Small fixes

master
Meliurwen 4 years ago
parent 182878e16c
commit afbc430206
Signed by: meliurwen
GPG Key ID: 818A8B35E9F1CE10
  1. 17
      README.md
  2. 19
      docker-compose.yml

@ -1,17 +1,18 @@
# ORY Kratos as Login Provider for ORY Hydra
**Warning: ** this is a preliminary example and will properly be implemented in ORY Kratos directly.
> **Warning:** this is a preliminary example and will properly be implemented
> in ORY Kratos directly.
For now, to run this example execute:
```shell script
$ docker-compose up --build
docker-compose up --build
```
Next, create an OAuth2 Client
```shell script
$ docker-compose exec hydra \
docker-compose exec hydra \
hydra clients create \
--endpoint http://127.0.0.1:4445 \
--id auth-code-client \
@ -25,7 +26,7 @@ $ docker-compose exec hydra \
and perform an OAuth2 Authorize Code Flow
```shell script
$ docker-compose exec hydra \
docker-compose exec hydra \
hydra token user \
--client-id auth-code-client \
--client-secret secret \
@ -34,8 +35,6 @@ $ docker-compose exec hydra \
--scope openid,offline
```
## Setup
Clone the ui:
@ -55,7 +54,7 @@ docker-compose build --pull && docker-compose up -d
Create an OAuth2 Client
```shell script
$ docker-compose exec hydra \
docker-compose exec hydra \
hydra clients create \
--endpoint http://127.0.0.1:4445 \
--id gitea-client \
@ -69,7 +68,7 @@ $ docker-compose exec hydra \
and perform an OAuth2 Authorize Code Flow
```shell script
$ docker-compose exec hydra \
docker-compose exec hydra \
hydra token user \
--client-id gitea-client \
--client-secret superSecret \
@ -91,6 +90,8 @@ hydra clients create \
--callbacks http://cloud.server.lan/apps/oidc_login/oidc
```
Minimum parameters needed in `config/config.php`:
```php
'oidc_login_client_id' => 'nextcloud',
'oidc_login_client_secret' => 'superSecret',

@ -1,5 +1,5 @@
# This docker-compose file sets up ORY Kratos, ORY Hydra, and this app in a network and configures
# in such a way that ORY Kratos is the Login Provider for ORY Hydra.
# This docker-compose file sets up ORY Kratos, ORY Hydra, and this app in a network
# and configures in such a way that ORY Kratos is the Login Provider for ORY Hydra.
version: '3.7'
@ -22,12 +22,15 @@ services:
- hydra-migrate
expose:
- "4444" # Public port http://hydra.server.lan
- "4445" # Admin port
ports:
- "4445:4445" # Admin port
- "5555:5555" # Port for hydra token user
command:
serve all --sqa-opt-out --dangerous-force-http --dangerous-allow-insecure-redirect-urls "http://git.dev.server.lan/user/oauth2/hydra/callback","http://cloud.server.lan/apps/oidc_login/oidc"
restart: on-failure # TODO figure out why we need this (incorporate health check into hydra migrate command?)
serve all --sqa-opt-out --dangerous-force-http \
--dangerous-allow-insecure-redirect-urls \
"http://git.dev.server.lan/user/oauth2/hydra/callback",\
"http://cloud.server.lan/apps/oidc_login/oidc"
restart: on-failure
environment:
- LOG_LEAK_SENSITIVE_VALUES=true
- URLS_SELF_ISSUER=http://hydra.server.lan
@ -89,9 +92,9 @@ services:
depends_on:
- kratos-migrate
image: oryd/kratos:v0.5.4-alpha.1-sqlite
ports:
- "4433:4433" # public
- "4434:4434" # admin
expose:
- "4433" # public
- "4434" # admin
restart: unless-stopped
environment:
- DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true

Loading…
Cancel
Save