Nodered API authentication using keycloak auth

General
1

Hi,

I am trying to achieve a GET operation on http://localhost/nodered/admin/flows and getting 401 error.

Curl Command for GET /flows operation
curl --request GET 'http://localhost/nodered/admin/flows' --header 'Authorization: Bearer '

Curl command to generate the keycloak token
curl http://localhost/auth/realms/smp/protocol/openid-connect/token --data 'client_id=nodered&grant_type=password&username=nodered&password=nodered1'

settings.js file used

.
.
.
var auth = require("node-red-auth-client");
auth.init({
    "authenticateFlows" : true,
    "authServerUrl": "http://localhost/auth",
    "realm" : "smp",
    "role": "flows.execute"
});

module.exports = {
.
.
.

    // nodered User name and password
    noderedUser : {
        userName : 'nodered',
        password : 'nodered1',
        noderedIp: '127.0.0.1'
    },

    // By default, the Node-RED UI is available at http://localhost:1880/
    // The following property can be used to specifiy a different root path.
    // If set to false, this is disabled.
    httpAdminRoot: '/nodered/admin',

    // Some nodes, such as HTTP In, can be used to listen for incoming http requests.
    // By default, these are served relative to '/'. The following property
    // can be used to specifiy a different root path. If set to false, this is
    // disabled.
    httpNodeRoot: '/nodered/flows',

    adminAuth: require("node-red-auth-keycloak")({
        sessionExpiryTime: 3600,
        realm: 'smp',
        authServerUrl: 'http://localhost/auth',
        callbackURL : 'http://localhost/nodered/admin'
    }),
        requireHttps: false,

    // The following property can be used to add a custom middleware function
    // in front of all http in nodes. This allows custom authentication to be
    // applied to all http in nodes, or any other sort of common request processing.
    httpNodeMiddleware: function(req,res,next) {
        if(auth.shouldAuthenticate()) {
            var promises = [];
            new Promise((resolve, reject) => {
                promises.push(auth.isAuthorized(req));
                Promise.all(promises).then(function(promiseResults) {
                    if(Array.isArray(promiseResults) && promiseResults.length == 1 && promiseResults[0] == true) {
                        next();
                    } else {
                        const error = new Error('Unauthorized access');
                        error.httpStatusCode = 401;
                        next(error);
                    }
                }).catch(function(err) {
                    const error = new Error('Unauthorized access');
                    error.httpStatusCode = 401;
                    next(error);
                });
            });
        } else {
            //Authorization is not needed because shouldAuthenticate is false
            next();
        }
    }
	.
	.
	.

We are trying to get flow details from /flows nodered API using keycloak auth token (bearer token).
Nodered API throws 401 error when keycloak access token is used.

Requesting your support here.

2

Where does node-red-auth-keycloak come from? I do not see it on the npm registry. Given you are using that to configure adminAuth, without any details then we don't know what configuration it's providing.

3

Please refer the attached file for node-red-auth-keycloak implementation.
node-red-auth-keycloak.txt (3.9 KB)

4

That doesn't answer where you got it from... who is the author ? you may need to contact them to get help as it's not part of the core project.

5

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.