Node-red login with google oauth2.0 help

General
1

Hello,

I am, trying to set up my node-red with google oauth login

Following this page Securing Node-RED : Node-RED
section OAuth/OpenID based authentication

I have installed passport-google-oauth20 and filled the config as follows

    adminAuth: {
        type: "strategy",
        strategy: {
            name: "google",
            label: "Sign in with Google",
            icon: "fa-google",
            strategy: require("passport-google-oauth20").Strategy,
            options: {
                clientID: "myClientId",
                clientSecret: "myClientSecret",
                callbackURL: "https://host/node-red/auth/strategy/callback",
                verify: function(accessToken, refreshToken, profile, done) {
                    done(null, profile);
                }
            },
        },

I get node-red to boot and the page with auth with google button is displayed
however as I press the button I get error in image (no scope)

image
image836Ă—920 31.7 KB

I gather function below does not request the scope

app.get('/auth/google', 
  passport.authenticate('google', { scope : ['profile'] }));

but I do not understand where in config I should put it.

Am I doing something wrong?

Appreciate any help,
ArcanePhysics

2

Update: I have changed from passport-google-oauth20 to passport-google-oidc and managed to authenticate with google.

However I have encountered a new issue:
my node-red is published to internet with /node-red/ path

so the address for interface is https://domain/node-red/
and callback url is set as https://domain/node-red/auth/strategy/callback

However after authentication I am redirected to root domain/ instead of domain/node-red/ and the process breaks

Any advice on how to proceed?

Thanks in advance!

3

Update 2:

I have changed the httpAdminRoot property to "/node-red" in settings.js and then pointed Nginx to :1880/node-red

That solved the redirecting issue.

The final problem was that passport-google-oidc profile does not include username. In fact it includes only id, so I had to write a function to check for my id and append username.

Not a very elegant solution.

Hopefully, someone can help me to get passport-google-oauth20 working (see OP).

4

Had the same problem. Could not get google oauth 2.0 to work with node-red authorization.

Anybody got it to work?

5

There are a couple of solutions right here in the forum found by searching "passport-google-oauth20"

6

Hey this is great. Thank you so much! The second link solved the problem!

For posterity this is the correct config:

adminAuth: {
        type: "strategy",
        strategy: {
            name: "google",
            label: "Sign in with Google",
            icon: "fa-google",
            strategy: require("passport-google-oauth20").Strategy,
            options: {
                clientID: "ENTER ID HERE",
                clientSecret: "ENTER SECRET HERE",
                callbackURL: "https://HOST HERE/auth/strategy/callback",
                scope: ["profile", "email"],
                verify: function(accessToken, refreshToken, profile, done) {
                    if(profile.emails) {
                        profile.username = profile.emails[0].value;
                    }
                    done(null, profile);
                }
            },
        },
        users: [
           { username: "USER EMAIL HERE", permissions: ["*"]}
        ]
    },

you MUST add scope to options obj.
scope can be a string

scope: "profile",

or array of strings

scope: ["profile", "email"],

Then, you have to add username to profile obj to validate against users array below