I am using some middleware functions to get authentication/authorization on my endpoints. (Doing it this way because I don't want to bother with that in my flows, and I want OAuth2 instead of basic auth.)
I got it working with the Auth0 service (let's you play for free!), and the express-openid-connect module.
I have this in my settings.js
:
// at the top
const { auth, requiresAuth } = require('express-openid-connect');
// in module.exports
httpNodeMiddleware: [
auth({
authRequired: false,
issuerBaseURL: 'https://dev-some_unique_id.eu.auth0.com',
baseURL: 'https://localhost/',
clientID: 'some id that I prefer not to share',
secret: 'some secret that I prefer not to share',
idpLogout: true,
routes: {
callback: '/mycallback'
},
}),
function (req, res, next) {
var url = require("url");
if (url.parse(req.url).pathname == '/test2') {
requiresAuth()(req, res, next);
} else {
next();
}
}
],
The second function in the middleware is used to require auth only for my /test2
endpoint. But I find this approach not very elegant, when the express-openid-connect examples indicate that it can be done this way in "plain express.js":
app.get('/restricted', requiresAuth(), (req, res) =>
res.send(`Hello ${req.oidc.user.sub}, this is the restricted section.`)
);
Does Node-RED also allow attaching a middleware to only some endpoints in a similar way, where you get to mention the path to the endpoint, and attach/inject a function?