OpenFlow Credentials from Outside
-
Is there a way to use OpenFlow user credentials from outside? For instance I have a custom app on top of openflow/nodered and want it to call and use a robot. The issue is I want to use OpenFlow credentials for the app.
Is that possible? -
If you want to CALL the robot, then why would you need to access the credentials ?
Anyway, yes you can access the credentials from PowerShellGet-Entity -Collection openrpa -Type credentialor if your external app is a web app or nodejs app you use the openflow-api package
import { NoderedUtil, QueueMessage, SigninMessage, WebSocketClient } from "@openiap/openflow-api"; const socket: WebSocketClient = new WebSocketClient(logger, "wss://app.openiap.io"); const onopen = async () => { const result: SigninMessage = await NoderedUtil.SigninWithUsername("user", "secret", null, false, false); const credentials = await NoderedUtil.Query("openrpa", {"type": "credential"}, null, null, 10, 0, null); socket.events.on("onopen", onopen); if (socket.isConnected()) onopen();Or you could spin up an nodered instance, add a http rest endpoint that fetches and/or allows updating creating credentials. Make sure to not enable anonymous access if doing that
-
@allan-zimmermann Thanks Allan. We want to secure web app access keeping the accounts administration on Openflow. As a way to make sure only Openflow accounts can access the robot control web app.
-
you can secure access to OpenFlow by disabling basic authentication and only use federation, currently it support SAML/WS-Federation and Oauth 2 ( ie. support for things like Active Directory Federation Server or Office 365, and google suit/google apps ) but more can be added easily since it's based of passport with more than 500 different strategies.
Is that what you where asking ? sorry, I'm having a hard time understanding what your question or use case is ... -
@allan-zimmermann Thanks Allan. This is our use case:
We want to use OpenFlow accounts/credentials for the web app login process. In other words, we want to use OpenFlow as our web app access administration.
-
Yes, you can do that.
I added 2 examples, one using SAML login and one using OAuth2.-
saml example: it expects the webssite to be hosted by the server code in /src/server
the webapp redirects the user to /saml when the user should be authenticated, and the web app knows if/when the user is signed in, by doing a request to /jwt
you can then sign in to openflow using the token you get from /jwt -
The OAuth2 uses ng-openflow-auth for authentication, not much to tell its pretty basic.
Once the user is authenticated and you have a session open to openflow using the api you can communicate directly with NodeRed using the "workflow in"/"workflow out" nodes by sending messages to the message queue for the "workflow in" node ( the name you see under the workflow in node).
You do that by first registering a queue for the web client using RegisterQueue and you can the send messages to any message queue using QueueMessageFor an example ( talking to a robot, but its the same concept ) take a look in this component
-
-
@allan-zimmermann Thanks Allan. We will take that examples.
