How do I use application’s auth identity in Apigility?

Question

My authentication use-case is fairly simple. I use my API only myself in the frontend of my ZF application, when a user is logged in. So any of the provided Authentication Adapters seem overkill to me. I don’t need the API to ask for credentials at all.

I want to use the identity provided in the browser’s session. If the user is logged in, the API should be accessible, otherwise not.

So I guess what I have to to, is to somehow inject the application’s auth adapter or identity into the Apigility API module.

My app uses ZfcUser and ZfcRbac to manage roles and identities.

Answer 1

This really seems to be hard to achieve, since Apigility uses own identity models provided by zf-mvc-auth, which are not compatibly with ZfcUser’s identities. So simply switching the authentication service didn’t do the job.

I now found a solution, albeit an unflexible one. In my application’s Module.php I attach an event listener to the EVENT_AUTHORIZATION event of zf-mvc-auth and simply modify the authorized state of the event itself.

Not very cool, but works as long as you have to distinguish between guest status and everything else. Roles don’t work this way.

public function onBootstrap(MvcEvent $e)
{
    $serviceManager = $e->getApplication()->getServiceManager();

    $eventManager->attach(
        MvcAuthEvent::EVENT_AUTHORIZATION,
        function(MvcAuthEvent $mvcAuthEvent) use ($serviceManager)
        {
            $authService = $serviceManager->get('Zend\Authentication\AuthenticationService');

            if ($authService->hasIdentity()) {
                $mvcAuthEvent->setIsAuthorized(true);
            }
        },
        100
    );
}