token = $token; } public static function findIdentityByAccessToken($rawToken, $type = null): IdentityInterface { try { $token = Yii::$app->tokens->parse($rawToken); } catch (Exception $e) { Yii::error($e); throw new UnauthorizedHttpException('Incorrect token'); } if (!Yii::$app->tokens->verify($token)) { throw new UnauthorizedHttpException('Incorrect token'); } if ($token->isExpired()) { throw new UnauthorizedHttpException('Token expired'); } if (!$token->validate(new ValidationData())) { throw new UnauthorizedHttpException('Incorrect token'); } $sub = $token->getClaim('sub', false); if ($sub !== false && strpos($sub, TokensFactory::SUB_ACCOUNT_PREFIX) !== 0) { throw new UnauthorizedHttpException('Incorrect token'); } return new self($token); } public function getAccount(): ?Account { $subject = $this->token->getClaim('sub', false); if ($subject === false) { return null; } Assert::startsWith($subject, TokensFactory::SUB_ACCOUNT_PREFIX); $accountId = (int)mb_substr($subject, mb_strlen(TokensFactory::SUB_ACCOUNT_PREFIX)); return Account::findOne(['id' => $accountId]); } public function getAssignedPermissions(): array { $scopesClaim = $this->token->getClaim('ely-scopes', false); if ($scopesClaim === false) { return []; } return explode(',', $scopesClaim); } public function getId(): string { return (string)$this->token; } public function getAuthKey() { throw new NotSupportedException('This method used for cookie auth, except we using Bearer auth'); } public function validateAuthKey($authKey) { throw new NotSupportedException('This method used for cookie auth, except we using Bearer auth'); } public static function findIdentity($id) { throw new NotSupportedException('This method used for cookie auth, except we using Bearer auth'); } }