cakephp rest api和身份验证

Question

i am developing with cakephp 2.4.7 and i am very confused and i don't know what's the best way to implement what i need.

My cake project is similar to a social network and i already have programmed a big part of the web part. Now i want to start developing the API for the native mobile apps (iOS, Android, etc).

In my project i am using the standard form authentication for the normal webbrowser way.

How can i use both, basic and form authentication ? Form authentication for webbrowser use and basic authentication for the native mobiel apps.

My AppController looks like:

public $components = array(
    '...',
    'Auth' => array(
        'loginRedirect' => array(
            'controller' => 'users',
            'action' => 'index'
        ),
        'logoutRedirect' => array(
            'controller' => 'users',
            'action' => 'login'
        ),
        'authError' => 'You must be loggedin to view this page.',
        'loginError' => 'Invalid user credentials.',
        'authorize' => array('Controller'),
        'authenticate' => array(
            'Form' => array(
                'userModel' => 'User',
            )
        ),
        'authorize' => array(
            'Actions' => array('actionPath' => 'controllers')
        )
    )
);

I know this part of the documentation:

Using multiple handlers allows you to support different ways of logging users in. When logging users in, authentication handlers are checked in the order they are declare

But what about the login action?

Is there a better solution? For example authenticate with tokens.

And i searched a lot about API versioning and prefix routing . The only thing i found is that cake 2.x don't support prefix routing for rest.

My goal is to have the following structure:

• /users/view/2 for webbrowser
• /api/1.0/users/view/2.json for the mobile apps.

In UsersController:

public function view($id = null) {
// Webbrowser
}

public function api_1_0_view($id = null) {
// mobile app version 1.0
}

public function api_2_0_view($id = null) {
// mobile app version 2.0
}

Can you give me a idea how i can solve the problems?

Answer 1

Basic is stateless authentication and doesn't need a login action. The credentials are passed and checked on each request. You can read here for more info.

Although you can configure AuthComponent to use multiple authenticators is best not to use a stateless and stateful authentication provider together. In your AppController's beforeFilter() you should check the url (should be easy in your case since all urls from mobile have "api" prefix) and selectively use either Form or Basic authentication provider.