Hello there!
I’m very confused since long days trying to implement Login User System with oAuth2 (no social), so I apologize for disturbing you but I see a little lost.
I’ve read and read every page on web to how use the access_token and I’ve got no clear: Have I need an access_token always in the Authorization header?.
When I use this, always I get “guest” user from $this->getIdentity()->getName()
On module.php
public function onAuthentication(MvcAuthEvent $e)
{
$guest = new GuestIdentity();
$header = $e->getMvcEvent()->getRequest()->getHeader('Authorization');
if(!$header) return $guest;
$token = $header->getFieldValue();
$jwt = new Jwt();
$key = $this->serviceManager->get('config')['cryptoKey'];
$tokenData = $jwt->decode($token, $key);
tokenData is false, cryptoKey is like auth-doc so return to guess identity.
<?php
return [
//Social login
'cryptoKey' => 'SOME SUPER SECRET PASSPHRASE HERE THAT YOU JUST MADE UP',
I’m assumming that AuthenticatedIdentity() storage the session data, is it right?
Thank you a lot.