httpAdminMiddleware setting for authentication from parent website

General
1

Hi All,

I have an instance of node red running on a digital ocean server. and I’m using iframe to embed it into a react website. Now the react website has auth0 integrated so I plan to use the token generated by auth0 (after the user logs in) to authenticate node-red bypassing node-reds adminAuth setting. Any recommendation or reference resources on how to achieve this? I think I need to use httpAdminMiddleware setting? Please correct me if I’m wrong.

Thanks.

2

Hi @ashish-y

with the 1.1.2 release you can now specify a custom token handler in your adminAuth configuration - this lets you use your own code to verify the auth token node-red is using, rather than use the built-in tokens.

https://nodered.org/docs/user-guide/runtime/securing-node-red#custom-authentication-tokens

3

Hi @knolleary

I was already using this to achieve the desired functionality. Actually I was patiently waiting for the 1.1.1 release, especially to use this feature. So Thanks a lot for including this in the release.

The only issue with using adminAuth custom authentication token is an extra logout button. I want the user to login and logout from the parent app and not have the option in the node-red menu. I can probably hide the logout button if I use adminAuth but thought I'll check for a better and efficient solution before manually hiding the logout button from the UI.
That's when I stumbled upon httpAdminMiddleware setting hoping to use it as an access_token validator but couldn't figure it out.

Do you think I should stick to adminAuth and just hide the UI logout? Or if there is better way to make all this work.

Thanks!

4

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.