Closed fabiomlferreira closed 8 years ago
It seems I've similar problem: part of my REST API is accessible to guests. I think authenticator should silently try to authenticate, and ActiveController::checkAccess() / Access Control Filter / RBAC should decide throw UnauthorizedHttpException or not.
this is essentially a duplicate of issue #7405 - an issue i'm surprised has not been addressed. once logged in a user should remain logged in until they logout. yii treats them as a guest if they access a public page. strange behavior.
I am creating a restful service and I'm using QueryParamAuth.
An example:
As you can see only "subscrever" required authentication, if I access "noticias" and provide an access token, the access token is ignored and the user not authenticate. I think this class should have an option to always try to authenticate.
In my case the action "noticias" return all the news, but for registered users return only the news from the categories that the user subscribe.