trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/integrations/services/node-red/index.md

107 lines
3.5 KiB
Markdown
Raw Normal View History

website/integrations: Node-Red integration with openidconnect (#3221) * add Node-Red integration doc * Node-Red Protocol settings + linting fixes
2022-07-11 08:59:57 +00:00
---
title: Node-RED
---
<span class="badge badge--secondary">Support level: Community</span>
## What is Node-RED
From https://nodered.org/
:::note
Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways.
It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette that can be deployed to its runtime in a single-click.
:::
:::warning
This requires modification of the Node-RED settings.js and installing additional Passport-js packages, see [Securing Node-RED](https://nodered.org/docs/user-guide/runtime/securing-node-red#oauthopenid-based-authentication) documentation for further details.
:::
## Preparation
The following placeholders will be used:
- `authentik.company` is the FQDN of authentik.
- `nodred.company` is the FQDN of Node-RED.
### Step 1
In authentik, create an _OAuth2/OpenID Provider_ (under _Resources/Providers_) with these settings:
:::note
Only settings that have been modified from default have been listed.
:::
- Name: Node-RED
**Protocol Settings**
- Redirect URIs/Origins (RegEx): https://nodred.company/auth/strategy/callback/
- Signing Key: Select any available key
:::note
Take note of the `Client ID` and `Client Secret`, you'll need to give them to Node-RED in _Step 3_.
:::
### Step 2
In authentik, create an application (under _Resources/Applications_) which uses this provider. Optionally apply access restrictions to the application using policy bindings.
:::note
Only settings that have been modified from default have been listed.
:::
- Name: Node-RED
- Slug: nodered-slug
- Provider: Node-RED
Optionally you can link directly to the authentication strategy
- Launch URL: https://nodred.company/auth/strategy/
### Step 3
:::note
Group based permissions are not implemented in the below example
:::
Use npm to install passport-openidconnect
Navigate to the node-red `node_modules` directory, this is dependant on your chosen install method. In the official Node-RED docker container the `node_modules` directory is located in the data volume `data/node_modules/`. Alternatively enter the docker container `docker exec -it nodered bash` and `cd /data/node_modules` to utilise npm within the docker container.
Run the command `npm install passport-openidconnect`
### Step 4
Edit the node-red settings.js file `/data/settings.js` to use the external authentication source via passport-openidconnect.
```js
adminAuth: {
type:"strategy",
strategy: {
name: "openidconnect",
label: 'Sign in with authentik',
icon:"fa-cloud",
strategy: require("passport-openidconnect").Strategy,
options: {
issuer: 'https://authentik.company/application/o/<application-slug>/',
authorizationURL: 'https://authentik.company/application/o/authorize/',
tokenURL: 'https://authentik.company/application/o/token/',
userInfoURL: 'https://authentik.company/application/o/userinfo/',
clientID: '<Client ID (Key): Step 2>',
clientSecret: '<Client Secret: Step 2>',
callbackURL: 'https://nodered.company/auth/strategy/callback/',
scope: ['email', 'profile', 'openid'],
proxy: true,
verify: function(issuer, profile, done) {
done(null, profile)
}
}
},
users: function(user) {
return Promise.resolve({ username: user, permissions: "*" });
}
},
```