Accepted answer

It is possible of course. You just have to make fetch use cookies.

react-admin uses fetch to send http requests to your back-end. And fetch does not send cookies by default.

So to make fetch send cookies, you have to add the credentials: 'include' option for every fetch call the app makes.

(if your admin and api are not on the same domain, you will have to enable CORS on your back-end.)

See react-admin's doc for how to customize requests on the dataProvider here:

import { fetchUtils, Admin, Resource } from 'react-admin';
import simpleRestProvider from 'ra-data-simple-rest';

const httpClient = (url, options = {}) => {
    if (!options.headers) {
        options.headers = new Headers({ Accept: 'application/json' });
    const token = localStorage.getItem('token');
    options.headers.set('Authorization', `Bearer ${token}`);
    return fetchUtils.fetchJson(url, options);
const dataProvider = simpleRestProvider('http://localhost:3000', httpClient);

const App = () => (
    <Admin dataProvider={dataProvider} authProvider={authProvider}>

You'll have to customize this to add options.credentials = 'include' like so :

const httpClient = (url, options = {}) => {
    if (!options.headers) {
        options.headers = new Headers({
          Accept: 'application/json'
    options.credentials = 'include';
    return fetchUtils.fetchJson(url, options);

You will have to do the same thing for the authProvider.

Something like

// in src/authProvider.js
export default (type, params) => {
    // called when the user attempts to log in
    if (type === AUTH_LOGIN) {
        const { username, password } = params;
        const request = new Request(`${loginUri}`, {
            method: 'POST',
            body: JSON.stringify({ username: username, password }),
            credentials: 'include',
            headers: new Headers({ 'Content-Type': 'application/json' }),
        return fetch(request)
        .then(response => {
            if (response.status < 200 || response.status >= 300) throw new Error(response.statusText);

            localStorage.setItem('authenticated', true);
    // called when the user clicks on the logout button

Related Query

More Query from same tag