I am attempting to create a REST API with oAuth2 Authentication. I am using ThePHPLeague and Sumeko's libraries and have it set up to a point where I am comfortable going forward in regards to that. My question however is how to implement that without having redundant code.
The way that I thought was best was to take advantage of middleware events. I added the validation to the \Micro before() method and it seems to work generally. The problem is that when they get the token wrong I am only seemingly able to pass false and not change the headers to 403 and send a message. Or, at least I am not understanding how to do this, as I am very new to Phalcon.
This is my current code:
$app->before(function() use ($app) {
try {
$app->resource->setTokenKey('token');
$app->resource->isValid();
return true;
} catch (League\OAuth2\Server\Exception\InvalidAccessTokenException $e) {
$body['meta'] = array(
'error' => TRUE,
'status' => 403,
'message' => $e->getMessage()
);
$app->response
->setStatusCode(403, 'Forbidden')
->setContentType('application/json')
->setJsonContent(array(
'error' => TRUE,
'status' => 403,
'message' => $e->getMessage()
));
return false;
}
});
But all it returns is a 200 OK response, and that definitely is not what I want.