Alternate auth sources for httpNodeAuth


Is there a way to use twitter or any other OAuth provider with httpNodeAuth. Ultimately, I'm trying to control access to dashboard (/ui) resources using something other than a static UN/PW.



In the docs:

1 Like

Not really. That's for adminAuth, not httpNodeAuth. All the docs says about httpNodeAuth is, "The routes exposed by the HTTP In nodes can be secured using basic authentication." I tried using an adminAuth OAuth config with httpNodeAuth but node red fails to start.

I should add that when adminAuth is enabled, the dashboard resource (/ui) is not protected.


We only support basic auth for httpNodeAuth.

A better login story for the dashboard has been a long standing to-do item.


Does the middleware work for this? From settings.js

    // The following property can be used to add a custom middleware function
    // in front of all http in nodes. This allows custom authentication to be
    // applied to all http in nodes, or any other sort of common request processing.
    //httpNodeMiddleware: function(req,res,next) {
    //    // Handle/reject the request, or pass it on to the http in node by calling next();
    //    // Optionally skip our rawBodyParser by setting this to true;
    //    //req.skipRawBodyParser = true;
    //    next();

No, that only applies to the HTTP In nodes


Ah, OK. For some reason I never seem to be able to remember that - creeping old age probably :frowning:


in the master tree I have finally merged that outstanding PR #209 to allow express middleware to be added to the dashboard - that is different to the default http middleware. set by ui: { middleware: your_function... }, in settings.js

1 Like

Is there a way to address this issue from node-red flows? For instance to allow IBM api management and App-ID access.