I'm setting up a user authenticator for Node-RED that uses the authAdmin and a user-authentication.js module. When authenticating, I'm passing username and password to an external identity provider to verify the credentials. In addition to username and password, I would need to ask the user to enter a MFA code when needed. How can I have a prompt/dialog to have an input field for the user to enter the code?
How are you asking the user for their id/pw?
Through the regular NodeRED login screen, but I'm checking for authentication/authorization with a custom function passed to adminAuth similar to the instructions here:
@mahmoudp is it a public service you're trying to connect to? Can you share more details?
There's no way to prompt the user for an MFA code via the
credentials auth scheme. It might be possible using the passport-strategy option - depending on the specific details of the service you are using.
@knolleary absolutely, I'm trying to authenticate multiple servers through our user pool in AWS Cognito.
As for a passport-strategy, I have tried OAuth2 with passport and everything works great. However, since I'll be having many of these NodeRED servers (with different host/dns configurations), I would need to automate registering OAuth2 callback urls in Cognito when spinning up the servers and Cognito supports only a limited number of apps and callback-urls.
If there's no simple option to add MFA to the default (credentials) authentication scheme, do you know of any other passport-strategy that could solve this?
A quick search shows a number of possibilities that I'm afraid you will need to wade through. If your MFA uses TOTP, it may be relatively straight forward. However, I'm not familiar with AWS MFA I'm afraid.
Sounds good, I'll see if there's any possible solution in Passport for this purpose.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.