httpAdminMiddleware setting for authentication from parent website

Hi All,

I have an instance of node red running on a digital ocean server. and I’m using iframe to embed it into a react website. Now the react website has auth0 integrated so I plan to use the token generated by auth0 (after the user logs in) to authenticate node-red bypassing node-reds adminAuth setting. Any recommendation or reference resources on how to achieve this? I think I need to use httpAdminMiddleware setting? Please correct me if I’m wrong.

Thanks.

Hi @ashish-y

with the 1.1.2 release you can now specify a custom token handler in your adminAuth configuration - this lets you use your own code to verify the auth token node-red is using, rather than use the built-in tokens.

https://nodered.org/docs/user-guide/runtime/securing-node-red#custom-authentication-tokens

Hi @knolleary

I was already using this to achieve the desired functionality. Actually I was patiently waiting for the 1.1.1 release, especially to use this feature. So Thanks a lot for including this in the release.

The only issue with using adminAuth custom authentication token is an extra logout button. I want the user to login and logout from the parent app and not have the option in the node-red menu. I can probably hide the logout button if I use adminAuth but thought I'll check for a better and efficient solution before manually hiding the logout button from the UI.
That's when I stumbled upon httpAdminMiddleware setting hoping to use it as an access_token validator but couldn't figure it out.

Do you think I should stick to adminAuth and just hide the UI logout? Or if there is better way to make all this work.

Thanks!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.