one user can use other user token to access api. How to make it user specific.

Question

one user can use other user token to access api. How to make it user specific.

gurinder-sason opened this issue 8 years ago · 0 comments

i have just implemented this, i am new to yii. my problem is after installation and configuration the library. i am not able to understand few things.

on adding behaviour, authentication is added to every controller action. how it is called for every action automatically. is behaviour works like constuctor?
when i call any api with access_token it again automatically validating the token but down know how it is working?
access token generated by one user, can be used by other user. so how i can make sure token generated by one user can be used by only him not other user. To do this i think i have to add some code
where it is validating the authentic user. but know the location.

So if anyone can help me in this regard is most welcome.

Thanks.