infra
/
docker-sso
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
85 KiB
 
Tag: Branch: Tree: afbc430206
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'afbc430206'
${ noResults }
Meliurwen afbc430206
Small fixes 		4 years ago
kratos First working version 4 years ago
.gitignore First working version 4 years ago
README.md Small fixes 4 years ago
docker-compose.yml Small fixes 4 years ago
setup.sh First working version 4 years ago

README.md

ORY Kratos as Login Provider for ORY Hydra

Warning: this is a preliminary example and will properly be implemented in ORY Kratos directly.

For now, to run this example execute:

docker-compose up --build

Next, create an OAuth2 Client

docker-compose exec hydra \
    hydra clients create \
    --endpoint http://127.0.0.1:4445 \
    --id auth-code-client \
    --secret secret \
    --grant-types authorization_code,refresh_token \
    --response-types code,id_token \
    --scope openid,offline \
    --callbacks http://127.0.0.1:5555/callback

and perform an OAuth2 Authorize Code Flow

docker-compose exec hydra \
    hydra token user \
    --client-id auth-code-client \
    --client-secret secret \
    --endpoint http://hydra.server.lan/ \
    --port 5555 \
    --scope openid,offline

Setup

Clone the ui:

./setup.sh

Spin the containers:

docker-compose build --pull && docker-compose up -d

Gitea

Create an OAuth2 Client

docker-compose exec hydra \
    hydra clients create \
    --endpoint http://127.0.0.1:4445 \
    --id gitea-client \
    --secret superSecret \
    --grant-types authorization_code,refresh_token \
    --response-types code,id_token \
    --scope openid,offline \
    --callbacks http://git.dev.server.lan/user/oauth2/hydra/callback

and perform an OAuth2 Authorize Code Flow

docker-compose exec hydra \
    hydra token user \
    --client-id gitea-client \
    --client-secret superSecret \
    --endpoint http://hydra.server.lan/ \
    --port 5555 \
    --scope openid,offline

Nextcloud

hydra clients create \
    --endpoint http://127.0.0.1:4445 \
    --id nextcloud \
    --secret superSecret \
    --grant-types authorization_code,refresh_token \
    --response-types code,id_token \
    --scope openid,offline \
    --callbacks http://cloud.server.lan/apps/oidc_login/oidc

Minimum parameters needed in config/config.php:

'oidc_login_client_id' => 'nextcloud',
'oidc_login_client_secret' => 'superSecret',
'oidc_login_provider_url' => 'http://hydra.server.lan',
'oidc_login_disable_registration' => false,
'oidc_login_attributes' => array(
        'id' => 'sub',
),