From afbc4302065764f21656abbc904c784920b9f85d Mon Sep 17 00:00:00 2001 From: meliurwen Date: Thu, 25 Mar 2021 03:18:08 +0100 Subject: [PATCH] Small fixes --- README.md | 17 +++++++++-------- docker-compose.yml | 19 +++++++++++-------- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 5fae827..9b523d7 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,18 @@ # ORY Kratos as Login Provider for ORY Hydra -**Warning: ** this is a preliminary example and will properly be implemented in ORY Kratos directly. +> **Warning:** this is a preliminary example and will properly be implemented +> in ORY Kratos directly. For now, to run this example execute: ```shell script -$ docker-compose up --build +docker-compose up --build ``` Next, create an OAuth2 Client ```shell script -$ docker-compose exec hydra \ +docker-compose exec hydra \ hydra clients create \ --endpoint http://127.0.0.1:4445 \ --id auth-code-client \ @@ -25,7 +26,7 @@ $ docker-compose exec hydra \ and perform an OAuth2 Authorize Code Flow ```shell script -$ docker-compose exec hydra \ +docker-compose exec hydra \ hydra token user \ --client-id auth-code-client \ --client-secret secret \ @@ -34,8 +35,6 @@ $ docker-compose exec hydra \ --scope openid,offline ``` - - ## Setup Clone the ui: @@ -55,7 +54,7 @@ docker-compose build --pull && docker-compose up -d Create an OAuth2 Client ```shell script -$ docker-compose exec hydra \ +docker-compose exec hydra \ hydra clients create \ --endpoint http://127.0.0.1:4445 \ --id gitea-client \ @@ -69,7 +68,7 @@ $ docker-compose exec hydra \ and perform an OAuth2 Authorize Code Flow ```shell script -$ docker-compose exec hydra \ +docker-compose exec hydra \ hydra token user \ --client-id gitea-client \ --client-secret superSecret \ @@ -91,6 +90,8 @@ hydra clients create \ --callbacks http://cloud.server.lan/apps/oidc_login/oidc ``` +Minimum parameters needed in `config/config.php`: + ```php 'oidc_login_client_id' => 'nextcloud', 'oidc_login_client_secret' => 'superSecret', diff --git a/docker-compose.yml b/docker-compose.yml index 39c5198..e2fdc1f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,5 @@ -# This docker-compose file sets up ORY Kratos, ORY Hydra, and this app in a network and configures -# in such a way that ORY Kratos is the Login Provider for ORY Hydra. +# This docker-compose file sets up ORY Kratos, ORY Hydra, and this app in a network +# and configures in such a way that ORY Kratos is the Login Provider for ORY Hydra. version: '3.7' @@ -22,12 +22,15 @@ services: - hydra-migrate expose: - "4444" # Public port http://hydra.server.lan + - "4445" # Admin port ports: - - "4445:4445" # Admin port - "5555:5555" # Port for hydra token user command: - serve all --sqa-opt-out --dangerous-force-http --dangerous-allow-insecure-redirect-urls "http://git.dev.server.lan/user/oauth2/hydra/callback","http://cloud.server.lan/apps/oidc_login/oidc" - restart: on-failure # TODO figure out why we need this (incorporate health check into hydra migrate command?) + serve all --sqa-opt-out --dangerous-force-http \ + --dangerous-allow-insecure-redirect-urls \ + "http://git.dev.server.lan/user/oauth2/hydra/callback",\ + "http://cloud.server.lan/apps/oidc_login/oidc" + restart: on-failure environment: - LOG_LEAK_SENSITIVE_VALUES=true - URLS_SELF_ISSUER=http://hydra.server.lan @@ -89,9 +92,9 @@ services: depends_on: - kratos-migrate image: oryd/kratos:v0.5.4-alpha.1-sqlite - ports: - - "4433:4433" # public - - "4434:4434" # admin + expose: + - "4433" # public + - "4434" # admin restart: unless-stopped environment: - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true