denise
/
ory-account-experience
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Ory Kratos (and eventually Hydra) testing for La Contre-Voie
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
40 KiB
Dockerfile 100%
 
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Go to file
Denise Bitca 2ad20cf7db Fixed broken URL 2 months ago
LICENSE Initial commit 3 months ago
README.md Fixed broken URL 2 months ago
dc-hydra.yaml refactor(all): continued research 3 months ago
dc-kratos.yaml refactor(all): continued research 3 months ago
dc-services.yaml refactor(all): continued research 3 months ago
hydra.Dockerfile refactor(all): split for maintainability, added doc 3 months ago
hydra.yml refactor(all): continued research 3 months ago
identity.schema.json first commit 3 months ago
kratos.Dockerfile refactor(all): split for maintainability, added doc 3 months ago
kratos.yml refactor(all): continued research 3 months ago
selfservice-kratos.Dockerfile.bak refactor(all): continued research 3 months ago

README.md

ory-account-experience

Ory Kratos (and eventually Hydra) testing for La Contre-Voie

Comes pre-packaged with the Ory Account Experience (tm) Community Edition and the Ory Account Login Consent Experience (tm(patent pending (limited))).

Based off Dockerfile and docker-compose from https://github.com/ory/kratos, which is under the Apache License 2.0.

Also based off Dockerfile and docker-compose from https://github.com/ory/hydra, which is also under the Apache License 2.0.

Also based docker-compose from https://git.4201337.xyz/miaoute/config_files, which is under the MIT license.

To run:

docker compose -f dc-services.yaml -f dc-kratos.yaml -f dc-hydra.yaml build
docker compose -f dc-services.yaml -f dc-kratos.yaml -f dc-hydra.yaml up -d

To create a OAUTH2 client with OPENID authorisation that should work with Gitea:

(assuming that you set the oauth2 provider's name to ory_hydra on the Gitea side)

(The autodiscovery OPENID url is http://hydra:4444/.well-known/openid-configuration)

docker compose -f dc-services.yaml -f dc-kratos.yaml -f dc-hydra.yaml exec hydra hydra create client \
    --endpoint http://hydra:4445 \
    --grant-type authorization_code,refresh_token \
    --response-type code \
    --scope offline_access,openid \
    --redirect-uri http://localhost:3621/user/oauth2/ory_hydra/callback \
	--metadata '{"trusted":true}'

Replace e1r2p1.clusters.42paris.fr in the configuration files by a hostname that the whole network shares, and is accessible via your browser.

Configuration files you need to change: dc-kratos.yaml and kratos.yml

You cannot use localhost unless you want to do network_mode: host, which is a terrible idea.

A permanent fix is to NOT use the Admin API, for the Admin API, when fetching identity schemas, redirects to the public base_url defined in /etc/config/kratos/kratos.yml, which is only adapted for use outside of Docker containers, and is not the url that should be used internally between containers.

Basically, develop your own consent flow and use the internal hostname to get the schema information so that the system is as airgapped as possible.