The conference dedicated to API Platform and its ecosystem
Sep 21, 22 2023 | Lille & online
Authentication Support
API Platform Admin delegates the authentication support to React Admin. Refer to the chapter dedicated to authentication in the React Admin documentation for more information.
In short, you have to tweak the data provider and the API documentation parser like this:
// components/admin/Admin.tsx
import Head from "next/head";
import { useState } from "react";
import { Navigate, Route } from "react-router-dom";
import { CustomRoutes } from "react-admin";
import {
fetchHydra as baseFetchHydra,
HydraAdmin,
hydraDataProvider as baseHydraDataProvider,
useIntrospection,
} from "@api-platform/admin";
import { parseHydraDocumentation } from "@api-platform/api-doc-parser";
import authProvider from "utils/authProvider";
import { ENTRYPOINT } from "config/entrypoint";
const getHeaders = () => localStorage.getItem("token") ? {
Authorization: `Bearer ${localStorage.getItem("token")}`,
} : {};
const fetchHydra = (url, options = {}) =>
baseFetchHydra(url, {
...options,
headers: getHeaders,
});
const RedirectToLogin = () => {
const introspect = useIntrospection();
if (localStorage.getItem("token")) {
introspect();
return <></>;
}
return <Navigate to="/login" />;
};
const apiDocumentationParser = (setRedirectToLogin) => async () => {
try {
setRedirectToLogin(false);
return await parseHydraDocumentation(ENTRYPOINT, { headers: getHeaders });
} catch (result) {
const { api, response, status } = result;
if (status !== 401 || !response) {
throw result;
}
// Prevent infinite loop if the token is expired
localStorage.removeItem("token");
setRedirectToLogin(true);
return {
api,
response,
status,
};
}
};
const dataProvider = (setRedirectToLogin) => baseHydraDataProvider({
entrypoint: ENTRYPOINT,
httpClient: fetchHydra,
apiDocumentationParser: apiDocumentationParser(setRedirectToLogin),
});
const Admin = () => {
const [redirectToLogin, setRedirectToLogin] = useState(false);
return (
<>
<Head>
<title>API Platform Admin</title>
</Head>
<HydraAdmin dataProvider={dataProvider(setRedirectToLogin)} authProvider={authProvider} entrypoint={window.origin}>
<CustomRoutes>
{redirectToLogin ? <Route path="/" element={<RedirectToLogin />} /> : null}
</CustomRoutes>
</HydraAdmin>
</>
);
}
export default Admin;
For the implementation of the auth provider, you can find a working example in the API Platform's demo application.
What' new?

Sep 21,22 2023: new edition of our conference dedicated to API Platform and its ecosystem!
The Distribution: Create Powerful APIs with Ease
Core
- General Design Considerations
- GraphQL Support
- Enabling GraphQL
- Changing Location of the GraphQL Endpoint
- GraphiQL
- GraphQL Playground
- Modifying or Disabling the Default IDE
- Request with application/graphql Content-Type
- Operations
- Queries
- Mutations
- Subscriptions
- Workflow of the Resolvers
- Events
- Filters
- Pagination
- Security
- Serialization Groups
- Exception and Error
- Name Conversion
- Custom Types
- Modify the Extracted Types
- Changing the Serialization Context Dynamically
- Export the Schema in SDL
- Handling File Upload
- Change Default Descriptions
- State Providers
- Filters
- Doctrine ORM and MongoDB ODM Filters
- Elasticsearch Filters
- Serializer Filters
- Creating Custom Filters
- ApiFilter Attribute
- The Serialization Process
- Overall Process
- Available Serializers
- The Serialization Context, Groups and Relations
- Using Serialization Groups
- Using Serialization Groups per Operation
- Embedding Relations
- Property Normalization Context
- Calculated Field
- Changing the Serialization Context Dynamically
- Changing the Serialization Context on a Per-item Basis
- Name Conversion
- Decorating a Serializer and Adding Extra Data
- Entity Identifier Case
- Embedding the JSON-LD Context
- Collection Relation
- Validation
- Validating Submitted Data
- Using Validation Groups
- Using Validation Groups on Operations
- Dynamic Validation Groups
- Sequential Validation Groups
- Validating Delete Operations
- Error Levels and Payload Serialization
- Validation on Collection Relations
- Open Vocabulary Generated from Validation Metadata
- Specification Property Restrictions
- Collecting Denormalization Errors
- Overriding Default Order
- OpenAPI Specification Support (formerly Swagger)
- Using the OpenAPI Command
- Overriding the OpenAPI Specification
- Using the OpenAPI and Swagger Contexts
- Disabling an Operation From OpenAPI Documentation
- Changing the Name of a Definition
- Changing Operations in the OpenAPI Documentation
- Disabling Swagger UI or ReDoc
- Changing the Location of Swagger UI
- Using a custom Asset Package in Swagger UI
- Overriding the UI Template
- Compatibility Layer with Amazon API Gateway
- OAuth
- Info Object
- Pushing Related Resources Using HTTP/2
- Using External Vocabularies
- URL Generation Strategy
- NelmioApiDocBundle Integration
- Bootstraping the core library
Schema Generator
- Configuration
- Customizing PHP Namespaces
- Forcing a Field Type (Range)
- Forcing a Field Cardinality
- Changing the Default Cardinality
- Adding a Custom Attribute or Modifying a Generated Attribute
- Forcing (or Enabling) a Class Parent
- Forcing a Class to be Abstract
- Define API Platform Operations
- Forcing a Nullable Property
- Forcing a Unique Property
- Making a Property Read-Only
- Making a Property Write-Only
- Forcing an Embeddable Class to be Embedded
- Skipping Accessor Method Generation
- Using Fluent Mutator Methods
- Disabling the id Generator
- Generating UUIDs
- User-submitted UUIDs
- Generating Custom IDs
- Disabling Usage of Doctrine Collections
- Changing the Field Visibility
- Generating Assert\Type Attributes
- Forcing Doctrine Inheritance Mapping Attribute
- Interfaces and Doctrine Resolve Target Entity Listener
- Custom Schemas
- All Types, Resolve Types and Exclude
- Checking GoodRelation Compatibility
- Author PHPDoc
- PHP File Header
- Disabling Generators and Creating Custom Ones
- Full Configuration Reference