# Authentication

Lodata does not wrap the API in authentication by default to get the developer up and running fast, but it's easy to add.

The OData standard is light on recommendations (opens new window) for authentication, as theoretically any HTTP authentication type could be supported by the producer as long as the consumer understands it.

The only authentication type the OData standard does recommend is HTTP Basic (opens new window), and there's support in many consumers for this.

If you've exported the configuration you can add basic authentication to all Lodata endpoints by modifying config/lodata.php to include auth.basic in the array of middleware:

...
/*
 * An array of middleware to be included when processing an OData request. Common middleware used would be to handle JWT authentication, or adding CORS headers.
 */
'middleware' => ['auth.basic'],
...

1
2
3
4
5
6

Similarly, if you are writing a Single Page Application (opens new window) protected by Laravel Sanctum (opens new window) you can include (opens new window) the auth:sanctum middleware.

# OpenAPI

The OpenAPI schema supports (opens new window) advertising the available security schemes for an API. Lodata can include this in the OpenAPI document by adding a securitySchemes property to the configuration. The content of this property is emitted as-is and should match the Security Scheme Object definition. This example shows adding an OAuth2 provider:

...
    /**
     * Configuration for OpenAPI schema generation
     */
    'openapi' => [
        'securityScheme' => [
            'type' => 'oauth2',
            'flows' => [
                'clientCredentials' => [
                    'tokenUrl' => '/oauth/token',
                    'scopes' => (object)[],
                ],
            ],
        ],
    ],
...

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

← Routing Authorization →