I'm currently preparing a set of Node-RED flows and use cases for my students in order to motivate and encourage them to invent and build web sites and REST services without having to know, learn and program much.
Often, such services require some kind of user authentication, sometimes paired with authorization. For that reason, I've implemented three different approaches to authentication and authorization with Node-RED and published them on GitHub.
Since they may also be of interest to others, feel free to use them in whatever way you like (in fact, the package has already received its first "star" before I was able to "officially" publish it...)
I've just updated my examples a bit (primarily to enhance the interoperability of all parts in my little "kit" of Node-RED examples and contributions...)
There is a new version of cookie- and header-based authentication available - the credentials validation functions now remove both UserId and Password from msg.payload in order to avoid sending this sensitive information back.
Just a small update: the "validate credentials" function nodes now explicitly validate the content type of the incoming POST request body and accept application/x-www-form-urlencoded and application/json only.
