ory / hydra-login-consent-node Goto Github PK

This is an ExpressJS reference implementation for the ORY Hydra User Login and Consent interface written in TypeScript and ExpressJS.

Home Page: https://www.ory.sh/hydra

License: Apache License 2.0

Dockerfile 1.23% TypeScript 82.44% Pug 12.82% Makefile 3.50%

hydra-login-consent-node's Introduction

hydra-user-and-consent-provider-node

This is a reference implementation for the User Login and Consent flow of Ory OAuth2 service (Hydra) in NodeJS. The application is bootstrapped using the express cli.

Overview
Running

Overview

Apart from additions (./routes/login.ts, ./routes/consent.ts) and their respective templates, only a [CSRF Middleware] has been added. Everything else is the standard express template.

Also, a simple helper that makes HTTP requests has been added to ./services/hydra.js which uses the node-fetch library.

To set this example up with ORY Hydra, please refer to the official documentation.

Running

Please head over to the ORY Hydra 5 Minute Tutorial to see how this works.

FAQ

TLS Termination

You can mock TLS Termination by setting environment variable MOCK_TLS_TERMINATION to any value, for example MOCK_TLS_TERMINATION=y. This will add X-Forwarded-Proto: https to each HTTP Request Header.

Integrating with Ory Cloud

To integrate this example app with Ory Cloud Oauth2 Service set variable ORY_API_KEY with value of your Ory API Key / Ory Personal Access Token and set HYDRA_ADMIN_URL to the value of you Ory Cloud API URL which you can find in your Ory Cloud Project

hydra-login-consent-node's People

Contributors

Stargazers

Watchers

Forkers

renesugar jdelagal 8515008 oneconcern cbioley howardedidin auzty rhenann hikarino-my johnfernandes marceldegraaf sebastian1011 dudetheman not-a-dev0 krzysztof-plutoflume fbaraujo goglue appelberg-s wendysanarwanto ubi-mirrors asyade fahhad988 pluce talaviel rdc-lda gilbertobotaro agartime ajkeys raul-zhao cosmic-explorer nguillomon jppiiroinen ray20204 polymath-is ufo22940268 gwn nergonvc everas7 vsfedorenko adrianlzt eligolub szjerrywang favadi zoop p000ic p000 mainadais christian-roggia ahmad-nasikin gkapkowski plentymarkets dt021 supermqb msanguineti njnygaard fraxachun walimike aliirz ctumwebaze lionheart2016 kennhung wikia redbonezhang tribe-health victorvat ngo275 ygt1qa miketout coding-yogi reisap alison-33 devdudeio apratt3377 vinckr quadrio abudawud leondevlifelog fmavroian mchristophe koakh micheljung bilalsha bambeusz digant20 rikkuness akhilvanka r0one tombanjo blav isabella232 kevgo-ory bagasstrongman amit-tatvacare xuanye supercairos piotrmsc summittech-ca gqadonis muhajirdev nav-plaing

hydra-login-consent-node's Issues

Provide a consistent and language-agnostic documentation

Issue

The login-consent flow in the Hydra's documentation is very unclear and the only reference for it is this implementation.

Proposal

Instead of giving a bare implementation as a documentation, please include in the Hydra's documentation a language-agnostic documention of the login-consent flow.

Example

Let's say this is the documention's part about the login-consent flow:

Hydra make a request to your login endpoint with:
- Method: GET
- Query parameters: challenge_id, subject, ...
Your endpoint must make a request to /oauth/requests with:
- Method: POST
- Content-Type: application/json
- Query parameters: challenge_id, ...
...

Aside

I came up with this issue trying to figure out how to write a login-consent flow using an SPA instead of a server-side rendered webapp.

Solution

Please comment this issue with your language-agnostic login-consent flow documentation to help the Hydra's team to do it more quickly.

Seems to connect to localhost even though HYDRA_ADMIN_URL is set

Preflight checklist

I could not find a solution in the existing issues, docs, nor discussions.
I agree to follow this project's Code of Conduct.
I have read and am following this repository's Contribution Guidelines.
This issue affects my Ory Network project.
I have joined the Ory Community Slack.
I am signed up to the Ory Security Patch Newsletter.

