docker-sso/README.md

# ORY Kratos as Login Provider for ORY Hydra

> **Warning:** this is a preliminary example and will properly be implemented
> in ORY Kratos directly.

For now, to run this example execute:

```shell script
docker-compose up --build
```

Next, create an OAuth2 Client

```shell script
docker-compose exec hydra \
    hydra clients create \
    --endpoint http://127.0.0.1:4445 \
    --id auth-code-client \
    --secret secret \
    --grant-types authorization_code,refresh_token \
    --response-types code,id_token \
    --scope openid,offline \
    --callbacks http://127.0.0.1:5555/callback
```

and perform an OAuth2 Authorize Code Flow

```shell script
docker-compose exec hydra \
    hydra token user \
    --client-id auth-code-client \
    --client-secret secret \
    --endpoint http://hydra.server.lan/ \
    --port 5555 \
    --scope openid,offline
```

## Setup

Clone the ui:

```shell script
./setup.sh
```

Spin the containers:

```shell script
docker-compose build --pull && docker-compose up -d
```

## Gitea

Create an OAuth2 Client

```shell script
docker-compose exec hydra \
    hydra clients create \
    --endpoint http://127.0.0.1:4445 \
    --id gitea-client \
    --secret superSecret \
    --grant-types authorization_code,refresh_token \
    --response-types code,id_token \
    --scope openid,offline \
    --callbacks http://git.dev.server.lan/user/oauth2/hydra/callback
```

and perform an OAuth2 Authorize Code Flow

```shell script
docker-compose exec hydra \
    hydra token user \
    --client-id gitea-client \
    --client-secret superSecret \
    --endpoint http://hydra.server.lan/ \
    --port 5555 \
    --scope openid,offline
```

## Nextcloud

```shell script
hydra clients create \
    --endpoint http://127.0.0.1:4445 \
    --id nextcloud \
    --secret superSecret \
    --grant-types authorization_code,refresh_token \
    --response-types code,id_token \
    --scope openid,offline \
    --callbacks http://cloud.server.lan/apps/oidc_login/oidc
```

Minimum parameters needed in `config/config.php`:

```php
'oidc_login_client_id' => 'nextcloud',
'oidc_login_client_secret' => 'superSecret',
'oidc_login_provider_url' => 'http://hydra.server.lan',
'oidc_login_disable_registration' => false,
'oidc_login_attributes' => array(
        'id' => 'sub',
),
```
First working version 4 years ago			`# ORY Kratos as Login Provider for ORY Hydra`

Small fixes 4 years ago			`> Warning: this is a preliminary example and will properly be implemented`
			`> in ORY Kratos directly.`
First working version 4 years ago
			`For now, to run this example execute:`

			```shell script
Small fixes 4 years ago			`docker-compose up --build`
First working version 4 years ago			```

			`Next, create an OAuth2 Client`

			```shell script
Small fixes 4 years ago			`docker-compose exec hydra \`
First working version 4 years ago			`hydra clients create \`
			`--endpoint http://127.0.0.1:4445 \`
			`--id auth-code-client \`
			`--secret secret \`
			`--grant-types authorization_code,refresh_token \`
			`--response-types code,id_token \`
			`--scope openid,offline \`
			`--callbacks http://127.0.0.1:5555/callback`
			```

			`and perform an OAuth2 Authorize Code Flow`

			```shell script
Small fixes 4 years ago			`docker-compose exec hydra \`
First working version 4 years ago			`hydra token user \`
			`--client-id auth-code-client \`
			`--client-secret secret \`
			`--endpoint http://hydra.server.lan/ \`
			`--port 5555 \`
			`--scope openid,offline`
			```

			`## Setup`

			`Clone the ui:`

			```shell script
			`./setup.sh`
			```

			`Spin the containers:`

			```shell script
			`docker-compose build --pull && docker-compose up -d`
			```

			`## Gitea`

			`Create an OAuth2 Client`

			```shell script
Small fixes 4 years ago			`docker-compose exec hydra \`
First working version 4 years ago			`hydra clients create \`
			`--endpoint http://127.0.0.1:4445 \`
			`--id gitea-client \`
			`--secret superSecret \`
			`--grant-types authorization_code,refresh_token \`
			`--response-types code,id_token \`
			`--scope openid,offline \`
			`--callbacks http://git.dev.server.lan/user/oauth2/hydra/callback`
			```

			`and perform an OAuth2 Authorize Code Flow`

			```shell script
Small fixes 4 years ago			`docker-compose exec hydra \`
First working version 4 years ago			`hydra token user \`
			`--client-id gitea-client \`
			`--client-secret superSecret \`
			`--endpoint http://hydra.server.lan/ \`
			`--port 5555 \`
			`--scope openid,offline`
			```

			`## Nextcloud`

			```shell script
			`hydra clients create \`
			`--endpoint http://127.0.0.1:4445 \`
			`--id nextcloud \`
			`--secret superSecret \`
			`--grant-types authorization_code,refresh_token \`
			`--response-types code,id_token \`
			`--scope openid,offline \`
			`--callbacks http://cloud.server.lan/apps/oidc_login/oidc`
			```

Small fixes 4 years ago			Minimum parameters needed in `config/config.php`:

First working version 4 years ago			```php
			`'oidc_login_client_id' => 'nextcloud',`
			`'oidc_login_client_secret' => 'superSecret',`
			`'oidc_login_provider_url' => 'http://hydra.server.lan',`
			`'oidc_login_disable_registration' => false,`
			`'oidc_login_attributes' => array(`
			`'id' => 'sub',`
			`),`
			```