I have an instance of node red running on a digital ocean server. and I’m using iframe to embed it into a react website. Now the react website has auth0 integrated so I plan to use the token generated by auth0 (after the user logs in) to authenticate node-red bypassing node-reds adminAuth setting. Any recommendation or reference resources on how to achieve this? I think I need to use httpAdminMiddleware setting? Please correct me if I’m wrong.
with the 1.1.2 release you can now specify a custom token handler in your adminAuth configuration - this lets you use your own code to verify the auth token node-red is using, rather than use the built-in tokens.
I was already using this to achieve the desired functionality. Actually I was patiently waiting for the 1.1.1 release, especially to use this feature. So Thanks a lot for including this in the release.
The only issue with using adminAuth custom authentication token is an extra logout button. I want the user to login and logout from the parent app and not have the option in the node-red menu. I can probably hide the logout button if I use adminAuth but thought I'll check for a better and efficient solution before manually hiding the logout button from the UI.
That's when I stumbled upon httpAdminMiddleware setting hoping to use it as an access_token validator but couldn't figure it out.
Do you think I should stick to adminAuth and just hide the UI logout? Or if there is better way to make all this work.