Describe the bug

Hello,

I'm trying this hydra-login-consent-node example on a real Kubernetes cluster I'm setting up, and even though I've got HYDRA_ADMIN_URL set to a real hostname, I'm getting this error:

request to https://localhost:4445/admin/oauth2/auth/requests/login?login_challenge=abc123 failed, reason: connect ECONNREFUSED 127.0.0.1:4445

I logged into the pod and the URL is set properly in the environment, so I'm wondering if that localhost URL is hardcoded somewhere.

Reproducing the bug

Set up Kubernetes cluster
Install Hydra
Install this example
Point HYDRA_ADMIN_URL to the internal service URL for the Hydra admin API
Example returns error about connection failure to `127.0.0.1:4request to https://localhost:4445/admin/oauth2/auth/requests/login?login_challenge=abc123 failed, reason: connect ECONNREFUSED 127.0.0.1:4445

FetchError: request to https://localhost:4445/admin/oauth2/auth/requests/login?login_challenge=abc123 failed, reason: connect ECONNREFUSED 127.0.0.1:4445
at ClientRequest. (/usr/src/app/node_modules/node-fetch/lib/index.js:1455:11)
at ClientRequest.emit (events.js:182:13)
at TLSSocket.socketErrorListener (_http_client.js:382:9)
at TLSSocket.emit (events.js:182:13)
at emitErrorNT (internal/streams/destroy.js:82:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:50:3)
at process._tickCallback (internal/process/next_tick.js:63:19)445instead of actual service hostname set inHYDRA_ADMIN_URL`

Relevant log output

request to https://localhost:4445/admin/oauth2/auth/requests/login?login_challenge=abc123 failed, reason: connect ECONNREFUSED 127.0.0.1:4445

FetchError: request to https://localhost:4445/admin/oauth2/auth/requests/login failed, reason: connect ECONNREFUSED 127.0.0.1:4445
    at ClientRequest.<anonymous> (/usr/src/app/node_modules/node-fetch/lib/index.js:1455:11)
    at ClientRequest.emit (events.js:182:13)
    at TLSSocket.socketErrorListener (_http_client.js:382:9)
    at TLSSocket.emit (events.js:182:13)
    at emitErrorNT (internal/streams/destroy.js:82:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:50:3)
    at process._tickCallback (internal/process/next_tick.js:63:19)

Relevant configuration

helm install \
	--namespace hydra \
	--set 'hydraAdminUrl=http://oauth-hydra-admin:4445/' \
	--set 'hydraPublicUrl=https://oauth.example.com/' \
	--set 'ingress.enabled=true' \
	hydra-example-idp \
	ory/example-idp

Version

v2.0.2

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes with Helm

Additional Context

No response

Cannot set MOCK_TLS_TERMINATION

Describe the bug

Setting the env variable MOCK_TLS_TERMINATION results in a crash:

TypeError: Cannot set property 'X-Forwarded-Proto' of undefined

To Reproduce

Steps to reproduce the behavior:

1: set the env variable MOCK_TLS_TERMINATION to true
2: run the application

Expected behavior

The application should not crash and the header X-Forwarded-Proto should be set.

Environment

Version: v1.9.0
Environment: Debian 10

level=info msg="started handling request" method=GET remote="172.21.0.1:36528" request="/oauth2/auth/requests/login?login_challenge=e13c4939fd5a4730b006bb67a58cada5"

results into :
request to http://x.x.x.x:4445/oauth2/auth/requests/login?login_challenge=24c4e87c9ce74e8791376e0c054f7c03 failed, reason: connect ECONNREFUSED x.x.x.x:4445

