Use Admin API with adminAuth type strategy

Hi, I would like to use strategy authorization for editor web ui, so I can use my OpenID Connect provider to define users and permissions, but at the same time, I need to be able to use the admin api, which only seems to support credentials type of authentication (or none). In particular, since I would use the admin api from a script with no user interaction, I would need to support the Client Credentials Flow.

I'm willing to contribute with the necessary code changes, but first I would like to discuss what would be the best way to support this kind of escenario.

1 Like

There is some work happening at the moment to address this.

The current proposal is to all adminAuth to provide a custom tokens function that can be used to validate any Auth token that isn't recognised as one NR generated itself.

That would then allow you to create an admin-only Auth token that can be used independently of the main oauth login scheme.

I hope there will be a design note or PR that I can link in the near future.

I'd be happy to input into this if I can.

Any news on this subject? Is there anything I can do to help? :slightly_smiling_face:

Here is the design note - https://github.com/node-red/designs/blob/master/designs/admin-api-authentication.md

The code was merged into the dev branch a while ago. Will be in 1.1.0 whenever that arrives.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.