New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cmd: Should not fatal if ORY Hydra SDK is unable to start #71

Closed
aeneasr opened this Issue Jun 12, 2018 · 4 comments

Comments

Projects
None yet
3 participants

@aeneasr aeneasr added the enhancement label Jun 12, 2018

@aeneasr aeneasr self-assigned this Jun 12, 2018

@Detrous

This comment has been minimized.

Detrous commented Jun 12, 2018

Update --help command. I need to specify this for work:
CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_URL=hydra_url

But this env variable not described in help

@aeneasr

This comment has been minimized.

Member

aeneasr commented Jun 12, 2018

Yes, seems like it isn't being updated. I think one possibility is to introduce an CREDENTIALS_ISSUER_ID_TOKEN_STRATEGY which can be set to hydra or hs (for hmac-sha). The second would be the default and we could require the user to set a password and (optionally) generate a random one.

That way there would no longer be a direct dependency to ORY Hydra and thus the tutorial would work and ORY Oathkeeper would be standalone.

I'll work on this tomorrow.

aeneasr added a commit that referenced this issue Jun 13, 2018

Reduces setup complexity by making strategies configurable
This patch adds another ID Token signing algorithm (HS256) which is easier to set up as it does not rely on ORY Hydra but instead on a shared secret.

Additionally the ability to specify which ID Token singing algorithm to use has been added. Environmental variables to configure the behvaiour have been added as well.

Further, the ORY Keto Warden Authorizer strategy is now optional and disabled when the environment variable `AUTHORIZER_KETO_WARDEN_KETO_URL` is empty.

Closes #71

@aeneasr aeneasr closed this in 6626f8f Jun 14, 2018

@gentunian

This comment has been minimized.

gentunian commented Aug 26, 2018

I will leave this for reference and shortcut for people having the same issue. For more information read the oathkeeper upgrade guide

I was having the same issue with the examples/full-stack commit 76bd4877044c5bdded0f6b8b8ad12cd5c7f087af (seems outdated as this is the last commit from examples) and environment has CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_URL set that should be changed to: CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_ADMIN_URL

Working environment:

    environment:
      - LOG_LEVEL=debug
      - PORT=4456
      - DATABASE_URL=postgres://dbuser:secret@postgresd:5432/accesscontroldb?sslmode=disable
      - ISSUER_URL=http://localhost:4455/
      - AUTHORIZER_KETO_WARDEN_KETO_URL=http://keto:4466
      - CREDENTIALS_ISSUER_ID_TOKEN_ALGORITHM=ory-hydra
      - CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_JWK_SET_ID=resources:hydra:jwk:oathkeeper
      - CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_ADMIN_URL=http://hydra:4445
@aeneasr

This comment has been minimized.

Member

aeneasr commented Aug 26, 2018

Thanks! Master is not yet released but with rc.1 the examples will be upgraded too!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment