From 5ec052bd92b7c831d09231d53c1af62f4e7b6c50 Mon Sep 17 00:00:00 2001 From: dugite-code Date: Mon, 11 Jul 2022 08:59:57 +0000 Subject: [PATCH] website/integrations: Node-Red integration with openidconnect (#3221) * add Node-Red integration doc * Node-Red Protocol settings + linting fixes --- .../integrations/services/node-red/index.md | 106 ++++++++++++++++++ website/sidebarsIntegrations.js | 1 + 2 files changed, 107 insertions(+) create mode 100644 website/integrations/services/node-red/index.md diff --git a/website/integrations/services/node-red/index.md b/website/integrations/services/node-red/index.md new file mode 100644 index 000000000..f4d494925 --- /dev/null +++ b/website/integrations/services/node-red/index.md @@ -0,0 +1,106 @@ +--- +title: Node-RED +--- + +Support level: Community + +## What is Node-RED + +From https://nodered.org/ + +:::note +Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways. + +It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette that can be deployed to its runtime in a single-click. +::: + +:::warning +This requires modification of the Node-RED settings.js and installing additional Passport-js packages, see [Securing Node-RED](https://nodered.org/docs/user-guide/runtime/securing-node-red#oauthopenid-based-authentication) documentation for further details. +::: + +## Preparation + +The following placeholders will be used: + +- `authentik.company` is the FQDN of authentik. +- `nodred.company` is the FQDN of Node-RED. + +### Step 1 + +In authentik, create an _OAuth2/OpenID Provider_ (under _Resources/Providers_) with these settings: + +:::note +Only settings that have been modified from default have been listed. +::: + +- Name: Node-RED + +**Protocol Settings** + +- Redirect URIs/Origins (RegEx): https://nodred.company/auth/strategy/callback/ +- Signing Key: Select any available key + +:::note +Take note of the `Client ID` and `Client Secret`, you'll need to give them to Node-RED in _Step 3_. +::: + +### Step 2 + +In authentik, create an application (under _Resources/Applications_) which uses this provider. Optionally apply access restrictions to the application using policy bindings. + +:::note +Only settings that have been modified from default have been listed. +::: + +- Name: Node-RED +- Slug: nodered-slug +- Provider: Node-RED + +Optionally you can link directly to the authentication strategy + +- Launch URL: https://nodred.company/auth/strategy/ + +### Step 3 + +:::note +Group based permissions are not implemented in the below example +::: + +Use npm to install passport-openidconnect + +Navigate to the node-red `node_modules` directory, this is dependant on your chosen install method. In the official Node-RED docker container the `node_modules` directory is located in the data volume `data/node_modules/`. Alternatively enter the docker container `docker exec -it nodered bash` and `cd /data/node_modules` to utilise npm within the docker container. + +Run the command `npm install passport-openidconnect` + +### Step 4 + +Edit the node-red settings.js file `/data/settings.js` to use the external authentication source via passport-openidconnect. + +```js +adminAuth: { +type:"strategy", +strategy: { + name: "openidconnect", + label: 'Sign in with authentik', + icon:"fa-cloud", + strategy: require("passport-openidconnect").Strategy, + options: { + issuer: 'https://authentik.company/application/o//', + authorizationURL: 'https://authentik.company/application/o/authorize/', + tokenURL: 'https://authentik.company/application/o/token/', + userInfoURL: 'https://authentik.company/application/o/userinfo/', + clientID: '', + clientSecret: '', + callbackURL: 'https://nodered.company/auth/strategy/callback/', + scope: ['email', 'profile', 'openid'], + proxy: true, + verify: function(issuer, profile, done) { + done(null, profile) + } + } + }, + users: function(user) { + return Promise.resolve({ username: user, permissions: "*" }); + } +}, +``` diff --git a/website/sidebarsIntegrations.js b/website/sidebarsIntegrations.js index ba7ffd352..f24ef490b 100644 --- a/website/sidebarsIntegrations.js +++ b/website/sidebarsIntegrations.js @@ -88,6 +88,7 @@ module.exports = { ], }, "services/home-assistant/index", + "services/node-red/index", "services/kimai/index", "services/sonarr/index", "services/tautulli/index",