I would like to create a Custom Node which creates a Machine User in the backend. However, in order not to expose the clientSecret I would like to return a password-hash and the clientId. This password-hash I would like to use in the HTTP Request Node to make use of the machine user. Hence it would have to be replaced (decrypted) in the backend before the http request is sent out... is this possible?
You've not given much to go-on but I'd say - yes - it should be easy enough.
OK, good
I would especially be interested in how to intercept a HTTP request (in order to replace the hashed password with the decrypted password). Could you help me to get started?
Do you want people to use the http request node or are you building the request into your custom node? Either are possible but the answer will be slightly different.
The request for creating the machine user will be part of my custom node. However, users should be able to get an access token using the built-in HTTP request node. Whenever they set the hashed password (clientSecret) in a (custom?) header I would like to intercept the call and replace it with the decrypted clientSecret.
You cannot intercept the requests made by the HTTP Request node.
I assume this would only apply to requests made to a particular url/endpoint? You wouldn't want that secret being appended to every request to absolutely any url the user configures? Because it would take moments to create a flow that sent a request to a dummy endpoint and capture the secret from the header.
If this header is only for a particular url/endpoint/service/api, then it would be more typical to create a custom node for them to use when accessing that endpoint. That node can then take care of adding whatever custom headers you want.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.