Custom authorization logic for self hosted queue instance

Describe the question

Hi all, I have to implement the following auth scheme:

  1. Provide a custom external login website which generates a JavaScript Web Token (JWT) once the user is logged in (solved)
  2. Redirect the logged user to the n8n self hosted instance (solved using this documentation: JWT - n8n Documentation) running under the queue mode (Configuring queue mode - n8n Documentation)
  3. Pull information (from an external endpoint ) based on the logged user for its use in the core of a private full versioned node (is part of the question)
  4. Define users and groups for team work as follows (is part of the question)
  • Admin users with access to all workflows and credentials
  • Member accounts with access to team workflows (can be more than one)
    For example:
    Member A1 with access to workflows W1, W2, W3
    Member A2 with access to workflows W1, W2, W3
    Member B with access to workflows W4,W5,W6
    And A1 shouldn’t be able to access neither delete W4.

So here is the question:
As far as I’ve learned from the docs, I can combine JWT auth with n8n user management but the workflow roles and permissions (Sharing - n8n Documentation) don’t accomplish this requirement because I need:
*multiple groups inside member accounts as shown in the previous example.
*member accounts need to able to delete flows.
*I also need to disable the user management feature in the settings panel because I have another app to manage users.

So is it possible to plug a custom authorization logic without editing the n8n core?

Information on your n8n setup

  • **n8n version: 0.219.1
  • **Database you’re using: PostgreSQL
  • **Running n8n with the execution process [own(default), main]: main
  • **Running n8n via [Docker, npm, n8n.cloud, desktop app]: AWS EKS

Thanks and Regards

Hey @maurimuchico,

Welcome to the community :raised_hands:

I guess the real quick answer to this one is any changes to the authorisation process would need a fork, I don’t think JWT works with user management either like you have noticed so this probably won’t be a quick chance.

Have you looked through the embed docs to see if there is anything there that may be useful?