Authenticating into Node-RED using Google OAuth - Working Solution

General
1

Saw some questions in the forum about authenticating into Node-RED using Google OAuth, but couldn't find a working example.
So here is the code after I got it working with passport-google-oauth.

Please let me know if this works for you or not.

adminAuth: {
  type: "strategy",
  strategy: {
    name: "google",
    label: 'Sign in with Google',
    icon: "fa-google",
    strategy: require('passport-google-oauth').OAuth2Strategy,
    options: {
      clientID: 'some client id',
      clientSecret: 'some client secret',
      scope: 'email',
      callbackURL: "https://your-node-red-instance.com/auth/strategy/callback",
      verify: function (token, tokenSecret, profile, done) {
        profile.username = profile.emails.find(x => x.verified).value;
        done(null, profile);
      }
    }
  },
  users: function (username) {
    return Promise.resolve({
      username: username,
      permissions: "*"
    });
  }
}
3 Likes
2

Does this need any settings in Google API's? Also, does it need a callback URL that is actually accessible by Google? (quite a lot of these API's don't).

3

Yes, this required generating a ClientId and ClientSecret at
https://console.developers.google.com/apis/credentials.
The "Authorized redirect URIs" I entered there must match the callbackURL that I set in the strategy options in Node-RED.

Adding screenshots of the admin settings below.

Regarding whether the callback really needs to be accessible by Google, I'm afraid I don't know.
My Node-RED instance is publicly available but I don't know if this is a must.

Google Credentials
google-credentials.png1276Ă—1204 108 KB

Google Consent
google-consent.png944Ă—1844 153 KB

2 Likes
4

That really helped. Thanks a lot!

5

Hi all!, i want to try this out.

Is there any update about it or is it fine with the initial code if @cowchimp ?

Regards!

6

I just implemented this and it works great. A couple of things I noticed:

  1. you need to install passport-google-oauth with npm or you'll get a settings error: npm install passport-google-oauth
  2. I believe a comma is missing after the last close bracket, e.g. },
  3. In the google credentials settings, you have to add the redirect url as https://your-node-red-instance.com/auth/strategy/callback
  4. MOST IMPORTANT: This allows ANYONE with a google account to sign in. I'm able to restrict it to my organization / workspace account by leaving it as "internal", but just please be aware!

You can address #4 by changing out the section here:

  users: function (username) {
    return Promise.resolve({
      username: username,
      permissions: "*"
    });

with

  users: {[ username: "youremail@domain.com" , permissions: "*" ]}

like you would with the standard "credentials" login type.

One last thing: once you're logged in, your google profile picture show up in the upper right hand corner next to the hamburger menu. :slight_smile:

7

Have tried the same configuration but its unable to load settings file
Error loading settings file:

8

Did you read the post I immediately above yours?

9

Managed to get it sorted, I guess I did not install passport-google-oauth from .node-red dir. Its working now. thanks