You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Meliurwen
afbc430206
|
4 years ago | |
---|---|---|
kratos | 4 years ago | |
.gitignore | 4 years ago | |
README.md | 4 years ago | |
docker-compose.yml | 4 years ago | |
setup.sh | 4 years ago |
README.md
ORY Kratos as Login Provider for ORY Hydra
Warning: this is a preliminary example and will properly be implemented in ORY Kratos directly.
For now, to run this example execute:
docker-compose up --build
Next, create an OAuth2 Client
docker-compose exec hydra \
hydra clients create \
--endpoint http://127.0.0.1:4445 \
--id auth-code-client \
--secret secret \
--grant-types authorization_code,refresh_token \
--response-types code,id_token \
--scope openid,offline \
--callbacks http://127.0.0.1:5555/callback
and perform an OAuth2 Authorize Code Flow
docker-compose exec hydra \
hydra token user \
--client-id auth-code-client \
--client-secret secret \
--endpoint http://hydra.server.lan/ \
--port 5555 \
--scope openid,offline
Setup
Clone the ui:
./setup.sh
Spin the containers:
docker-compose build --pull && docker-compose up -d
Gitea
Create an OAuth2 Client
docker-compose exec hydra \
hydra clients create \
--endpoint http://127.0.0.1:4445 \
--id gitea-client \
--secret superSecret \
--grant-types authorization_code,refresh_token \
--response-types code,id_token \
--scope openid,offline \
--callbacks http://git.dev.server.lan/user/oauth2/hydra/callback
and perform an OAuth2 Authorize Code Flow
docker-compose exec hydra \
hydra token user \
--client-id gitea-client \
--client-secret superSecret \
--endpoint http://hydra.server.lan/ \
--port 5555 \
--scope openid,offline
Nextcloud
hydra clients create \
--endpoint http://127.0.0.1:4445 \
--id nextcloud \
--secret superSecret \
--grant-types authorization_code,refresh_token \
--response-types code,id_token \
--scope openid,offline \
--callbacks http://cloud.server.lan/apps/oidc_login/oidc
Minimum parameters needed in config/config.php
:
'oidc_login_client_id' => 'nextcloud',
'oidc_login_client_secret' => 'superSecret',
'oidc_login_provider_url' => 'http://hydra.server.lan',
'oidc_login_disable_registration' => false,
'oidc_login_attributes' => array(
'id' => 'sub',
),