frodovdr
/
node-red
mirror of https://github.com/node-red/node-red.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Page: Design: multiuser
Pages
API Reference Architecture Overview Architecture: Cluster Multi Process Contribution Process Dashboard layout tool Definitions Deprecated: Message properties overriding set node properties Design Notes Design: dynamic palette Design: API Token management Design: CLI tool to produce a node skeleton Design: Concurrent editing Design: Custom Node admin route handling Design: Dynamic MQTT node Design: Dynamic node's icon Design: Editable port labels Design: Editor Events Design: Editor Themes Design: Editor UI Customisation Design: Encryption of credentials Design: Enhancements to Split Join nodes Design: Flow Linter Design: Flow Manipulation API Design: Flow file format v2 Design: Function Library node Design: Library Sidebar Design: Logging Framework Design: Node Generator Design: Node Messaging API Design: Node blacklist whitelist function Design: Node module lifecycle Design: Node settings Design: Palette Management UI Design: Persistable Context Design: Platform Specific Nodes Design: Projects Design: Runnable Project Design: Runtime Editor Split Design: Runtime Events Design: Runtime extension points Design: Subflow Enhancements Design: Subflow Instance properties Design: Subflow Node modules Design: Usage telemetry Design: Using environment variables Design: Version Control Design: adminAuth User Management Design: external file for function and templates nodes Design: i18n de Design: i18n Design: msg.parts description of usage Design: multiuser Design: subflows vNext Design: subflows Design:Shared Global Context Editor Mouse Actions Editor Runtime API Flow Format Flow testing Home Input node feature definitions Live runtime information Node Design Guidelines Node documentation guide Node msg Conventions Output node feature definitions Pluggable Message Routing Query node feature definitions ReadMe Raspberry Pi Advanced Runtime Editor Comms protocol Technical Interchange 2018 04 13 Technical Interchange Meetings Testing UI testing Watch node feature definitions Web Nodes outline adminAuth Credential Authentication dynamic palette join in auto mode npm installable nodes
0 Design: multiuser
knolleary edited this page 2014-11-07 15:05:54 -08:00

Node-red is currently a userless system. Anyone can point their browser at the runtime and edit the active flows.

When we talk about multiuser/multitenancy, there are a number of things that could mean.

  • An editor that can be logged into by multiple users
  • A runtime that runs the flows of multiple users

There are no immediate plans to change the runtime to support multiple, isolated flows. This item is focussed on what changes are needed in the editor and api to support multiple users.

An alternative runtime could be conceived that serves the editor and forwards individual user requests to individual runtime instances.

This must also consider how to seamlessly migrate from being userless to having a default user.

Need to investigate choices for authentication mechanism between a client and the runtime. It might not just be the editor; should be possible to secure http nodes using the same mechanism.

Is OAuth 2.0 - Resource Owner Password Credentials Grant (RFC 6749, Section 4.3) - a good starting point?

Currently developing this in my knolleary/node-red fork under the auth branch.

When enabled, all api requests must provide a valid access token in the Authorization header. The header is obtained by posting to '/auth/token', providing username, password, client_id, client_secret and scope.

  • should we use refresh tokens as well as access tokens?
  • how to tie it into 'httpAdminAuth'?
  • how to plug in multiple users?
  • how to do 3rd party oauth auth?
  • websocket connection auth