Hello,
I am, trying to set up my node-red with google oauth login
Following this page Securing Node-RED : Node-RED
section OAuth/OpenID based authentication
I have installed passport-google-oauth20 and filled the config as follows
adminAuth: {
type: "strategy",
strategy: {
name: "google",
label: "Sign in with Google",
icon: "fa-google",
strategy: require("passport-google-oauth20").Strategy,
options: {
clientID: "myClientId",
clientSecret: "myClientSecret",
callbackURL: "https://host/node-red/auth/strategy/callback",
verify: function(accessToken, refreshToken, profile, done) {
done(null, profile);
}
},
},
I get node-red to boot and the page with auth with google button is displayed
however as I press the button I get error in image (no scope)
I gather function below does not request the scope
app.get('/auth/google',
passport.authenticate('google', { scope : ['profile'] }));
but I do not understand where in config I should put it.
Am I doing something wrong?
Appreciate any help,
ArcanePhysics
Update: I have changed from passport-google-oauth20 to passport-google-oidc and managed to authenticate with google.
However I have encountered a new issue:
my node-red is published to internet with /node-red/ path
so the address for interface is https://domain/node-red/
and callback url is set as https://domain/node-red/auth/strategy/callback
However after authentication I am redirected to root domain/ instead of domain/node-red/ and the process breaks
Any advice on how to proceed?
Thanks in advance!
Update 2:
I have changed the httpAdminRoot property to "/node-red" in settings.js and then pointed Nginx to :1880/node-red
That solved the redirecting issue.
The final problem was that passport-google-oidc profile does not include username . In fact it includes only id , so I had to write a function to check for my id and append username .
Not a very elegant solution.
Hopefully, someone can help me to get passport-google-oauth20 working (see OP).
Had the same problem. Could not get google oauth 2.0 to work with node-red authorization.
Anybody got it to work?
1 Like
There are a couple of solutions right here in the forum found by searching "passport-google-oauth20"
I managed to get something that seems to be working.
adminAuth: {
type:"strategy",
strategy: {
name: "google",
label: 'Sign in with Google',
icon:"fa-google",
strategy: require("passport-google-oauth20").Strategy,
options: {
clientID: "myId",
clientSecret: "mySecret",
scope: "email",
callbackURL: "http://my-node-url.com/auth/strategy/callback",
verify: function(token, tokenSecret, profile…
2 Likes
Hey this is great. Thank you so much! The second link solved the problem!
For posterity this is the correct config:
adminAuth: {
type: "strategy",
strategy: {
name: "google",
label: "Sign in with Google",
icon: "fa-google",
strategy: require("passport-google-oauth20").Strategy,
options: {
clientID: "ENTER ID HERE",
clientSecret: "ENTER SECRET HERE",
callbackURL: "https://HOST HERE/auth/strategy/callback",
scope: ["profile", "email"],
verify: function(accessToken, refreshToken, profile, done) {
if(profile.emails) {
profile.username = profile.emails[0].value;
}
done(null, profile);
}
},
},
users: [
{ username: "USER EMAIL HERE", permissions: ["*"]}
]
},
you MUST add scope to options obj.
scope can be a string
scope: "profile",
or array of strings
scope: ["profile", "email"],
Then, you have to add username to profile obj to validate against users array below
system
Closed
2 December 2023 10:38
7
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.