Hello everyone,
I'm currently working on a Node-RED custom node that involves interacting with Google Calendar's API. In standalone Node-RED installations, I use RED.auth.needsPermission('flows.write')
to secure the API endpoint that handles OAuth authentication callbacks. This works perfectly to ensure that only authenticated users can access sensitive flows or modify settings.
However, when Node-RED is installed through HomeAssistant, this security mechanism doesn't seem to work as expected. Users are repeatedly asked to enter their HomeAssistant login credentials during the OAuth process, which is not ideal for user experience.
My questions are:
- Is there a way to properly use
RED.auth.needsPermission('flows.write')
in a HomeAssistant-managed Node-RED environment without causing repeated authentication prompts?** - Does HomeAssistant already provide sufficient security mechanisms for these endpoints, making
RED.auth.needsPermission()
redundant in this context?** - If so, should I be detecting the mode of Node-RED installation (standalone vs. HomeAssistant) within my node and apply security checks accordingly? If possible, how can this be done?**
Any guidance or alternative approaches would be highly appreciated!
Thank you!