Absolute (beginner) with Node-RED: Authorization and Authentication or "access a protected REST API"

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so okay i'm back yeah as i promised uh yeah now we come to a little bit more complex topic and that topic is about authentication authorization and maybe you know i also created a flow called twitter follower flow and i thought by myself yeah maybe you do not have and twitter account but you maybe want also to know how that all that works and that's the reason why i thought by myself maybe i can use cloak which i instantiate or with another example i made in a workshop which is called get started with java microservices application with code engine and the old or the only thing what i what i use here is the instances of of these um applications and um yeah so to show you um in that example that we will access at at least the key cloak here yeah that's the authentication and authorization yeah we will use and we will get data from here and we will show the data not on that [Music] cloud native starter example so that's example i don't want to tell too much about all that example it's just to know there is an application yeah uh which runs totally yeah with uh four applications at least on code engine um serverless framework on ibm cloud and here i use these components just to show that okay that's the background and yeah i can can start uh that is the the front end here you already have seen here that i have to log on as alice so that will take a while ah yeah it's always that i ha once again just such a simple name and yeah so that takes a that takes a while because um it is um uh scale to zero exam and yeah because i want to reduce uh the amount of money i have to spend and uh though i scale to zero for the most of the applications and all that that takes a little bit time and here is my key cloud configuration that i have to admin admin and so and that's what i have that's the round that's configuration but i don't want to tell too much about all that stuff the most important thing is that you know okay there is some identity next management we use yeah and we use an application which is protected with that identity and access management system and how to do that with uh key cloak and not with key cloak with node red inside node red how to do that and that could be usefully different situation as a hackathon when you easily want to uh just access the information and display the information not using um yeah so that is the reason yeah and i already created that flow yeah so we will add that flow and that flow is also stored in my repository here with the flows here authentication and authorization example and hopefully yeah i saved the right flow of all the information so let's just copy and paste them here you can also download it and you can clone the project and upload it so but i the dot with this normal copy and paste the copy so and i import that also the existing flow yeah so that we also have that here in a row and like say here import let's import it what is important to know when we use that um there is one no no it's no longer needed for that it is needed for the uh um twitter follower so we do not need it here so i i just recognize i i didn't the base 64 encoding not here it's not needed so what we will do and what to understand oh yeah i made it very very big yeah so that two way two things when new web applications are protected with open id connect and oauth the the first thing is you need to authorize yourself to get a token and that token gives you the ability to access information yeah so a little bit uh background for that is that these uh token can that directly specified you are only allowed when you're in a in a specific role that you can access that kind of information a little bit background that is that um before all that stuff was available here we've applied to the uh recipe um give other application access to different systems so that you can integrate with and that was not available some years before and i was really asking about your password and you should provide a password to provide integrations and and so on and this is no longer needed for that okay what we do at first we need to authorize ourself at the uh at the key cloak to get that token yeah so what we will do here so when we start that with that um invocation here we need to define how we do that so on what i did here is here i show the components you need to know when you need to access an an api or some something else which is protected also with an oauth or maybe also with identity and access management system you need okay to know the header content yeah when we go to create a request and as you see it's it's more or less the same as we did before because uh it's also only an http request we will send but here we will uh need here we have to configure the header and the payload information so and uh for key cloak this is needed we need in the head of the information that the following information is um from url your form url encoded and then we have here that kind of payload we need to send with a post request and that is important to know to understand okay that that is we need we need that to configure yeah and when you have that configured and that could be different yeah it depends on what your uh identity nexus provider is yeah so that you that is what you have to figure out so in that decision here in my case with key globe okay that is what is so here um there's a client id just to get to get this a little bit in to understand that we are here and the client id for example i use here is front end yeah that's the client id yeah going back and that's the username and that's the kind of um how we ground the access and that is with the password yeah okay there are different kinds for the authentication that is what we are going to choose here so with that we will send that in the payload and then here is the configuration of um our http request the same as we did