Node-RED Authentication with OIDC

Node-RED plugin for authenticating users with OIDC.

This modules lets you restrict access to the Node-RED editor to specific OIDC users.

Note: this requires Node-RED 0.17 or later

Install

In your Node-RED user directory, typically ~/.node-red:

$ npm install node-red/node-red-auth-oidc

Usage

Register a new OIDC application

To enable access control with OIDC, you must first a new application with your OIDC provider. You will need to register a callback URL with your OIDC provider, this will be the baseURL with /auth/strategy/callback appended.

Once created, you will be provided a Client ID and Client Secret that you will need to use to configure the authentication plugin. You will also need the authorization URL, the token URL and the issuer id.

You will also need to download the appropriate certificate file and put it in the NODE_RED_HOME directory.

Configure adminAuth

Access control for the Node-RED editor is configured in your settings.js file using the adminAuth property.

adminAuth: require('node-red-auth-oidc')({
    clientID: OIDC_CLIENT_ID,
    clientSecret: OIDC_CLIENT_SECRET,
    authorizationURL: 'https://SSOURL/authorize',
    tokenURL: 'https://SSOURL/token',
    issuer: 'https://SSOURL/isam',
    baseURL: "http://localhost:1880/",
    cert_path = ['/PATH_TO_CERT.cer'],
    users: [
       { username: "[email protected]",permissions: ["*"]}
    ]
})

The baseURL property is the URL used to access the Node-RED editor.

The users property is the list of OIDC users who are allowed to access the editor. It is the same as used by adminAuth as described in the security documentation, but without the password property.

A default user can be specified by adding a default property to the options object:

    users: [
       ...
    ],
    default: {
        permissions: "read"
    }

Copyright and license

Copyright JS Foundation and other contributors, http://js.foundation under the Apache 2.0 license.