Oauth Node-RED editor adminAuth

AMWN · 21 September 2022 10:00

I have setup oAuth authentication with azure-ad. Everything works well except the part how to handle invalid users. I only allow users which have a specific group in azure ad.

I check this in de verify function.

verify: function (profile, done) {
                    if(profile._json.groups.includes('6c7ba4-529-48b-b4c-70a403ba111')) {
                        profile.username = profile._json.preferred_username;
                        done(null, profile);
                     } else {
                        done(null, false);
                    }
                }

How should I handle users which doesn't has the group?

If I don't call the done function, the frontend is waiting for a response. If I do call the done function with false, it just continues to the user function.

 users: function (user) {
            if(user) {
                return Promise.resolve({ username: user, permissions: "*" }) 
            } else {
                return Promise.resolve(null)
            }
        }

I could check in de user function if the username is false, then resolve null. Is this case node-red backend is responding a 'Not Autorized (401)', but the frontend shows an error.

system · 20 November 2022 10:00

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
adminAuth stategy role based permission General security	1	223	20 October 2023
In SSO after receiving auth code, gets unauthorized 401 in javascript console General node-red-dashboard	4	203	23 September 2022
Question About Azure SSO Authentication General security , microsoft-azure	1	142	12 February 2024
How To Configure SSO with Azure AD FAQs security , microsoft-azure	4	452	11 February 2024
Authentication using token and user-password General	4	431	8 November 2020

Oauth Node-RED editor adminAuth

Related Topics