FetchError: request to http://1x.x.x:4445/oauth2/auth/requests/login?login_challenge=24c4e87c9ce74e8791376e0c054f7c03 failed, reason: connect ECONNREFUSED 127.0.0.1:4445
at ClientRequest. (/usr/src/app/node_modules/node-fetch/lib/index.js:1444:11)
at ClientRequest.emit (events.js:182:13)
at Socket.socketErrorListener (_http_client.js:382:9)
at Socket.emit (events.js:182:13)
at emitErrorNT (internal/streams/destroy.js:82:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:50:3)
at process._tickCallback (internal/process/next_tick.js:63:19)

here Idea why on window 10 docker hdyra

command line doesn't seem to work using examples provided

Using /v1.0.0-beta.9/hydra-linux-amd64

hydra clients create     --endpoint http://localhost:4444     --id test-client     --secret test-secret     --response-types code,id_token     --grant-types refresh_token,authorization_code     --scope openid,offline     --callbacks http://127.0.0.1:4445/callback
You should not provide secrets using command line flags. The secret might leak to bash history and similar systems.
Command failed because calling "POST http://localhost:4444/clients" resulted in error "invalid character 'p' after top-level value" occurred.
404 page not found

Results with this on the server portion:

WARN[0000] Expected system secret to be at least 32 characters long, got 0 characters.
INFO[0000] Generating a random system secret...
INFO[0000] Generated system secret: *********************************
WARN[0000] WARNING: DO NOT generate system secrets in production. The secret will be leaked to the logs.
INFO[0000] JSON Web Key Set hydra.openid.id-token does not exist yet, generating new key pair...
INFO[0001] Setting up Prometheus middleware
INFO[0001] Transmission of telemetry data is enabled, to learn more go to: https://www.ory.sh/docs/guides/latest/telemetry/
INFO[0001] JSON Web Key Set hydra.https-tls does not exist yet, generating new key pair...
INFO[0001] Detected local environment, skipping telemetry commit
INFO[0001] Detected local environment, skipping telemetry commit
INFO[0006] Setting up http server on :4445
WARN[0006] HTTPS disabled. Never do this in production.
INFO[0006] Setting up http server on :4444
WARN[0006] HTTPS disabled. Never do this in production.
INFO[0043] started handling request                      method=POST remote="[::1]:55240" request=/clients
INFO[0043] completed handling request                    measure#http://localhost:4444.latency=218896 method=POST remote="[::1]:55240" request=/clients status=404 text_status="Not Found" took="218.896µs"

README instructions are broken

You can't copy paste your way through the readme.

The hydra image for unstable (the one used in the readme) has breaking changes that dont' allow for a quick poke.

I got it to proceed by using the oryd/hydra:latest-alpine image but this again a moving tag.

It might be a good idea to add a docker-compose which brings up a test stack so that new people don't have to chase stuff like this down.

Update Dockerfile node version

Would you consider a pull request that updated the version of node used for the Docker image to either the latest 10.x release or 14.x LTS?

How set the "skip" parameter in Hydra accept login request

Hi ,

I want to set the "skip" parameter while calling below way. But it is throwing error . Can you please suggest is there any way we have to use.

hydra.acceptLoginRequest(challenge, {
// Subject is an alias for user ID. A subject can be a random string, a UUID, an email address, ....
subject: req.body.userid,
skip:true,
// This tells hydra to remember the browser and automatically authenticate the user in future requests. This will
// set the "skip" parameter in the other route to true on subsequent requests!
//remember: Boolean(req.body.remember),
// When the session expires, in seconds. Set this to 0 so it will never expire.
remember_for: 3600,

                                        // Sets which "level" (e.g. 2-factor authentication) of authentication the user has. The value is really arbitrary
                                        // and optional. In the context of OpenID Connect, a value of 0 indicates the lowest authorization level.
                                        // acr: '0',
                                    })

Thanks,

Add Error handling page

Preflight checklist

I could not find a solution in the existing issues, docs, nor discussions.
I agree to follow this project's Code of Conduct.
I have read and am following this repository's Contribution Guidelines.
This issue affects my Ory Cloud project.
I have joined the Ory Community Slack.
I am signed up to the Ory Security Patch Newsletter.

Describe your problem

Could you please add a sample of the error handling page that Hydra can request ?

