[Feature Request] Supporting external authentication & JWT authorization for node-red-contrib-users

[tgelite]

Hello,

This feature request is to allow configuration of node-red-contrib-users to support unique user & unique role being passed via JWT token rather than local authentication and user store facilities under control of contrib-users. The goal would be for the plugin to have a 3rd party configuration mode that allows for this, as well as accepted roles.

The Base URL path could support directing an unauthenticated user to the "external authentication" through a uri configured there in 3rd party scenarios.

The policy on the node-red-contrib-user side would treat the role as a user name if provided and allow flow design accordingly.

This would allow reverse proxy performing strong authentication based on enterprise requirements, as well as node-red being embedded within another application effectively and being able to convey user & role to authorized flows.

In our scenario; The reverse proxy configuration is caddy, using the caddy auth portal plugin for authentication and caddy auth JWT for authorization. A user attempting to access node-red must traverse the reverse proxy for access. When authenticated, caddy is relaying the JWT token and headers to node red dashboard UI endpoints we have created. This is already working using the httpAuthMiddleware configuration approach (we can share that config detail and gladly test within it as needed).

The question is what direction is node-red-contrib-users going with role and 3rd-party integration.

Thanks in advance!