Access HTTP Admin API from within a flow

[Bob S]

I am trying to get access to the HTTP Admin API from within a flow, but I am unable to understand how to do this when security is implemented.

I have followed the documentation and am able to get the expected results using curl on the command line, but I don't know how to do this from within a flow using some combination of function nodes, TCP request nodes, etc.  I can't find any examples of this type of access.  Is there any guidance for doing it this way?

I would prefer to be able to use the RED object to access the admin functions, but seem unable to find a way to do this.  I tried adding "RED:require('node-red')" to settings.js, but I got an error stating the node could not be found.

Thanks,

Bob

[Ben Hardill]

It may be better to explain what the end result you are trying to achieve here is as there may be a better way to do it.

But you should be able to do it with a http request node and set the Authorization header to pass the token.

[Bob Sculley]

I’m trying to set the parameters of an instantiated node dynamically.  I understand that this requires the ability to get the node details, make the changes and then redeploy it.  I have a good example of how to do this, but it won’t work on a system with security enabled.

 

I think the key is being able to “set the Authorization header to pass the token”.  I don’t see a way to do that in the http request node. 

 

Then too, you have to get the token before you can pass it and I don’t know how to do that either.

 

Thanks,

Bob

--
http://nodered.org
 
Join us on Slack to continue the conversation: http://nodered.org/slack
---
You received this message because you are subscribed to a topic in the Google Groups "Node-RED" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/node-red/kCkeyZHu-IY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to node-red+u...@googlegroups.com.
To post to this group, send email to node...@googlegroups.com.
Visit this group at https://groups.google.com/group/node-red.
To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red/f05385de-8d85-4239-bb2d-86e5b270ed44%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Nick O'Leary]

Bob,

The mechanism for obtaining an access token is documented here: http://nodered.org/docs/api/admin/oauth

The info sidebar for the http request node describes how to set additional http headers using the msg.headers property you pass the node.

Nick

You received this message because you are subscribed to the Google Groups "Node-RED" group.
To unsubscribe from this group and stop receiving emails from it, send an email to node-red+u...@googlegroups.com.

To post to this group, send email to node...@googlegroups.com.
Visit this group at https://groups.google.com/group/node-red.

To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red/!%26!AAAAAAAAAAAYAAAAAAAAAPilthT1PgxCu8%2BnGAeNZvbCgAAAEAAAAIt8OEb4Fd1KpYf9FFcOfu0BAAAAAA%3D%3D%40sculley.net.

[Bob Sculley]

Yeah, I think I get it, but I can’t seem to get it to work.

 

I have this in the function node:

 

msg.headers= {

              'client_id': 'node-red-admin',

              'grant_type': 'password',

              'scope': '*',

              'username': 'admin',

              'password': 'password'}

return msg;

 

And this in the http request node (entered in the template):

 

Method : POST

URL:  http://localhost:1880/auth/token

 

The response id 401 Unauthorized.

 

This line (from the documentation) works at the command line:

 

curl http://localhost:1880/auth/token --data 'client_id=node-red-admin&grant_type=password&scope=*&username=admin&password=password'

 

What am I doing wrong?

 

Bob

To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red/CAF%3Dvhqc%3DdNRDDHeiFpC4sto6QduKme3yScn4YZekRRpW3WdEkA%40mail.gmail.com.

[Ben Hardill]

You don't want to be setting headers to get the auth token, they should be query parameters.

Then you set returned access_token as a header

[Bob Sculley]

Ok, I have changed the http request to work off of the message properties.

 

I’m using this:

 

msg.method="POST";

msg.url=”http://localhost:1880/auth/token?client_id=node-red-admin&grant_type=password&scope=*&username=admin&password=password”;

return msg;

 

The response is still “Unauthorized”

 

Here is the complete response:

 

‎2‎/‎25‎/‎2017‎ ‎7‎:‎27‎:‎06‎ ‎AMnode: 8af1c4a3.712518msg : Object

{ _msgid: "b5605d48.4a9fa", topic: "", payload: "Unauthorized", method: "POST", url: "http://localhost:1880/auth/tok…" … }object

_msgid: "b5605d48.4a9fa"

topic: ""

payload: "Unauthorized"

method: "POST"

url: "http://localhost:1880/auth/token?client_id=node-red-admin&grant_type=password&scope=*&username=admin&password=password"

statusCode: 401

headers: object

x-powered-by: "Express"

date: "Sat, 25 Feb 2017 15:27:03 GMT"

connection: "close"

content-length: "12"

responseUrl: "http://localhost:1880/auth/token?client_id=node-red-admin&grant_type=password&scope=*&username=admin&password=password"

 

I also tried it with GET.  Same response.

To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red/2f03b311-04f2-4306-998e-d51844193a11%40googlegroups.com.

[Colin Law]

What happens if you put that url into the browser?

Colin

> https://groups.google.com/d/msgid/node-red/!%26!AAAAAAAAAAAYAAAAAAAAAPilthT1PgxCu8%2BnGAeNZvbCgAAAEAAAAHass1D7tQVLts0r19pydb8BAAAAAA%3D%3D%40sculley.net.

[Bob Sculley]

Here is the url:

http://192.168.0.203:1880/auth/token?client_id=node-red-admin&grant_type=password&scope=*&username=admin&password=password

I think this will generate a GET request (not POST). I have been told I should use POST with a url query. I don't exactly understand this, but I have tried it and it didn't work either.

The first thing that happens is I get an logon prompt from the browser (Edge).

I try logging on with the same credentials I use to access node-red (admin/password) but the logon is not accepted.

Finally I try user-id admin with no password. Response is "Unauthorized".


Bob

To post to this group, send an email to node...@googlegroups.com.

Visit this group at https://groups.google.com/group/node-red.

To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red/CAL%3D0gLug4pwDpWDT3aFS%2BdojvEGjyT12mB%2BV3R%3D9U-CwxgEc-g%40mail.gmail.com.

[Colin Law]

Is your password really password?

Colin

> To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red/!%26!AAAAAAAAAAAYAAAAAAAAAPilthT1PgxCu8%2BnGAeNZvbCgAAAEAAAANombqPkGD9GgtTqEeGaQd4BAAAAAA%3D%3D%40sculley.net.

[Bob Sculley]

Yes, this is just a test setup running locally on a Raspberry Pi...

To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red/CAL%3D0gLvyUAOnym5g5-ia27t%2B_mLS-FA2zatPQBTRAhgtScEHzw%40mail.gmail.com.

[Bob Sculley]

OK, I finally figured it out.

 

The data doesn’t go as query parameters, but as POST form data.

 

Here is the full setup for anyone that might be interested:

 

msg.method="POST";

msg.url="http://localhost:1880/auth/token";

msg.payload= {'client_id': 'node-red-admin',

              'grant_type': 'password',

              'scope': '*',

              'username': 'admin',

              'password': 'password'}

msg.headers={

    'Accept': '*/*',

    'Content-Type': 'application/x-www-form-urlencoded'

}

return msg;

 

It would be great to include this in the documentation.

 

Bob

 

From: node...@googlegroups.com [mailto:node...@googlegroups.com] On Behalf Of Ben Hardill

Sent: Saturday, February 25, 2017 3:57 AM

To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red/2f03b311-04f2-4306-998e-d51844193a11%40googlegroups.com.