Referenced by this config parameter:

  ## error ##
  #
  # Sets the error endpoint. The error ui will be shown when an OAuth2 error occurs that which can not be sent back to the client. Defaults to an internal fallback URL showing an error.
  #
  # Examples:
  # - https://my-error.app/error
  # 
  # Set this value using environment variables on
  # - Linux/macOS:
  #    $ export URLS_ERROR=<value>
  # - Windows Command Line (CMD):
  #    > set URLS_ERROR=<value>
  #
  error: https://my-error.app/error

Describe your ideal solution

A clear

Workarounds or alternatives

N/A

Version

0.11.X

Additional Context

No response

ory/hydra-client in config.ts

Preflight checklist

I could not find a solution in the existing issues, docs, nor discussions.
I agree to follow this project's Code of Conduct.
I have read and am following this repository's Contribution Guidelines.
I have joined the Ory Community Slack.
I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

in config.ts:

import { Configuration, V0alpha2Api } from "@ory/client"

V0alpha2Api does not exist?

Reproducing the bug

npm run dev

Relevant log output

No response

Relevant configuration

No response

Version

2.2.0-rc.3

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Other

Additional Context

No response

/oauth2/auth/requests/login route not found

I have deployed Hydra on my k8s cluster. I have the admin and the public endpoints that run correctly.

The running docker image is : oryd/hydra:v1.0.0
Deployed through Helm : hydra-0.0.47
With k8s label : app.kubernetes.io/version: v1.0.0-rc.14_oryOS.12

When I call GET /clients I can see the list of my OAuth clients, so nice, it seems to work.

Now, going further in the login and consent implementation, I have a problem with this route :

GET /oauth2/auth/requests/login?challenge=1234

This routes returns a 404 not found.

{
    "error": "Not Found",
    "error_description": "Unable to located the requested resource",
    "status_code": 404,
    "request_id": "d390f3f135929217c4ec59d6ec3dedc6"
}

It's very strange because other routes seem to work.

In my hydra container logs I can see this :

2019-11-20T10:45:06.442011034Z time="2019-11-20T10:45:06Z" level=info msg="completed handling request" measure#hydra/admin: https://localhost:9000/.latency=2575892 method=GET remote=172.20.28.10 request="/oauth2/auth/requests/login?challenge=1234" request_id=afd1704274d475daa93fa4ee3dfdefc7 status=404 text_status="Not Found" took=2.575892ms
2019-11-20T10:45:07.102954306Z time="2019-11-20T10:45:07Z" level=info msg="started handling request" method=GET remote=172.20.28.10 request="/oauth2/auth/requests/login?challenge=1234" request_id=da2752dd60d93275f4933b8ac88a8e61
2019-11-20T10:45:07.105381822Z time="2019-11-20T10:45:07Z" level=error msg="An error occurred while handling a request" code=404 debug= details="map[]" error="Not Found" reason= request-id=da2752dd60d93275f4933b8ac88a8e61 status="Not Found" trace="Stack trace: \ngithub.com/ory/hydra/consent.(*SQLManager).GetLoginRequest\n\t/go/src/github.com/ory/hydra/consent/manager_sql.go:271\ngithub.com/ory/hydra/consent.(*Handler).GetLoginRequest\n\t/go/src/github.com/ory/hydra/consent/handler.go:260\ngithub.com/julienschmidt/httprouter.(*Router).ServeHTTP\n\t/go/pkg/mod/github.com/julienschmidt/[email protected]/router.go:334\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:1995\ngithub.com/ory/hydra/x.RejectInsecureRequests.func1\n\t/go/src/github.com/ory/hydra/x/tls_termination.go:83\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/ory/x/metricsx.(*Service).ServeHTTP\n\t/go/pkg/mod/github.com/ory/[email protected]/metricsx/middleware.go:260\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/ory/hydra/metrics/prometheus.(*MetricsManager).ServeHTTP\n\t/go/src/github.com/ory/hydra/metrics/prometheus/middleware.go:26\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/meatballhat/negroni-logrus.(*Middleware).ServeHTTP\n\t/go/pkg/mod/github.com/meatballhat/[email protected]/middleware.go:136\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:96\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2774\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1878\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1337" writer=JSON
2019-11-20T10:45:07.105430876Z time="2019-11-20T10:45:07Z" level=info msg="completed handling request" measure#hydra/admin: https://localhost:9000/.latency=2574783 method=GET remote=172.20.28.10 request="/oauth2/auth/requests/login?challenge=1234" request_id=da2752dd60d93275f4933b8ac88a8e61 status=404 text_status="Not Found" took=2.574783ms
2019-11-20T10:45:08.289787341Z time="2019-11-20T10:45:08Z" level=info msg="started handling request" method=GET remote="10.36.18.117:14216" request=/health/ready

