There is some work happening at the moment to address this.
The current proposal is to all adminAuth to provide a custom tokens function that can be used to validate any Auth token that isn't recognised as one NR generated itself.
That would then allow you to create an admin-only Auth token that can be used independently of the main oauth login scheme.
I hope there will be a design note or PR that I can link in the near future.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy