Authentication API
API Features
Organized by the least frequently used APIs:
Authentication Provider Services
Implement \Drupal\Core\Authentication\AuthenticationProviderInterface and use the service tag 'authentication_provider'.
_auth Option on Routes
The default authentication manager (see below) allows developers to restrict the set of allowed authentication mechanisms to a specified subset by defining _auth in the route options.
Example: _auth: ['basic_auth', 'cookie']
Authentication Manager
The authentication manager (\Drupal\Core\Authentication\AuthenticationManager) invokes different authentication provider services based on each service’s priority.
The manager can be overridden for very complex use cases, but in 99.9% of cases, the default implementation should be sufficient.
Helpful Interfaces
Drupal provides 2 additional interfaces for advanced authentication scenarios.
\Drupal\Core\Authentication\AuthenticationProviderFilterInterface– Useful if you want your authentication provider to be used only on certain routes, allowing you to inspect theRouteMatchrequest and check the route object for options.\Drupal\Core\Authentication\AuthenticationProviderChallengeInterface– Allows you to issue challenges when access is denied for unauthenticated users. This is used by the Basic Auth module.
See Also
- Routing API
- RESTful Web Services API
- Original change notice introducing this API: Modular authentication system
- Related module: OAuth
- Related module: Simple OAuth (OAuth 2.0 Bearer Token)
- Related contributed module: OAuth2 Server
- Related module: IP
- Related module: OAuth2 JWT SSO
Drupal’s online documentation is © 2000-2020 by the individual contributors and can be used in accordance with the Creative Commons License, Attribution-ShareAlike 2.0. PHP code is distributed under the GNU General Public License.