thank you

README instructions seem to be incorrect

Following the "Using a locally available binary" steps, I've copied the commands listed verbatim. This is the output:

$ hydra clients create \
>     --endpoint http://localhost:4445 \
>     --id test-client \
>     --secret test-secret \
>     --response-types code,id_token \
>     --grant-types refresh_token,authorization_code \
>     --scope openid,offline \
>     --callbacks http://127.0.0.1:4445/callback
You should not provide secrets using command line flags, the secret might leak to bash history and similar systems
OAuth 2.0 Client ID: test-client

$ hydra token user \
>     --endpoint http://localhost:4445/ \
>     --scope openid,offline \
>     --client-id test-client \
>     --client-secret test-secret
Setting up home route on http://127.0.0.1:4446/
Setting up callback listener on http://127.0.0.1:4446/callback
Press ctrl + c on Linux / Windows or cmd + c on OSX to end the process.
If your browser does not open automatically, navigate to:

	http://127.0.0.1:4446/

When I click the Authorize application link on that webpage, I get the error 404 page not found, with the following output in the Hydra log:

INFO[0033] started handling request                      method=GET remote="[::1]:56052" request="/oauth2/auth?audience=&client_id=test-client&max_age=0&nonce=vfpnubhrosyfqimqeokwyqwk&prompt=&redirect_uri=http%3A%2F%2F127.0.0.1%3A4446%2Fcallback&response_type=code&scope=openid+offline&state=lvtjepxxbrbgyafjxzlqsris"
INFO[0033] completed handling request                    measure#http://localhost:4444.latency=62671 method=GET remote="[::1]:56052" request="/oauth2/auth?audience=&client_id=test-client&max_age=0&nonce=vfpnubhrosyfqimqeokwyqwk&prompt=&redirect_uri=http%3A%2F%2F127.0.0.1%3A4446%2Fcallback&response_type=code&scope=openid+offline&state=lvtjepxxbrbgyafjxzlqsris" status=404 text_status="Not Found" took="62.671µs"

Can you help me understand what's going wrong here? Thanks!

I follow the instructions but got 404 at the last step

Describe the bug

I followed all the instructions in section Using Docker, and got 404 error in hydra server

Reproducing the bug

Steps to reproduce the behavior:

start the server

$ docker run -it --rm --name login-consent-hydra -p 4444:4444 -p 4445:4445 \
    -e OAUTH2_SHARE_ERROR_DEBUG=1 \
    -e LOG_LEVEL=debug \
    -e OAUTH2_CONSENT_URL=http://localhost:3000/consent \
    -e OAUTH2_LOGIN_URL=http://localhost:3000/login \
    -e OAUTH2_ISSUER_URL=http://localhost:4444 \
    -e DATABASE_URL=memory \
    oryd/hydra:v1.0.0-beta.9 serve all --dangerous-force-http

create client

$ docker run --link login-consent-hydra:hydra oryd/hydra:v1.0.0-beta.9 clients create \
    --endpoint http://hydra:4445 \
    --id test-client \
    --secret test-secret \
    --response-types code,id_token \
    --grant-types refresh_token,authorization_code \
    --scope openid,offline \
    --callbacks http://127.0.0.1:4446/callback

start node server

$ npm i
$ HYDRA_ADMIN_URL=http://localhost:4445 npm start

start OAuth 2.0 authorization code flow

$ docker run -p 4446:4446 --link login-consent-hydra:hydra oryd/hydra:v1.0.0-beta.9 token user \
    --token-url http://hydra:4444/oauth2/token \
    --auth-url http://localhost:4444/oauth2/auth \
    --scope openid,offline \
    --client-id test-client \
    --client-secret test-secret

