Alternate auth sources for httpNodeAuth


#1

Is there a way to use twitter or any other OAuth provider with httpNodeAuth. Ultimately, I'm trying to control access to dashboard (/ui) resources using something other than a static UN/PW.

thanks,
-j


#2

In the docs:

https://nodered.org/docs/security#oauthopenid-based-authentication


#3

Not really. That's for adminAuth, not httpNodeAuth. All the docs says about httpNodeAuth is, "The routes exposed by the HTTP In nodes can be secured using basic authentication." I tried using an adminAuth OAuth config with httpNodeAuth but node red fails to start.

I should add that when adminAuth is enabled, the dashboard resource (/ui) is not protected.


#4

We only support basic auth for httpNodeAuth.

A better login story for the dashboard has been a long standing to-do item.


#5

Does the middleware work for this? From settings.js

    // The following property can be used to add a custom middleware function
    // in front of all http in nodes. This allows custom authentication to be
    // applied to all http in nodes, or any other sort of common request processing.
    //httpNodeMiddleware: function(req,res,next) {
    //    // Handle/reject the request, or pass it on to the http in node by calling next();
    //    // Optionally skip our rawBodyParser by setting this to true;
    //    //req.skipRawBodyParser = true;
    //    next();
    //},

#6

No, that only applies to the HTTP In nodes


#7

Ah, OK. For some reason I never seem to be able to remember that - creeping old age probably :frowning: