7. In detail: Authentication in Drupal 8
Drupal 8 incorporates a Modular Authentication
System.
Different Authentication Providers can
authenticate a user out of a given request.
8. Core's built-in auth providers
Cookie - default one. Returns authenticated or
anonymous user depending on the presence of
a cookie.
Basic Auth - checks if user name & password
are in the request headers and finds a user.
13. Basic authentication service
This tag makes the service to be
loaded automatically
Cookie auth provider has a priority
of 0, so this provider will kick in
earlier.
15. Authenticate an existing Route
https://github.com/juampy72/drupal_friendly_support
Module friendly_support
Makes it impossible for clients to make a complaint by
adding HTTP authentication to /contact
Next: steps on how it works.
16. 1. Define our RouteSubscriber
A provider may be a module name. A
collection, the routes it defines.
Here is where we
alter the route.
17. 2. Define our class as a service
● Add the event_subscriber tag.
● RouteSubscriberBase takes care of the rest.
19. Authenticate a custom Route
Allowed methods: Basic Authentication
We just need an authenticated user. No
extra permissions are needed.
20. Authenticate a REST resource
Recommended read: REST: exposing data as RESTful web services
REST UI module lets you set authentication through the admin interface.
23. How to help?
●
●
●
●
●
Add flood support to basic_auth.
Circular reference error on a REST request
Remove basic_auth from core
OAuth2?
Any other authentication providers?
○ Digest Authentication
○ IP based authentication