Authentication for a custom widget

Product/components used and version/fix level:

Cumulocity IoT -Cockpit-Custom Widget || Version:Latest ||Date:5/6/2023

Detailed explanation of the problem:

I want to make an authentication check for my custom widget. In my cockpit, there are a lot of custom widget.
For some widget, I only want users who have a right user_name and password in my database can see the content.

Below is my thought

  1. User type their username + password and submit.(done)
  2. username and password will be transfered to opcua node.(done)
    3.There is another threading in opcua server that will check the username and password via an online database like MongoDb Atlas (done)
  3. If the user and password are right, shows full widget.(Problem)

Server is writen in a Python program. Problem is: When the authentication check in python results a ‘True’, how can I send this back to the widget?

Here are my thought(don’t know whether it is possible)

  1. save the ‘True’ in a node. Click ,for example ‘check’ in the widget, and compare the value with a predifined ‘True’ in a .ts service. (I don’t know how to get the value from nodes via angular, like ‘c8y_ua_command_WriteValue’ can write value to a node)

Could you give me some advice of that?

Error messages / full error message screenshot / log file:

Question related to a free trial, or to a production (customer) instance?

Production instance. Custom widget.

Within the Domain Model it’s the Operations to be used to interact with Devices:

Operations relate to data that is sent to devices for execution or processing, such as switching a relay in a power meter or sending a credit to a vending machine.

So what you could do is to create such an Operation from your UI. The Device has to pick it up, verify access and put it to either SUCCESSFUL or FAILED state. In parallel, your UI is listening to the Operations changes - once it’s successful it unlocks your widget.

However, to let the Device do this whole verification is asynchronous and rather unusual. It comes with at least two down-sides:

  • Network latency, especially with Devices in mobile network and/or globally distributed
  • Functionality will not work while Device is offline

I guess your Device is using some 3rd party system to verify the access anyhow. Maybe it’s possible to integrate this with having a microservice that syncs your Users permissions with the Platforms User Management. The platform allows to create custom permissions and roles via REST API - so technically that should be doable.

1 Like

If you stay with sending the credentials via an opcua operation, please also ensure that those credentials are encrypted/hashed when you transfer them via an operation to the opcua node. Otherwise everyone with access to the operation might be able to read the credentials.

1 Like

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.