yii2-rest | Yii2 REST Client | Web Framework library

Simple answer there's more than one possibility to implement this behavior.

Both HttpBearerAuth and HttpBasicAuth can use the findIdentityByAccessToken() methode when configured correctly. the behavior you should use depends on the way you want users to authenticate themselves.

if you read the documentation of HttpBasisAuth HttpBasicAuth you'll see

The default implementation of HttpBasicAuth uses the loginByAccessToken() method of the user application component and only passes the user name. This implementation is used for authenticating API clients.

loginByAccesToken will invoke the findIdentityByAccesToken methode You can manipulate this behavior by defining a closure in the auth attribute see auth attribute.

HttpBeareAuth almost does the same. it also implements the loginByAccessToken

So what make the two different from each other? simple the location where the get the data from. where HttpBasicAuth expects that client has set the basic header example header('Authorization: Basic '. base64_encode("user:password")); (PHP has build in support for this see: http://php.net/manual/en/features.http-auth.php)

the HttpBearerAuth expects that the header is defined as the following header('Authorization: Bearer '. $token);

So the solution you should use depends on the way you want users/clients to authenticate themselves. you could also use the QueryParamAuth which gives the users the possibility to authenticate themselves whit a GET param see queryparamauth

And if you want to use a custom header let's say X-API-Token create your own custom class that implements the AuthMethod interface see AuthMethod

Hope this helps

If you want to access cookies on server side so you have to send them as well in your request. Angular by default does not send cookies in XHR request. To enable cookies in request add this following code:

Configure the host file to look in /project_folder/api/web