I have setup oAuth authentication with azure-ad. Everything works well except the part how to handle invalid users. I only allow users which have a specific group in azure ad.
I check this in de verify function.
verify: function (profile, done) {
if(profile._json.groups.includes('6c7ba4-529-48b-b4c-70a403ba111')) {
profile.username = profile._json.preferred_username;
done(null, profile);
} else {
done(null, false);
}
}
How should I handle users which doesn't has the group?
- If I don't call the done function, the frontend is waiting for a response. If I do call the done function with false, it just continues to the user function.
users: function (user) {
if(user) {
return Promise.resolve({ username: user, permissions: "*" })
} else {
return Promise.resolve(null)
}
}
I could check in de user function if the username is false, then resolve null. Is this case node-red backend is responding a 'Not Autorized (401)', but the frontend shows an error.