Node-RED plugin for authenticating users with AzureAD.
This modules lets you restrict access to the Node-RED editor to specific AzureAD users.
Note: this requires Node-RED 0.18 or later
In your Node-RED user directory, typically ~/.node-red:
$ npm install node-red-contrib-auth-azuread
Guide to Microsoft AzureAD application registration here.
To enable access control with AzureAD, you must first create a new application on your Azure Portal.
Once created, you will be provided a Identity Metadata and Client ID that you will need to use to configure the authentication plugin.
Access control for the Node-RED editor is configured in your settings.js file
using the adminAuth property. Receives options as listed in the passport-azure-AD project.
identityMetadata, clientID, responseType, responseMode, and redirectUrl are required;
scope defaults to ['profile'] if none is provided. Also receives a custom "verify" function if desired;
otherwise uses a default that looks for "Preferred Username". Example:
adminAuth:require("node-red-contrib-auth-azuread")({
identityMetadata: 'https://login.microsoftonline.com/<tenant guid>/v2.0/.well-known/openid-configuration',
clientID: '<application ID>',
responseType: 'code',
responseMode: 'query',
redirectUrl: 'https://<node red endpoint>/auth/strategy/callback',
users: [
{username: "test@admin.com",permissions: ["*"]}
]
})
Note: at time of this writing, the node-red auth/strategy/callback method only accepts GET requests, so this will fail unless you use the response mode query.
As described in the passport-azure-AD project, this will change requirements for some other options. Please read their github for more info.
Copyright JS Foundation and other contributors, http://js.foundation under the Apache 2.0 license.