infra
/
docker-sso
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
85 KiB
 
Tag: Branch: Tree: 182878e16c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '182878e16c'
${ noResults }
docker-sso/README.md

102 lines
2.2 KiB
Raw Blame History

# ORY Kratos as Login Provider for ORY Hydra
**Warning: ** this is a preliminary example and will properly be implemented in ORY Kratos directly.
For now, to run this example execute:
```shell script
$ docker-compose up --build
```
Next, create an OAuth2 Client
```shell script
$ docker-compose exec hydra \
hydra clients create \
--endpoint http://127.0.0.1:4445 \
--id auth-code-client \
--secret secret \
--grant-types authorization_code,refresh_token \
--response-types code,id_token \
--scope openid,offline \
--callbacks http://127.0.0.1:5555/callback
```
and perform an OAuth2 Authorize Code Flow
```shell script
$ docker-compose exec hydra \
hydra token user \
--client-id auth-code-client \
--client-secret secret \
--endpoint http://hydra.server.lan/ \
--port 5555 \
--scope openid,offline
```
## Setup
Clone the ui:
```shell script
./setup.sh
```
Spin the containers:
```shell script
docker-compose build --pull && docker-compose up -d
```
## Gitea
Create an OAuth2 Client
```shell script
$ docker-compose exec hydra \
hydra clients create \
--endpoint http://127.0.0.1:4445 \
--id gitea-client \
--secret superSecret \
--grant-types authorization_code,refresh_token \
--response-types code,id_token \
--scope openid,offline \
--callbacks http://git.dev.server.lan/user/oauth2/hydra/callback
```
and perform an OAuth2 Authorize Code Flow
```shell script
$ docker-compose exec hydra \
hydra token user \
--client-id gitea-client \
--client-secret superSecret \
--endpoint http://hydra.server.lan/ \
--port 5555 \
--scope openid,offline
```
## Nextcloud
```shell script
hydra clients create \
--endpoint http://127.0.0.1:4445 \
--id nextcloud \
--secret superSecret \
--grant-types authorization_code,refresh_token \
--response-types code,id_token \
--scope openid,offline \
--callbacks http://cloud.server.lan/apps/oidc_login/oidc
```
```php
'oidc_login_client_id' => 'nextcloud',
'oidc_login_client_secret' => 'superSecret',
'oidc_login_provider_url' => 'http://hydra.server.lan',
'oidc_login_disable_registration' => false,
'oidc_login_attributes' => array(
'id' => 'sub',
),
```