Server logs

~/work/vendor/ory docker run -it --rm --name login-consent-hydra -p 4444:4444 -p 4445:4445 \
    -e OAUTH2_SHARE_ERROR_DEBUG=1 \
    -e LOG_LEVEL=debug \
    -e OAUTH2_CONSENT_URL=http://localhost:3000/consent \
    -e OAUTH2_LOGIN_URL=http://localhost:3000/login \
    -e OAUTH2_ISSUER_URL=http://localhost:4444 \
    -e DATABASE_URL=memory \
    oryd/hydra:v1.0.0-beta.9 serve all --dangerous-force-http
Unable to find image 'oryd/hydra:v1.0.0-beta.9' locally
v1.0.0-beta.9: Pulling from oryd/hydra
7a9e492be799: Pull complete 
3f904d834ef1: Pull complete 
Digest: sha256:c40da90aaba14fc184d89173c265f843c8dbb46df19c1f5e998cddb0b507504f
Status: Downloaded newer image for oryd/hydra:v1.0.0-beta.9
Thank you for using ORY Hydra v1.0.0-beta.9!

Take security seriously and subscribe to the ORY Security Newsletter. Stay on top of new patches and security insights.                                                                                                

>> Subscribe now: http://eepurl.com/di390P <<
WARN[0000] Expected system secret to be at least 32 characters long, got 0 characters. 
INFO[0000] Generating a random system secret...         
INFO[0000] Generated system secret: xaJzVovJvZdWzEiLHR79fk5G-26JBSdQ 
WARN[0000] WARNING: DO NOT generate system secrets in production. The secret will be leaked to the logs. 
INFO[0000] JSON Web Key Set hydra.openid.id-token does not exist yet, generating new key pair... 
INFO[0003] Setting up Prometheus middleware             
INFO[0003] Transmission of telemetry data is enabled, to learn more go to: https://www.ory.sh/docs/guides/latest/telemetry/ 
INFO[0003] JSON Web Key Set hydra.https-tls does not exist yet, generating new key pair... 
INFO[0003] Detected local environment, skipping telemetry commit 
INFO[0003] Detected local environment, skipping telemetry commit 
INFO[0010] Setting up http server on :4445              
WARN[0010] HTTPS disabled. Never do this in production. 
INFO[0010] Setting up http server on :4444              
WARN[0010] HTTPS disabled. Never do this in production. 
INFO[0025] started handling request                      method=POST remote="172.17.0.3:56168" request=/clients
INFO[0025] completed handling request                    measure#http://localhost:4444.latency=95587137 method=POST remote="172.17.0.3:56168" request=/clients status=201 text_status=Created took=95.587137ms
INFO[0098] started handling request                      method=GET remote="172.17.0.1:39264" request="/oauth2/auth?client_id=test-client&redirect_uri=http%3A%2F%2F127.0.0.1%3A4446%2Fcallback&response_type=code&scope=openid+offline&state=tntagkckkiqpvkhmyltsgegh&nonce=rojiodtcvexgoribgovimgwk&prompt=&max_age=0"
INFO[0098] completed handling request                    measure#http://localhost:4444.latency=543406 method=GET remote="172.17.0.1:39264" request="/oauth2/auth?client_id=test-client&redirect_uri=http%3A%2F%2F127.0.0.1%3A4446%2Fcallback&response_type=code&scope=openid+offline&state=tntagkckkiqpvkhmyltsgegh&nonce=rojiodtcvexgoribgovimgwk&prompt=&max_age=0" status=302 text_status=Found took="543.406µs"
INFO[0098] started handling request                      method=GET remote="172.17.0.1:56732" request="/oauth2/auth/requests/login?login_challenge=15ea40a86e7143249cc76ece1bc3b8a1"
INFO[0098] completed handling request                    measure#http://localhost:4444.latency=161943 method=GET remote="172.17.0.1:56732" request="/oauth2/auth/requests/login?login_challenge=15ea40a86e7143249cc76ece1bc3b8a1" status=404 text_status="Not Found" took="161.943µs"

