NodeJS Authentication

I’m not finding enough information about the NodeJS AD Authentication. The credentials page, can that be modified?

The authentication string used, or username, is that found anywhere? What is the scope of the authentication (the single requested page, the “session”, whatever that is in this context)?

The credentials page can be modified, but if you break it, you’re on your own… :stuck_out_tongue:
The file is C:\Program Files (x86)\Objectif Lune\ppnode\src\html\login.ejs

As for the authentication itself, you will find the user name in every request file that comes in under the <USERNAME> element. The authenticated session is valid for 1 hour by default, this can be changed via the DEFAULT_SESSION_TTL constant in the C:\Program Files (x86)\Objectif Lune\ppnode\src\constants\default.js file, but again, if you mess it up you’re on your own!

Thanks. And does that authentication work across all pages requested/served by NodeJS…? Does it use cookies?

I’m writing another Dashboard, rather, rewriting one to use NodeJS instead of HTTP Server Input, and doing some revisions and enhancements. I use Javascript Web Tokens (jwt) as my current authentication scheme, and the web token is in every header, request, and response.

I don’t want to keep using it. I’d rather use NodeJS’ built-in authentication, but don’t understand how it works.

Is the auth scheme OL’s? Or part of NodeJS? If the latter, I can do the research.

The core dynamic “home page” of my Dashboard contains multiple AJAX/dynamic content sections, and my main concern is if each of those will require separate authentication.

Authentication is performed through Node (actually, through NPM’s ldapjs module), Workflow isn’t involved until authentication has been successful.

Once the connection is properly authenticated, session tokens are passed around in every communication passed to Workflow (unless a process “opts out” by ticking the Ignore global authentication settings option in the NodeJS Input task). Those session tokens are stored in the Request file that the Workflow process receives from Node, just like the <USERNAME> element I mentioned earlier.

Since your Dashboard’s home page receives the initial session tokens, all of its content sections will also pass those tokens back to the server as they each issue requests, so you don’t have to worry about a separate authentication. You will, however, want to make sure that you double check the results from any HTTP request you make because at some point, the session may expire, which could lead to some parts of your dashboard not refreshing correctly. But that’s standard fare in the Web world.

1 Like

Hi Phil,

This is very useful information Thank you.

May I ask if it is possible to intentionally expire the session? For example by clicking on a Logout button on the web page?
How I would expire the session and redirect the user to the login page?