']]
2. You need to refresh your access token by your refresh_token received on authorization. Rather, this question better to ask in extension repository, because it function is a part of that extension. Haven't testes yet but it could be: curl -i -H "Content-Type:application/json" "http://api.loc/oauth2/token" -XPOST \ -d '{"grant_type":"refresh_token","refresh_token":"<your refresh token>"}'
3. First ProductController has general implementation, second - version based. Please, look forward. Your RESTful service could has several versions with little different functionality. New version of ProductController can has new input variable, but using old logic. All version based controllers inherited from common and get common logic
4. You can find it in sources of Filsh extension or in main sources. Don't afraid to search what you want in sources ;)
5. Again, I didn't do that job, I've just configured extension, simplified using scopes and created template. You need to search it in extension's source code. The simplest way (use it when you won't found anything in sources) to use model OauthAccessTokens

[kalpitpandit]

Thanks for your reply :)

I have posted some questions on Flish Extension. https://github.com/Filsh/yii2-oauth2-server/issues/47