create client

~/work/vendor/ory docker run --link login-consent-hydra:hydra oryd/hydra:v1.0.0-beta.9 clients create \
    --endpoint http://hydra:4445 \
    --id test-client \
    --secret test-secret \
    --response-types code,id_token \
    --grant-types refresh_token,authorization_code \
    --scope openid,offline \
    --callbacks http://127.0.0.1:4446/callback
You should not provide secrets using command line flags. The secret might leak to bash history and similar systems.
OAuth2 client id: test-client
OAuth2 client secret: test-secret

node server

~/work/vendor/ory/hydra-login-consent-node git:(master) HYDRA_ADMIN_URL=http://localhost:4445 npm start

> [email protected] start /home/dragonly/work/vendor/ory/hydra-login-consent-node
> node ./bin/www

GET /login?login_challenge=15ea40a86e7143249cc76ece1bc3b8a1 500 163.650 ms - 641
GET /favicon.ico 404 21.326 ms - 1312

hydra token user flow

~/work/vendor/ory docker run -p 4446:4446 --link login-consent-hydra:hydra oryd/hydra:v1.0.0-beta.9 token user \
    --token-url http://hydra:4444/oauth2/token \
    --auth-url http://localhost:4444/oauth2/auth \
    --scope openid,offline \
    --client-id test-client \
    --client-secret test-secret
Setting up home route on http://127.0.0.1:4446/
Setting up callback listener on http://127.0.0.1:4446/callback
Press ctrl + c on Linux / Windows or cmd + c on OSX to end the process.
If your browser does not open automatically, navigate to:

	http://127.0.0.1:4446/

Server configuration

Expected behavior

Environment

Environment: Docker, ...

Additional context

Update version of @ory/client

Preflight checklist

I could not find a solution in the existing issues, docs, nor discussions.
I agree to follow this project's Code of Conduct.
I have read and am following this repository's Contribution Guidelines.
I have joined the Ory Community Slack.
I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

Self-hosted Hydra

Describe your problem

Hello! Thank you for the detailed tutorial.
Currently, I am implementing an OIDC provider based on Hydra and SvelteKit.

It seems that the dependencies are strongly outdated and the API has changed. The actual version of the packages is 2.2.0. I found this implimentation on NextJS, but it still uses an old version of the Hydra client (v1.11.8).

The only thing that has been helpful for me so far is the API Docs, TypeScript types of the client, and this changelog. I am facing a much higher complexity curve than expected. Additionally, the difference in configuration between Hydra Docker images is creating more problems.

It would be much easier if there was a guide available that uses up-to-date versions of clients and Hydra server, along with updated configuration examples.

Describe your ideal solution

An Ideal soultion would be the example with actual versions of hydra and @ory/client (or @ory/hydra-client)

Workarounds or alternatives

https://github.com/kubetail-org/hydra-nextjs-reference/tree/main

Version

2.2.0

Additional Context

No response

connect ECONNREFUSED 127.0.0.1:80

Preflight checklist

I could not find a solution in the existing issues, docs, nor discussions.
I agree to follow this project's Code of Conduct.
I have read and am following this repository's Contribution Guidelines.
This issue affects my Ory Cloud project.
I have joined the Ory Community Slack.
I am signed up to the Ory Security Patch Newsletter.

Describe the bug

http://localhost:3000/login gives:

{ "message": "connect ECONNREFUSED 127.0.0.1:80", "name": "Error", "stack": "Error: connect ECONNREFUSED 127.0.0.1:80\n at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1146:16)", "config": { "url": "http://localhost/oauth2/auth/requests/login?login_challenge=undefined", "method": "get", "headers": { "Accept": "application/json, text/plain, */*", "User-Agent": "axios/0.19.2" }, "transformRequest": [ null ], "transformResponse": [ null ], "timeout": 0, "xsrfCookieName": "XSRF-TOKEN", "xsrfHeaderName": "X-XSRF-TOKEN", "maxContentLength": -1 }, "code": "ECONNREFUSED" }

