Alternate auth sources for httpNodeAuth

Is there a way to use twitter or any other OAuth provider with httpNodeAuth. Ultimately, I'm trying to control access to dashboard (/ui) resources using something other than a static UN/PW.

thanks,
-j

In the docs:

https://nodered.org/docs/security#oauthopenid-based-authentication

1 Like

Not really. That's for adminAuth, not httpNodeAuth. All the docs says about httpNodeAuth is, "The routes exposed by the HTTP In nodes can be secured using basic authentication." I tried using an adminAuth OAuth config with httpNodeAuth but node red fails to start.

I should add that when adminAuth is enabled, the dashboard resource (/ui) is not protected.

We only support basic auth for httpNodeAuth.

A better login story for the dashboard has been a long standing to-do item.

Does the middleware work for this? From settings.js

    // The following property can be used to add a custom middleware function
    // in front of all http in nodes. This allows custom authentication to be
    // applied to all http in nodes, or any other sort of common request processing.
    //httpNodeMiddleware: function(req,res,next) {
    //    // Handle/reject the request, or pass it on to the http in node by calling next();
    //    // Optionally skip our rawBodyParser by setting this to true;
    //    //req.skipRawBodyParser = true;
    //    next();
    //},

No, that only applies to the HTTP In nodes

Ah, OK. For some reason I never seem to be able to remember that - creeping old age probably :frowning:

in the master tree I have finally merged that outstanding PR #209 to allow express middleware to be added to the dashboard - that is different to the default http middleware. set by ui: { middleware: your_function... }, in settings.js

1 Like

Is there a way to address this issue from node-red flows? For instance to allow IBM api management and App-ID access.

Can you suggest a link to impliment this addition of middleware please.. I appreciate the clue but have only a vauge idea of what to search for or where to get a recipie, I've been researching a way to impliment oauth for the dashboard or mui for 3 months it's become a part time job.. so any help appreciated.

Not done this myself. However, you should be able to use PassportJS to achieve it. You will need to research how to use PassportJS as ExpressJS middleware. ExpressJS middleware is simply an async function that must end by either returning a response to the browser client or returning next() which passes control along to the next middleware function in the chain.

In essence, you do some processing in the middleware function that results in a response to the client or returning next() if everything was successful or next(err) (or whatever your error object is called) if you want to pass along an error to be eventually handled by the Express error handling function.

There is a partial example here:

1 Like