Multiple authentication adapters per API

[nuxwin]

It could be great to add support for multiple authentication adapter per API at it is possible in Github API.

See https://developer.github.com/v3/auth/

[TomHAnderson]

https://github.com/zfcampus/zf-mvc-auth#sub-key-adapters

This part of the README.md for this module shows HTTP and OAuth2.

[nuxwin]

@TomHAnderson

Yes, but

...
The name provided will be used as the authentication type for purposes of mapping APIs to an authentication adapter.
...

For but, this look like we can map only one named adapter to one API at time.

[TomHAnderson]

My understanding is the map can map to an array of adapters. Consider this hear-say but I suggest you try it.

    'zf-mvc-auth' => array(
        'authentication' => array(
            'map' => array(
                'Api\\V1' => ['pdo', 'oauth2_doctrine'],
            ),
        ),
    ),

[nuxwin]

@TomHAnderson

Same idea here. I'm not sure about the list possibility ;) At least, in apigility UI we cannot map multiple adapters atm. The only way is to use the fallback feature with andy adapters. Eg; When no adapter is specified for a given API, attempt is made by the DefaultAuthenticationListener event listener to retrieve the adapter type to use from the request and thus, the first andy adapter which match this type is used (at least, this is what I understand from the code).

My personal through was something like

The adapter type should be first retrieved from the request in any case, and once done checked against the map (API modules to allowed authentication adapters.).

In such case, we should be allowed to do something like

    'zf-mvc-auth' => array(
        'authentication' => array(
            'map' => array(
                'Status\\V1' => array(
                    'named_adapter_1',
                    'named_adapter_2',
                )
            ),
        ),
    ),

as you said ;)

[nuxwin]

@TomHAnderson

For me it look like we cannot specify list of adapters in the map currently.

...
    /**
     * Match the controller to an authentication type, based on the API to
     * which the controller belongs.
     *
     * @param null|RouteMatch $routeMatch
     * @return string|false
     */
    private function getTypeFromMap(RouteMatch $routeMatch = null)
    {
        if (! $routeMatch) {
            return false;
        }

        $controller = $routeMatch->getParam('controller', false);

        if (false === $controller) {
            return false;
        }

        foreach ($this->authMap as $api => $type) {
            $api = rtrim($api, '\\') . '\\';
            if (strlen($api) > strlen($controller)) {
                continue;
            }

            if (0 === strpos($controller, $api)) {
                return $type;
            }
        }

        return false;
    }
...

See https://github.com/zfcampus/zf-mvc-auth/blob/master/src/Authentication/DefaultAuthenticationListener.php#L209

[ronan-gloo]

Hi,

Because we needed this feature for our project, we implemented it (see qapa@b30d83e)

Basically, if an array of types is defined for an API, we try to find the type extracted from request in this array.

[weierophinney]

This repository has been closed and moved to laminas-api-tools/api-tools-mvc-auth; a new issue has been opened at laminas-api-tools/api-tools-mvc-auth#16.