0

I set up the Basic Auth as in the Apigility docu described (the docu is not up to date anymore, but the main steps are staying the same). So, I created a users.htpasswd file and added an authentication adapter. My /config/autoload/local.php has been updated and got the adapter configs:

return array(
    ...
    'zf-mvc-auth' => array(
        'authentication' => array(
            'adapters' => array(
                'dummy basic auth' => array(
                    'adapter' => 'ZF\\MvcAuth\\Authentication\\HttpAdapter',
                    'options' => array(
                        'accept_schemes' => array(
                            0 => 'basic',
                        ),
                        'realm' => 'Dummy Realm',
                        'htpasswd' => 'data/users.htpasswd',
                    ),
                ),
            ),
        ),
    ),
);

So far so good:

Test: I sent a `GET` request got the data just like before the auth setup.
Expected: `200 OK`
Result: `200 OK`
OK

Then I went to Apigility Admin Backend -> My API -> My Rest Service -> Authorization and marked the methods and endpoints, I want to require authorization for.

Test: I sent a new request without credentials / authentication token.
Expected: `403 Forbidden`
Result: `403 Forbidden`
OK

Test: I sent another request with wrong credentials / authentication token.
Expected: `401 Unauthorized`
Result: `403 Forbidden`
FAIL

Test: I sent a request with correct credentials / authentication token.
Expected: `200 OK`
Result: `403 Forbidden`
FAIL

What am I doing wrong? How to get the Basic HTTP Authentication working?

automatix
  • 14,018
  • 26
  • 105
  • 230

1 Answers1

2

As of the new version of Apigility (not sure exactly which one, but greater than 1.0) there's the ability to create multiple Auth adapters and associate each API to a different Auth adapter.

If you've created an auth adapter (Authentication on the top -> Adapters -> New Adapter) you'll have an adapter name for the HTTP Basic you set up. Keep note of it.

Then go to your API (the one that matches the name of the module that contains your resources, not the individual resources). On that screen you'll see "Authentication" in the top left with a drop down.

Auth Adapter Picker

In the dropdown, choose the auth adapter you created and save your selection. Your resources under that API should now respond correctly based on whether or not you're authenticated.

David Stockton
  • 2,261
  • 1
  • 14
  • 20