1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

Updated Design: multiuser (markdown)

knolleary 2014-11-07 15:05:54 -08:00
parent da9b878d45
commit 8e146fb804

@ -17,3 +17,14 @@ Need to investigate choices for authentication mechanism between a client and th
Is OAuth 2.0 - Resource Owner Password Credentials Grant (RFC 6749, Section 4.3) - a good starting point? Is OAuth 2.0 - Resource Owner Password Credentials Grant (RFC 6749, Section 4.3) - a good starting point?
---
Currently developing this in my knolleary/node-red fork under the auth branch.
When enabled, all api requests must provide a valid access token in the Authorization header. The header is obtained by posting to '/auth/token', providing username, password, client_id, client_secret and scope.
- should we use refresh tokens as well as access tokens?
- how to tie it into 'httpAdminAuth'?
- how to plug in multiple users?
- how to do 3rd party oauth auth?
- websocket connection auth