Mild edits

9be933c4 · Larry Ullman · 93a9c5eb · 9be933c4
Commit 9be933c4 authored Feb 16, 2014 by Larry Ullman
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 6 deletions

authentication.md docs/guide/authentication.md +8 -6

No files found.
--- a/docs/guide/authentication.md
+++ b/docs/guide/authentication.md
 Authentication
 ==============

-Authentication is the act of verifying who a user is, and is the basis of the login process. Typically, authentication uses an identifier--a username or email address--and password, submitted through a form. The application then compares this information against that previously stored.
+Authentication is the act of verifying who a user is, and is the basis of the login process. Typically, authentication uses the combination of an identifier--a username or email address--and a password. The user submits these values  through a form, and the application then compares the submitted information against that previously stored (e.g., upon registration).

-In Yii all this is done semi-automatically, leaving the developer to merely  implement [[\yii\web\IdentityInterface]]. Typically, implementation is accomplished using the `User` model. You can find a full featured example in the
-[advanced application template](installation.md). Below only the interface methods are listed:
+In Yii, this entire process is performed semi-automatically, leaving the developer to merely implement [[\yii\web\IdentityInterface]], the most important class in the authentication system. Typically, implementation of `IdentityInterface` is accomplished using the `User` model. 
+
+You can find a full featured example of authentication in the
+[advanced application template](installation.md). Below, only the interface methods are listed:

 ```php
 class User extends ActiveRecord implements IdentityInterface
@@ -49,8 +51,8 @@ class User extends ActiveRecord implements IdentityInterface
 }
 ```

-Two of the outlined methods are simple: `findIdentity` is provided with an  ID and returns a model instance represented by that ID. The `getId` method returns the ID itself.
-Two of the other methods--`getAuthKey` and `validateAuthKey`--are used to provide extra security to the "remember me" cookie. `getAuthKey` should return a string that is unique for each user. A good idea is to save this value when the user is created by using Yii's `Security::generateRandomKey()`:
+Two of the outlined methods are simple: `findIdentity` is provided with an  ID value and returns a model instance associated with that ID. The `getId` method returns the ID itself.
+Two of the other methods--`getAuthKey` and `validateAuthKey`--are used to provide extra security to the "remember me" cookie. The `getAuthKey` method should return a string that is unique for each user. You can create reliably create a unique string using `Security::generateRandomKey()`. It's a good idea to also save this as part of the user's record:

 ```php
 public function beforeSave($insert)
@@ -65,4 +67,4 @@ public function beforeSave($insert)
 }
 ```

-The `validateAuthKey` method just compares the `$authKey` variable, passed as parameter (itself retrieved from a cookie), with the value fetched from database.
+The `validateAuthKey` method just needs to compare the `$authKey` variable, passed as parameter (itself retrieved from a cookie), with the value fetched from database.