We have most of the pieces in place at this time, though in “pre-release” states:
zend-expressive-session: session middleware, in case you want to store credentials via a session. Storage is adapter-based, and we currently have a single adapter, supporting ext-session.
zend-expressive-authentication: adapter-based authentication middleware; we have HTTP Basic, OAuth2 (server), session-based login/password, and zend-authentication adapters currently.
zend-expressive-authorization: adapter-based authorization middleware, using the authenticated user as provided by zend-expressive-authentication. We have zend-permissions-acl and zend-permissions-rbac adapters currently.
The only “engine” piece that Apigility currently provides that we are missing at this time is validation; this can be fairly easily achieved, however, using zend-inputfilter within your handlers or domain layer. It’s the next major milestone we have before we can present a comprehensive API solution with Expressive, however. Unfortunately, that milestone is after the migration to PSR-15… so, let’s talk about that.
In terms of Expressive v3, the main change with the new major version is that we will be explicitly supporting only PSR-15 for middleware and delegates/handlers (vs callables and the interim http-interop project which served as the proving grounds for PSR-15). PSR-15 is currently in its Review phase, and we’re finishing up a few clarifications to the proposal this week. After those are in place, we’ll be doing an acceptance vote, which can take up to two weeks. This means Expressive v3 will drop at the end of this month at the earliest, and potentially not until sometime in February.
In terms of the various API modules, we will likely mark each of those as stable along with the Expressive v3 release, even if we do not have the validation piece in place. The validation piece will happen either at the same time, or within a month following Expressive v3.
You can definitely use Enrico’s tutorial as a starting point. However, be aware that it was developed against early revisions of zend-expressive-authorization and zend-expressive-session and zend-expressive-authentication, so some things may have changed in those libraries since; read their CHANGELOG files for details so you know how to upgrade.
In terms of upgrading from v2 to v3, we will be providing both tutorials and tooling to assist users. So go ahead and get started now!