|Progress report: zf-mvc-auth, packagist, and PHP's built-in web server||"matthew weier o'phinney"||10/31/13 2:25 PM|
We've been working hard on Apigility since ZendCon, and have released
some more code into the wild.
zf-mvc-auth exists to provide both authentication and authorization
for your APIs; in fact, it's a bit of a general-purpose library for
ZF2 MVC apps! Right now, we support HTTP basic and digest
authentication out of the box, and will be working next on OAuth
support. Authorization is done by default via Zend\Permissions\Acl, as
we discovered a problem with using RBAC: RBAC is deny-by-default,
which does not work when you want an open-by-default schema. You may
opt-in to deny-by-default, as well as mark individual services as
requiring permission by default. Finally, you have the option of
denying/allowing per HTTP method of a service as well.
To see it in action, watch the following video:
(it's only 6 minutes long)
The zf-apigility module now depends on zf-mvc-auth, meaning that
authentication and authorization are now available out-of-the-box. We
will be working on the admin API and UI for this in the coming weeks
(as well as OAuth support).
Next, up, I've fielded a number of requests for us to list our modules
on Packagist, as well as on the packages.zendframework.com repository.
I've done so today, which should make discovery and installation
easier. I've updated the zf-apigility-skeleton README.md now to
reflect that you no longer need to add the packages.zendframework.com
repository in order to install.
Additionally, we discovered this week that the PHP built-in web server
did not support the PATCH HTTP method until 5.4.8. Since the admin API
utilizes PATCH heavily, you must use PHP >= 5.4.8 if you wish to use
the built-in web server to power the admin UI. Again, the
zf-apigility-skeleton README.md has been updated to reflect this.
Finally, we've seen quite a number of excellent pull requests come in
in the past couple weeks -- please keep them coming!
Matthew Weier O'Phinney
Project Lead | mat...@zend.com
Zend Framework | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc