|
|
@ -1,17 +1,18 @@ |
|
|
|
# ORY Kratos as Login Provider for ORY Hydra |
|
|
|
# ORY Kratos as Login Provider for ORY Hydra |
|
|
|
|
|
|
|
|
|
|
|
**Warning: ** this is a preliminary example and will properly be implemented in ORY Kratos directly. |
|
|
|
> **Warning:** this is a preliminary example and will properly be implemented |
|
|
|
|
|
|
|
> in ORY Kratos directly. |
|
|
|
|
|
|
|
|
|
|
|
For now, to run this example execute: |
|
|
|
For now, to run this example execute: |
|
|
|
|
|
|
|
|
|
|
|
```shell script |
|
|
|
```shell script |
|
|
|
$ docker-compose up --build |
|
|
|
docker-compose up --build |
|
|
|
``` |
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
Next, create an OAuth2 Client |
|
|
|
Next, create an OAuth2 Client |
|
|
|
|
|
|
|
|
|
|
|
```shell script |
|
|
|
```shell script |
|
|
|
$ docker-compose exec hydra \ |
|
|
|
docker-compose exec hydra \ |
|
|
|
hydra clients create \ |
|
|
|
hydra clients create \ |
|
|
|
--endpoint http://127.0.0.1:4445 \ |
|
|
|
--endpoint http://127.0.0.1:4445 \ |
|
|
|
--id auth-code-client \ |
|
|
|
--id auth-code-client \ |
|
|
@ -25,7 +26,7 @@ $ docker-compose exec hydra \ |
|
|
|
and perform an OAuth2 Authorize Code Flow |
|
|
|
and perform an OAuth2 Authorize Code Flow |
|
|
|
|
|
|
|
|
|
|
|
```shell script |
|
|
|
```shell script |
|
|
|
$ docker-compose exec hydra \ |
|
|
|
docker-compose exec hydra \ |
|
|
|
hydra token user \ |
|
|
|
hydra token user \ |
|
|
|
--client-id auth-code-client \ |
|
|
|
--client-id auth-code-client \ |
|
|
|
--client-secret secret \ |
|
|
|
--client-secret secret \ |
|
|
@ -34,8 +35,6 @@ $ docker-compose exec hydra \ |
|
|
|
--scope openid,offline |
|
|
|
--scope openid,offline |
|
|
|
``` |
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Setup |
|
|
|
## Setup |
|
|
|
|
|
|
|
|
|
|
|
Clone the ui: |
|
|
|
Clone the ui: |
|
|
@ -55,7 +54,7 @@ docker-compose build --pull && docker-compose up -d |
|
|
|
Create an OAuth2 Client |
|
|
|
Create an OAuth2 Client |
|
|
|
|
|
|
|
|
|
|
|
```shell script |
|
|
|
```shell script |
|
|
|
$ docker-compose exec hydra \ |
|
|
|
docker-compose exec hydra \ |
|
|
|
hydra clients create \ |
|
|
|
hydra clients create \ |
|
|
|
--endpoint http://127.0.0.1:4445 \ |
|
|
|
--endpoint http://127.0.0.1:4445 \ |
|
|
|
--id gitea-client \ |
|
|
|
--id gitea-client \ |
|
|
@ -69,7 +68,7 @@ $ docker-compose exec hydra \ |
|
|
|
and perform an OAuth2 Authorize Code Flow |
|
|
|
and perform an OAuth2 Authorize Code Flow |
|
|
|
|
|
|
|
|
|
|
|
```shell script |
|
|
|
```shell script |
|
|
|
$ docker-compose exec hydra \ |
|
|
|
docker-compose exec hydra \ |
|
|
|
hydra token user \ |
|
|
|
hydra token user \ |
|
|
|
--client-id gitea-client \ |
|
|
|
--client-id gitea-client \ |
|
|
|
--client-secret superSecret \ |
|
|
|
--client-secret superSecret \ |
|
|
@ -91,6 +90,8 @@ hydra clients create \ |
|
|
|
--callbacks http://cloud.server.lan/apps/oidc_login/oidc |
|
|
|
--callbacks http://cloud.server.lan/apps/oidc_login/oidc |
|
|
|
``` |
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Minimum parameters needed in `config/config.php`: |
|
|
|
|
|
|
|
|
|
|
|
```php |
|
|
|
```php |
|
|
|
'oidc_login_client_id' => 'nextcloud', |
|
|
|
'oidc_login_client_id' => 'nextcloud', |
|
|
|
'oidc_login_client_secret' => 'superSecret', |
|
|
|
'oidc_login_client_secret' => 'superSecret', |
|
|
|