I need to integrate NR into a my web based application .
Today all i do is give the NR link in my menu and user clicks and NR opens.
I would like to have user /password authentication done seamlessly when user accesses it via. my web. Else gets login/password NR dialog.
So the flow would be
User connects to my app. Logs in with user / password. A menu gets displayed.
When he clicks NR menu option - we open the NR URL - authentication happens and editor gets displayed
But if user takes the NR URL externally to the browser - he should be prompted for login / password.
This would be most easily and securely done by placing both apps behind a reverse proxy such as NGINX, Caddy or HAproxy and getting the proxy to deal with the authentication.
You can change the settings in Node-RED to trust your proxy so that all appropriate headers are sent through. If you need to do a further auth check in Node-RED, you can then do so - though that shouldn't be necessary, simply change Node-RED's settings to only be accessible from localhost (if you run the proxy on the same device).
I could not find documentation how to open NR editor by sending headers for authentication.
The documentation is a bit confusing.
I was referring to -
I cannot define user/pass in settings - that would be a security breach.
That means i need to "Custom authentication tokens" mechanism ?
But then it says to send custom token - " To access the editor using a custom token without the login prompt, add ?access_token=<ACCESS_TOKEN> to the URL. The editor will store that token locally and use it for all future requests."
Wouldn't that defeat the purpose of having a token ?
I am not getting clarity on -
Where do i define the user / password
How to get such token on this user/password
And how to open editor with such token
If there is an example i will appreciate it very much.