Reproducing the bug

docker run --rm -p 3000:3000  oryd/hydra-login-consent-node:v1.11.7

Open http://localhost:3000/login

Relevant log output

Error: connect ECONNREFUSED 127.0.0.1:80
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1146:16)
GET /login 500 23.277 ms - 1003
Error: Not Found
    at /usr/src/app/lib/app.js:32:10
    at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/usr/src/app/node_modules/express/lib/router/index.js:317:13)
    at /usr/src/app/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/usr/src/app/node_modules/express/lib/router/index.js:335:12)
    at next (/usr/src/app/node_modules/express/lib/router/index.js:275:10)
    at /usr/src/app/node_modules/express/lib/router/index.js:635:15
    at next (/usr/src/app/node_modules/express/lib/router/index.js:260:14)
    at Function.handle (/usr/src/app/node_modules/express/lib/router/index.js:174:3)
    at router (/usr/src/app/node_modules/express/lib/router/index.js:47:12)

Relevant configuration

No response

Version

1.11.7

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker

Additional Context

No response

build docker for ARM64

Preflight checklist

I could not find a solution in the existing issues, docs, nor discussions.
I agree to follow this project's Code of Conduct.
I have read and am following this repository's Contribution Guidelines.
I have joined the Ory Community Slack.
I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe your problem

I would like to be able to deploy the example-idp helm-chart's deployment to ARM64 CPUs.

Describe your ideal solution

The docker image should be built for both platforms, linux/amd64 and linux/arm64.

Workarounds or alternatives

forking the repo and building only for myself

Version

v2.0.4-pre.2

Additional Context

I would be happy to contribute...
I just don't know where to place the CI definition for such, as it seems you're using more than just the GitHub Actions alone and I can't be sure which CI is pushing to docker hub.

Using Latest Hydra we are getting error

We are getting below are while running the node server and opening the page in browser.

at process.internalTickCallback (internal/process/next_tick.js:77:7)

Server Postgres error running in local machine (binary)

Hi
Please find below steps

already oryhydra running in local machine (/usr/local/bin)

Using a locally available binary
If you have ORY Hydra 1.0.0 installed locally, run the following commands. First, start the server:

$ OAUTH2_CONSENT_URL=http://localhost:3000/consent
OAUTH2_LOGIN_URL=http://localhost:3000/login
OAUTH2_ISSUER_URL=http://localhost:4444
OAUTH2_SHARE_ERROR_DEBUG=1
LOG_LEVEL=debug
DATABASE_URL=memory
hydra serve all --dangerous-force-http

I am getting error

kindly advise

Thanks and Regards
Lakshman

ory / hydra-login-consent-node Goto Github PK

hydra-login-consent-node's Introduction

hydra-user-and-consent-provider-node

Overview

Running

FAQ

TLS Termination

Integrating with Ory Cloud

hydra-login-consent-node's People

Contributors

Stargazers

Watchers

Forkers

hydra-login-consent-node's Issues

Provide a consistent and language-agnostic documentation

Issue

Proposal

Example

Aside

Solution

Preflight checklist

Describe the bug

Reproducing the bug

Relevant log output

Relevant configuration

Version

On which operating system are you observing this issue?

In which environment are you deploying?

Additional Context

Preflight checklist

Describe your problem

Describe your ideal solution

Workarounds or alternatives

Version

Additional Context

Preflight checklist

Ory Network Project

Describe the bug

Reproducing the bug

Relevant log output

Relevant configuration

Version

On which operating system are you observing this issue?

In which environment are you deploying?

Additional Context

Preflight checklist

Ory Network Project

Describe your problem

Describe your ideal solution

Workarounds or alternatives

Version

Additional Context

Preflight checklist

Describe the bug

Reproducing the bug

Relevant log output

Relevant configuration

Version

On which operating system are you observing this issue?

In which environment are you deploying?

Additional Context

Preflight checklist

Ory Network Project

Describe your problem

Describe your ideal solution

Workarounds or alternatives

Version

Additional Context

Recommend Projects

Recommend Topics

Recommend Org