Node-RED plugin for authenticating users with OIDC.
This modules lets you restrict access to the Node-RED editor to specific OIDC users.
Note: this requires Node-RED 0.17 or later
In your Node-RED user directory, typically ~/.node-red
:
$ npm install node-red/node-red-auth-oidc
To enable access control with OIDC, you must first a new application with your OIDC
provider. You will need to register a callback URL with your OIDC provider, this will
be the baseURL
with /auth/strategy/callback
appended.
Once created, you will be provided a Client ID and Client Secret that you will need to use to configure the authentication plugin. You will also need the authorization URL, the token URL and the issuer id.
You will also need to download the appropriate certificate file and put it in the NODE_RED_HOME directory.
Access control for the Node-RED editor is configured in your settings.js
file
using the adminAuth
property.
adminAuth: require('node-red-auth-oidc')({
clientID: OIDC_CLIENT_ID,
clientSecret: OIDC_CLIENT_SECRET,
authorizationURL: 'https://SSOURL/authorize',
tokenURL: 'https://SSOURL/token',
issuer: 'https://SSOURL/isam',
baseURL: "http://localhost:1880/",
cert_path = ['/PATH_TO_CERT.cer'],
users: [
{ username: "joeblogs@nomail.com",permissions: ["*"]}
]
})
The baseURL
property is the URL used to access the Node-RED editor.
The users
property is the list of OIDC users who are allowed to access the
editor. It is the same as used by adminAuth
as described in the security documentation, but without the password
property.
A default user can be specified by adding a default
property to the options object:
users: [
...
],
default: {
permissions: "read"
}
Copyright JS Foundation and other contributors, http://js.foundation under the Apache 2.0 license.