How to open NR - from my web app based based on user authentication

Hi

I need to integrate NR into a my web based application .
Today all i do is give the NR link in my menu and user clicks and NR opens.
I would like to have user /password authentication done seamlessly when user accesses it via. my web. Else gets login/password NR dialog.

So the flow would be

  1. User connects to my app. Logs in with user / password. A menu gets displayed.
  2. When he clicks NR menu option - we open the NR URL - authentication happens and editor gets displayed
  3. But if user takes the NR URL externally to the browser - he should be prompted for login / password.

#2 is which i am bit lost on how to achieve it.

Any suggestions pointers.

This would be most easily and securely done by placing both apps behind a reverse proxy such as NGINX, Caddy or HAproxy and getting the proxy to deal with the authentication.

You can change the settings in Node-RED to trust your proxy so that all appropriate headers are sent through. If you need to do a further auth check in Node-RED, you can then do so - though that shouldn't be necessary, simply change Node-RED's settings to only be accessible from localhost (if you run the proxy on the same device).

1 Like

Another option is to make your app's server redirect the user to the node-red instance while also sending some headers for authentication.

app -> user click on the link -> app server -> add auth headers, including the redirect header -> node-red

Thanks @AllanOricil .

I could not find documentation how to open NR editor by sending headers for authentication.
The documentation is a bit confusing.
I was referring to -

I cannot define user/pass in settings - that would be a security breach.
That means i need to "Custom authentication tokens" mechanism ?

But then it says to send custom token - " To access the editor using a custom token without the login prompt, add ?access_token=<ACCESS_TOKEN> to the URL. The editor will store that token locally and use it for all future requests."

Wouldn't that defeat the purpose of having a token ?

I am not getting clarity on -

  1. Where do i define the user / password
  2. How to get such token on this user/password
  3. And how to open editor with such token

If there is an example i will appreciate it very much.

Or.. (Just putting it out there)

Literally integrate Node RED in your application, as if it was apart of your code base (if its Node JS Mind you)

You can then control (right down to the runtime itself) embedded authentication routines

(This is how I achieve Node RED SFE)
I wont link due to not wanting to advertise on someone's post

I think Node RED's ability to become fully integrated into others apps, is overlooked - its a pretty potent feature

Unfortunately that would be a big change for me.
I was hoping to pass a bearer/basic token and have the authentication done .
Continuining to check.

The env variable work-around is the easiest.

Can you elaborate ? I am not clear on the solution you are hinting.