php - Best practice of writing custom authentication mechanism on Yii2 -

i need write specific authentication web application. there api on side accepts login + password pair , returns result (and, token). don't want store login information on yii2 side besides login token i've got api. , must way auth clients (so don't use oauth-like application).

what best practive override "classic" code in yii2? use filters , modify user model? example:

first, recieve token , save somewhere session:

$token = gatewayapi::login($user, $password); 

then, every internal request this:

$result = gatewayapi::addposition($token, $data); 

so, don't have database work with, cache , memory. handled on api side.

my task implement login check - if token recieved api - it's considered success. , store token use within current session (probably in memcache, must not opened public).

as matter of fact yii2 not require login/password anywhere. don't need modify or extend user model if mean \yii\web\user. need create own class implementing identityinterface , set class useridentity in config components->user->identityclass:

[     'components' => [         'user' => [             'class' => 'yii\web\user', // not necessary, default             'identityclass' => 'my\namespace\user'          ]     ] ]  

there 5 methods in interface , not login/pass. class of yours may store in db want. example may copy of popular user modules project, remove related storing , searching login/pass user model , add api functionality - , work.

upd. added functionality this:

$token = gatewayapi::login($user, $password); $user = \my\namespace\user::findone(['token' => $token]); yii::$app->user->login($user);