Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Node Red Custom Token issue #810

Open
shaharzoo93 opened this issue Jun 27, 2023 · 4 comments
Open

Node Red Custom Token issue #810

shaharzoo93 opened this issue Jun 27, 2023 · 4 comments

Comments

@shaharzoo93
Copy link

shaharzoo93 commented Jun 27, 2023
edited
Loading

Current Behavior

We have successfully integrated and launched the Node-RED application as an embedded component within our existing system using an iframe. However, we encountered an issue where all the child requests are being denied due to unauthorized access.

Here is an improved version of the provided code:

<iframe id="pwi_smv_app_iframe" name="pwi_smv_app_iframe" frameborder="0"
  src="${baseUri}/api/nginx/api/ui/?jwt=${window.localStorage.getItem('credentials')}"
  style="width: 100%; height: calc(100vh - 101px); position: fixed;"></iframe>

image
image (1)

Since authentication is already integrated into the existing application, there is no need to perform any authentication checks on the Node-RED side. However, to ensure that all subsequent requests include a token, we need to make some configuration changes in the Node-RED core.

image

In our current structure, the Node-RED UI path is accessed from the UI with a JWT token, and it successfully executes and returns the Node-RED UI dashboard. However, the dashboard also requires additional resource files such as app.min.js and socket.io. Unfortunately, these resource files do not automatically include the token, resulting in authentication errors from the Kong gateway.

it seems that the child requests are failing because the authentication token is not being set for the Node-RED resources/ child requests.
image (2)

Expected Behavior

All the subsequent node-red child/resources requests add a token if the initiator request has a token and UI should load.

Steps To Reproduce

  • Up the node-red as embedded using express node.js.
  • Create custom authentication gateway
  • Request node-red ui request from your existing application

Example flow

paste your flow here

Environment

  • Node-RED version:
  • Node.js version:
  • npm version:
  • Platform/OS:
  • Browser:
@shaharzoo93
Copy link
Author

Please provide the solution to solve the issue

@knolleary
Copy link
Member

Hi @shaharzoo93 - there isn't an immediate solution available. The dashboard doesn't know anything about your tokens and has nothing in it to automatically add tokens to every request to sends back to the runtime.

This would require some considerable development effort to add support for this.

@knolleary
Copy link
Member

The only workaround I can think of is if you were to use a cookie based approach for your tokens - so the browser would automatically include the cookies in each request sent back to your server.

@knolleary
Copy link
Member

Sorry, I know nothing about Kong Gateway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@knolleary @shaharzoo93