I am trying to use Auth0 for authentication of endpoints in my flow. As far as I can see, this requires httpNodeMiddleware. Passport-auth0 refers to express-openid-connect, so I am trying to use that.
I have managed to get the basics working, and also to require authentication for only specific endpoints. The express-openid-connect examples (link to follow) suggest that I should have a non-empty object req.oidc
when authentication is successful, but in my case this object is empty.
What strikes me, is that I need to have an http in node in my flow with the callback endpoint for Auth0, but that node never gets activated; most likely because the middleware is taking care of responding to the callback (which is fine). I found a Github ticket for express-openid-connect (link to follow) where someone had a similar issue, and it seems that their issue was caused by the callback being overridden (link to follow).
Could Node-RED be overriding my callback in some way? Is there a way to define a route at the middleware level in settings.js
?
Or perhaps someone has experience with using express-openid-connect and Auth0 in combination with Node-RED?
At the top of my settings.js
I have this:
const { auth, requiresAuth } = require('express-openid-connect');
And my httpNodeMiddleware in settings.js
looks like this:
httpNodeMiddleware: [
auth({
authRequired: false,
issuerBaseURL: 'https://dev-some_unique_id.eu.auth0.com',
baseURL: 'https://localhost/',
clientID: 'some id that I prefer not to share',
secret: 'some secret that I prefer not to share',
idpLogout: true,
routes: {
callback: '/mycallback'
},
}),
function (req, res, next) {
var url = require("url");
if (url.parse(req.url).pathname == '/test2') {
requiresAuth()(req, res, next);
} else {
next();
}
}
],
I'll try to add more links in a follow-up comment, because I am not allowed more than two links.