Setting - adminauth - autologin causes infinite loop if user unauthorized

Scenario: NodeRed is secured with an oidc flow by implementing the adminauth setting (type strategy). option autologin is set to true, so the user will have to log in using the configured identity provider. A user logs in and is successfully authenticated in the oidc flow itself with a user profile and token returned to the passport implementation. A validation check of the retrieved user account in NodeRed leads to the conclusion that the user account has not enough rights (for instance not the correct role). So the user is not given any permissions in NodeRed. Because of the auto login, NodeRed tries to log in over and over again with the account that returned a valid token from OIDC but does not have enough rights to log in into NodeRed, creating a loop. Is there a way\recommendation to prevent this?

Hi @DJDev

this is a known problem - although I can't immediately find the issue... it's possible it didn't get raised.

Can I trouble you to raise an issue on GitHub - node-red/node-red: Low-code programming for event-driven applications ?

Hi Nick,

Thanks for the fast reply. I will raise an issue on github.

See Setting - adminauth - autologin causes infinite loop if user unauthorized · Issue #4363 · node-red/node-red · GitHub

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.