hydra token user's callback url is hardcoded

[wangyun]

I follow the tutorial and it's working except the last step, which is redirect to the callback url, the url is hardcoded to "http://localhost:4445/callback".
Because I open browser on another machine, so this redirection will fail.
Is it possible to set this callback url?

Thanks.

[aeneasr]

No, unfortunately it's not at the moment. But you can easily work around this by replacing localhost:4445 with the right host and port

[wangyun]

Yeah, I see, thank you.
From my understanding, the "hydra token user" command here is just for tutorial?
If for example, I deploy my web app, I need to create a new client in hydra, and at that time, I can set the redirect url to my web app's domain?
Sorry for my poor English.

[aeneasr]

Yes, it's primarily for demo purposes. Yes, for a new redirect url you would have to write an OAuth2 app and create an OAuth2 client in Hydra that allows that redirect url

[wangyun]

I see, thanks.

[vinodborole]

@arekkas How do I set the redirect url while creating a new client; as far as the hydra CLI is concerned the "hydra clients create" automatically generates the client_id and client_secret and does not ask for the redirect URL. The documentation also does not mention anything about setting redirect_url for the new client. Can you please help me here?

[aeneasr]

hydra help clients create

[vinodborole]

@arekkas thanks for your prompt response i tried that as well;

   /go/src/github.com/ory-am/hydra # hydra clients create -c http://11.12.23.33:4
  445/callback
  Client ID: 0e3db2e1-82b8-454f-8317-a0c5123f4320
  Client Secret: %Jl1wccE$.oYpbG(6bKbL7WXFF

  /go/src/github.com/ory-am/hydra # hydra token client
  kwimUTBP_-KjmPo0oQljqJE1T-
  fzUyPt2Lr78JVIVlQ.AQgX24co49DnMfcQyEKQijr0jgBn2HxYrNOnfgA69H0

Event with this the callback listener is set to localhost

 /go/src/github.com/ory-am/hydra # hydra token user
Setting up callback listener on http://localhost:4445/callback
Press ctrl + c on Linux / Windows or cmd + c on OSX to end the process.
If your browser does not open automatically, navigate to:

[aeneasr]

hydra help token user

[nishaantchauhan]

hi, @wangyun I am facing the same issue as you faced As @aeneasr suggested the set required to host and port I did but the error is still same.

No, unfortunately, it's not at the moment. But you can easily work around this by replacing localhost:4445 with the right host and port

Maybe callbacks URL is still hardcoded!!

  -e HYDRA_ADMIN_URL=https://ory-hydra-example--hydra:4445 \
  --network hydraguide \
  oryd/hydra:v1.0.0-rc.4_oryOS.9 \
  clients create --skip-tls-verify \
    --id facebook-photo-backup \
    --secret some-secret \
    --grant-types authorization_code,refresh_token,client_credentials,implicit \
    --response-types token,code,id_token \
    --scope openid,offline,photos.read \
    --callbacks http://127.0.0.1:9010/callback

[aeneasr]

No it's not hardcoded, the URL in your browser shows 172.18.0.1, your callback URL here shows 127.0.0.1. That's two completely different domains, which might cause the error.

[nishaantchauhan]

Thank you for quick response @aeneasr
I have used our server's callback URL --callbacks http://172.18.0.1:9010/callback but the Error is same. i have get the URL link which is https://172.18.0.1:9000/oauth2/auth?audience=&client_id=facebook-photo-backup&max_age=0&nonce=zpqrmxissxmwqwajjbxbfvdj&prompt=&redirect_uri=http%3A%2F%2F127.0.0.1%3A9010%2Fcallback&response_type=code&scope=openid+offline+photos.read&state=sivhtaipzyjumqmtfhkeuvkv

If it was not the hardcoded than why the redirect url is 127.0.0.1 instead of 172.18.0.1 ?

[aeneasr]

No, with redirect_uri=http%3A%2F%2F127.0.0.1%3A9010%2Fcallback (decoded redirect_uri=http://127.0.0.1:9010/callback) the redirect uri looks ok. Pretty sure it's something else, what's the output of:

  clients get --skip-tls-verify --id facebook-photo-backup

[nishaantchauhan]

sorry @aeneasr but I didn't get it how to fire this

clients get --skip-tls-verify --id facebook-photo-backup

Maybe I thought we can set only http://127.0.0.1:9010/callback callback URL. we don't have any choice except 127.0.0.1 host. if we set any other host than we get this error.

[ghost]

I got the same issue here...

Here is my result of clients get --skip-tls-verify --id facebook-photo-backup

$docker run --rm -it   -e HYDRA_ADMIN_URL=https://ory-hydra-example--hydra:4445   --network hydraguide
 oryd/hydra:v1.0.0-rc.6_oryOS.10   clients get --skip-tls-verify facebook-photo-backup
{
        "client_id": "facebook-photo-backup",
        "grant_types": [
                "authorization_code"
        ],
        "jwks": {},
        "redirect_uris": [
                "http://10.17.56.114:9010/callback"
        ],
        "response_types": [
                "token",
                "code",
                "id_token"
        ],
        "scope": "openid offline photos.read",
        "subject_type": "public",
        "token_endpoint_auth_method": "client_secret_basic",
        "userinfo_signed_response_alg": "none"
}

And I run "toker user" as the following with forcing redirect_uri to my ip address:

 docker run --rm -it \
  --network hydraguide \
  -p 9010:9010 \
  oryd/hydra:v1.0.0-rc.6_oryOS.10 \
  token user --skip-tls-verify \
    --port 9010 \
    --auth-url https://10.17.56.114:9000/oauth2/auth \
    --token-url https://ory-hydra-example--hydra:4444/oauth2/token \
    --client-id facebook-photo-backup \
    --client-secret some-secret \
    --scope openid,offline,photos.read \
    --redirect http://10.17.56.114:9010/callback

I can see the url link of "Authorize application" is:
https://10.17.56.114:9000/oauth2/auth?audience=&client_id=facebook-photo-backup&max_age=0&nonce=tebmghqzzjpdfewhyoqbduvk&prompt=&redirect_uri=http%3A%2F%2F10.17.56.114%3A9010%2Fcallback&response_type=code&scope=openid+offline+photos.read&state=glwqqaumscijmexqowcaoqag, which has a redirect_uri=10.17.56.114:9010/callback, just like the one registered as my client.

But after I clicked the link, the output is:

Cannot read property 'match' of undefined
TypeError: Cannot read property 'match' of undefined
    at normalize (/usr/src/app/node_modules/url-join/lib/url-join.js:11:21)
    at /usr/src/app/node_modules/url-join/lib/url-join.js:70:12
    at get (/usr/src/app/services/hydra.js:15:16)
    at Object.getLoginRequest (/usr/src/app/services/hydra.js:59:12)
    at /usr/src/app/routes/login.js:17:9
    at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
    at next (/usr/src/app/node_modules/express/lib/router/route.js:131:13)
    at csrf (/usr/src/app/node_modules/csurf/index.js:117:5)
    at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
    at next (/usr/src/app/node_modules/express/lib/router/route.js:131:13)