Hi, I would like to use strategy authorization for editor web ui, so I can use my OpenID Connect provider to define users and permissions, but at the same time, I need to be able to use the admin api, which only seems to support credentials type of authentication (or none). In particular, since I would use the admin api from a script with no user interaction, I would need to support the Client Credentials Flow.
I'm willing to contribute with the necessary code changes, but first I would like to discuss what would be the best way to support this kind of escenario.
There is some work happening at the moment to address this.
The current proposal is to all
adminAuth to provide a custom
tokens function that can be used to validate any Auth token that isn't recognised as one NR generated itself.
That would then allow you to create an admin-only Auth token that can be used independently of the main oauth login scheme.
I hope there will be a design note or PR that I can link in the near future.
I'd be happy to input into this if I can.
Any news on this subject? Is there anything I can do to help?
Here is the design note - https://github.com/node-red/designs/blob/master/designs/admin-api-authentication.md
The code was merged into the
dev branch a while ago. Will be in 1.1.0 whenever that arrives.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.