before yeah it was the same and uh here we do the post and that's the url i currently use and what the cool thing is with with uh the uh the code engine i i will i will delete everything so you can remember it in the moment when you are at the moment yeah you are really able also to do the same but um after a bad live stream you are surely able to delete the different instances and they have different ids and so on and that will no longer be available okay so that's the url where my key cloak is running and that is the the end point what we invoke and that is the ram the ram is where we define our authentication yeah with all the users and so on yeah so and okay we have that so now i show that uh to show that i displayed that in in that name and that is the important stuff so when we get that what i said it's always good to to use with j using json yeah so i put that in a json format and then i will store that um data we will get in a flow variable a flow variable is very cool uh inside node red if you get something and you want to use it later or maybe in in scope of global yeah then you can also use it later in different in different scenarios and that is what i will do the reason for that is what you what you can see um i want to end here i would i could also maybe send these as a direct yeah to the next step to build the next header but i don't want to do that i really want to separate it at them in that moment so i deploy it so i want to invoke the application because as i say said they are scaled to zero and and i want to reduce the time when we're going to invoke then we really get the data so um and now that the first step is now we're going to invoke here yeah this is very fast because the gig log the authentication server is already running yeah and you can see here what happened yeah that is our return value we got that access token we've got the information where when it expires here the ref uh refresh in refresh token the token uh type yeah and that is everything what we get so and now we will what i already did here i saved in the flow variable period token yeah the access token so in that format so that is that is what we need later for the invocation yeah so that is what we already have so and then then we're going to invoke the data we want to know and that's the that's the very important point first we identified somewhere who says yeah you get now these this token and you are now illegal to access the information on that application so that we built here the authorization because now we need to utilize our token we got [Music] and then we will uh yeah get something with uh in json format back so you will see what it is and that is the invocation itself yeah of our uh data we want to get because we want to get articles and that's provided by the web api microservice so ah yeah overlay so it really takes some time so and when we got that here and then we have it and that is um yeah more or less of yeah uh very very the the same as i did here in uh here when i go to as long as it goes i created that blog post about uh twitter follower flow and this is um yeah a little bit more even more complex because here you have first to register at twitter and and and get the authorization key and how does it work and it here is with oh well this is more or less the same yeah so that's is the same concept at least yeah you can see um yeah that's still the timeout it takes a little bit longer so going back so oh don't change it so now we go to exam once more and now i clean up oh yeah we got it oh no the topic ah that was he see okay the request is here as you can see it still takes a while so i have to take a look into oh no now it should work because the yep yeah yeah you know though there are several uh um several applications need to do scale up yeah or you need to be instantiated and i said yeah there's only allowed one instance and that's the that's reason now yeah we should get it yeah uh once more we save our yeah here once more we save our access token now we have to access cloud here and now okay here payload array yeah that's the same as we have here that's the entry yeah and that's all yeah at the end it is not so complex yeah if you understand it yeah but the first step is isn't so easy yeah and i think it is very easy to understand here especially in inside note red because you really can see here what what are the steps here you built the header yeah you get the token and that is very transparent and see you can see what the flow is and this is the data yeah and here we request the protected data so and that's not about the implementation how the rest was implemented for sure yeah but that is how it works and yeah if you do not have such easy endpoints like this and this was a really easy endpoint yeah but uh maybe also in a hackerzone you have some protected endpoints yeah we have to log in you have to define um your header information and so on and that's just a little bit uh to be prepared and so that yeah yeah that is no longer really for um total beginner yeah but um yeah that's that's uh still basics yeah needs to know okay yeah this was about authentication yeah and i hope that was useful for you and i say thanks for watching so there are now two new live streams and i hope they will be naughty be deleted here and i will examine it maybe i will uh cut some things out if it took too long yeah and yeah see us accidentally for an accidental live stream again when i have time after hours and i want to share information or maybe i get some feedback from you and i want to create it okay have fun examine it provide feedback if it is useful for you and um maybe you want also to subscribe to my channel for an accidentally live stream or maybe a youtube video i created but now really i end the stream and i say bye

Info

Channel: Thomas Südbröcker

Views: 6,036

Rating: undefined out of 5

Keywords:

Id: sS9bBBb84sY

Channel Id: undefined

Length: 21min 38sec (1298 seconds)

Published: Wed Jul 07 2021