fix(hydra-kratos): consent page not working

ory · May 2, 2023 · c4404dc · c4404dc
1 parent dc91a18
commit c4404dc
Show file tree

Hide file tree

Showing 6 changed files with 2,920 additions and 7,427 deletions.
diff --git a/kratos-hydra/contrib/hydra/README.md b/kratos-hydra/contrib/hydra/README.md
@@ -12,25 +12,27 @@ $ docker-compose up --build
 Next, create an OAuth2 Client
 
 ```shell script
-$ docker-compose exec hydra \
-    hydra clients create \
+$ code_client=$(docker-compose exec hydra \
+    hydra create client \
     --endpoint http://127.0.0.1:4445 \
-    --id auth-code-client \
-    --secret secret \
-    --grant-types authorization_code,refresh_token \
-    --response-types code,id_token \
-    --scope openid,offline \
-    --callbacks http://127.0.0.1:5555/callback
+    --grant-type authorization_code,refresh_token \
+    --response-type code,id_token \
+    --format json \
+    --scope openid --scope offline \
+    --redirect-uri http://127.0.0.1:5555/callback)
+
+code_client_id=$(echo $code_client | jq -r '.client_id')
+code_client_secret=$(echo $code_client | jq -r '.client_secret')
 ```
 
 and perform an OAuth2 Authorize Code Flow
 
 ```shell script
 $ docker-compose exec hydra \
-    hydra token user \
-    --client-id auth-code-client \
-    --client-secret secret \
+    hydra perform authorization-code \
+    --client-id $code_client_id \
+    --client-secret $code_client_secret \
     --endpoint http://127.0.0.1:4444/ \
     --port 5555 \
-    --scope openid,offline
+    --scope openid --scope offline
 ```
diff --git a/kratos-hydra/contrib/hydra/docker-compose.yml b/kratos-hydra/contrib/hydra/docker-compose.yml
@@ -5,7 +5,7 @@ version: "3.7"
 
 services:
   hydra-migrate:
-    image: oryd/hydra:v2.0.3
+    image: oryd/hydra:v2.1.1
     environment:
       - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc
     volumes:
@@ -19,7 +19,7 @@ services:
       - intranet
 
   hydra:
-    image: oryd/hydra:v2.0.3
+    image: oryd/hydra:v2.1.1
     depends_on:
       - hydra-migrate
     ports:
@@ -34,8 +34,8 @@ services:
       - LOG_LEAK_SENSITIVE_VALUES=true
       - URLS_SELF_ISSUER=http://127.0.0.1:4444
       - URLS_SELF_PUBLIC=http://127.0.0.1:4444
-      - URLS_CONSENT=http://127.0.0.1:3000/auth/hydra/consent
-      - URLS_LOGIN=http://127.0.0.1:3000/auth/hydra/login
+      - URLS_CONSENT=http://127.0.0.1:3000/consent
+      - URLS_LOGIN=http://127.0.0.1:3000/login
       - URLS_LOGOUT=http://127.0.0.1:3000/logout
       - SECRETS_SYSTEM=youReallyNeedToChangeThis
       - OIDC_SUBJECT_IDENTIFIERS_SUPPORTED_TYPES=public,pairwise
@@ -55,11 +55,12 @@ services:
       dockerfile: Dockerfile
     environment:
       - HYDRA_ADMIN_URL=http://hydra:4445
-      - KRATOS_PUBLIC_URL=http://kratos:4433/
-      - KRATOS_ADMIN_URL=http://kratos:4434/
+      - KRATOS_PUBLIC_URL=http://kratos:4433
+      - KRATOS_ADMIN_URL=http://kratos:4434
       - SECURITY_MODE=standalone
-      - KRATOS_BROWSER_URL=http://127.0.0.1:3000/.ory/kratos/public
-      # - KRATOS_BROWSER_URL=http://127.0.0.1:4433/
+      - KRATOS_BROWSER_URL=http://127.0.0.1:4433
+      # - KRATOS_BROWSER_URL=http://127.0.0.1:3000/.ory/kratos/public
+
     ports:
       - "3000:3000"
     networks:
@@ -68,7 +69,7 @@ services:
       - /tmp/ui-node/logs:/root/.npm/_logs
 
   kratos-migrate:
-    image: oryd/kratos:v0.11.1
+    image: oryd/kratos:v0.13.0
     environment:
       - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc
     volumes:
@@ -79,22 +80,22 @@ services:
       - type: bind
         source: ./kratos
         target: /etc/config/kratos
-    command: -c /etc/config/kratos/.kratos.yml migrate sql -e --yes
+    command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
     restart: on-failure
     networks:
       - intranet
 
   kratos:
     depends_on:
       - kratos-migrate
-    image: oryd/kratos:v0.11.1
+    image: oryd/kratos:v0.13.0
     ports:
       - "4433:4433" # public
       - "4434:4434" # admin
     restart: unless-stopped
     environment:
       - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true
-    command: serve -c /etc/config/kratos/.kratos.yml --dev
+    command: serve -c /etc/config/kratos/kratos.yml --dev
     volumes:
       - type: volume
         source: kratos-sqlite

diff --git a/...os-hydra/contrib/hydra/kratos/.kratos.yml → kratos-hydra/contrib/hydra/kratos/kratos.yml b/...os-hydra/contrib/hydra/kratos/.kratos.yml → kratos-hydra/contrib/hydra/kratos/kratos.yml
@@ -1,15 +1,14 @@
 serve:
   public:
-    base_url: http://127.0.0.1:3000/.ory/kratos/public/
-    # base_url: http://127.0.0.1:4433/
+#    base_url: http://127.0.0.1:3000/.ory/kratos/public/
+     base_url: http://127.0.0.1:4433/
   admin:
     base_url: http://kratos:4434/
 
 selfservice:
   default_browser_return_url: http://127.0.0.1:3000/
   allowed_return_urls:
     - http://127.0.0.1:3000/
-    - http://127.0.0.1:3000/auth/hydra/login
 
   methods:
     password:
@@ -29,13 +28,13 @@ selfservice:
 
     logout:
       after:
-        default_browser_return_url: http://127.0.0.1:3000/auth/login
+        default_browser_return_url: http://127.0.0.1:3000/login
 
     login:
-      ui_url: http://127.0.0.1:3000/auth/login
+      ui_url: http://127.0.0.1:3000/login
 
     registration:
-      ui_url: http://127.0.0.1:3000/auth/registration
+      ui_url: http://127.0.0.1:3000/registration
       after:
         password:
           hooks:
@@ -60,3 +59,6 @@ identity:
 courier:
   smtp:
     connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true
+
+oauth2_provider:
+  url: http://hydra:4445
diff --git a/kratos-hydra/contrib/hydra/pg-init/pg-init.sh b/kratos-hydra/contrib/hydra/pg-init/pg-init.sh