ory / examples-archive Goto Github PK

Full Stack example is giving me an error, right off the bat (which is not cool ^^)

Steps to reproduce:

• make start-full-stack
• hydra token user --client-id example-auth-code --client-secret secret --endpoint http://localhost:4444 --port 5555
• Browse http://localhost:5555 and click the Authorize link

Stack trace:

TypeError: Cannot read property ‘match’ of undefined
    at normalize (/usr/src/app/node_modules/url-join/lib/url-join.js:11:21)
    at /usr/src/app/node_modules/url-join/lib/url-join.js:70:12
    at get (/usr/src/app/services/hydra.js:8:16)
    at Object.getLoginRequest (/usr/src/app/services/hydra.js:49:12)
    at /usr/src/app/routes/login.js:17:9
    at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
    at next (/usr/src/app/node_modules/express/lib/router/route.js:131:13)
    at csrf (/usr/src/app/node_modules/csurf/index.js:117:5)
    at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
    at next (/usr/src/app/node_modules/express/lib/router/route.js:131:13)

The following envvar ends with ; rather than :

https://github.com/ory/examples/blob/ec98eb2b1af5d0b83388eec2be00b9f643c1afbd/full-stack/docker-compose.yml#L173

• make start-full-stack
• docker logs full-stack_hydra-migrate_1

Applying `jwk` SQL migrations...
Applied 0 `jwk` SQL migrations.
Applying `client` SQL migrations...
An error occurred while running the migrations: could not apply client SQL migrations: Could not migrate sql schema, applied 0 Migrations: Unable to create migration plan because of 13: unknown migration in database

Please use issues only to raise potential bugs or request features. For everything else ask
the ORY Community or join the ORY Chat.

If you think you found a security vulnerability, please refrain from posting it publicly on the forums, the chat, or GitHub
and send us an email to [email protected] instead.

With Ory OS.10 is necessary to modify oathkeeper resource server rule(https://github.com/ory/examples/blob/master/full-stack/config/oathkeeper/rules/resource-server.json) in order to use the correct authorizer(Ory Keto): line "handler": "keto_warden" should be replaced with line "handler": "keto_engine_acp_ory".

It is also necessary to modify oathkeeper-proxy environment in docker-compose.yml(https://github.com/ory/examples/blob/master/full-stack/docker-compose.yml) to set the correct Ory Keto flag. Line AUTHORIZER_KETO_WARDEN_KETO_URL=http://keto:4466 should be replaced with line AUTHORIZER_KETO_URL=http://keto:4466.

Pull Request ory/examples#26 addresses this and other issues.

Import fails:
Invalid command in: scripts/services/oathkeeper.sh
configurator_1 | configure stdout | + oathkeeper rules import --endpoint http://oathkeeper-api:4456/ /config/oathkeeper/rules/resource-server.json
configurator_1 | configure stdout | Usage:
configurator_1 | oathkeeper rules [flags]
configurator_1 | oathkeeper rules [command]

configurator_1 | Deleting roles in /config/keto/roles/*.json...
configurator_1 | + keto engines acp ory roles delete --endpoint http://keto:4466/ exact '[{' '"id":"admin",' '"members":' '[' '"[email protected]",' '"[email protected]"' ']' '}]'
keto_1 | time="2020-04-05T13:34:46Z" level=info msg="started handling request" method=DELETE remote="172.21.0.11:33650" request="/engines/acp/ory/exact/roles/%5B%7B"
postgresd_1 | ERROR: relation "rego_data" does not exist at character 13
postgresd_1 | STATEMENT: DELETE FROM rego_data WHERE pkey=$1 AND collection=$2
keto_1 | time="2020-04-05T13:34:46Z" level=error msg="An error occurred while handling a request" code=500 debug= details="map[]" error="ERROR: relation "rego_data" does not exist (SQLSTATE 42P01)" reason=
request-id= status=500 writer=JSON
keto_1 | time="2020-04-05T13:34:46Z" level=info msg="completed handling request" measure#keto.latency=1080400 method=DELETE remote="172.21.0.11:33650" request="/engines/acp/ory/exact/roles/%5B%7B" status=500
text_status="Internal Server Error" took=1.0804ms
configurator_1 | Unable to delete ORY Access Control Policy Role: [DELETE /engines/acp/ory/{flavor}/roles/{id}][500] deleteOryAccessControlPolicyRoleInternalServerError &{Code:0 Details:[] Message: Reason: Request:
Status:}
configurator_1 | configure stdout | Unable to delete ORY Access Control Policy Role: [DELETE /engines/acp/ory/{flavor}/roles/{id}][500] deleteOryAccessControlPolicyRoleInternalServerError &{Code:0 Details:[] Message: Reason: Request: Status:}

keto-migrate_1 | Config file not found because "Config File ".keto" Not Found in "[/]""
keto-migrate_1 | time="2020-04-05T13:34:19Z" level=info msg="Establishing connection with SQL database backend" dsn="postgres://:@postgresd:5432/accesscontroldb?sslmode=disable"
keto-migrate_1 | time="2020-04-05T13:34:19Z" level=info msg="Successfully connected to SQL database backend" dsn="postgres://:@postgresd:5432/accesscontroldb?sslmode=disable"
keto-migrate_1 | time="2020-04-05T13:34:19Z" level=info msg="Applying storage SQL migrations..."
keto-migrate_1 | panic: runtime error: invalid memory address or nil pointer dereference
keto-migrate_1 | [signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0xc82a20]
keto-migrate_1 |
keto-migrate_1 | goroutine 1 [running]:
keto-migrate_1 | github.com/jmoiron/sqlx.(*DB).DriverName(...)
keto-migrate_1 | /go/pkg/mod/github.com/jmoiron/[email protected]/sqlx.go:261
keto-migrate_1 | github.com/ory/keto/storage.(*SQLManager).CreateSchemas(0xc00000e038, 0xc00049d3e0, 0x1d, 0xc0004e20d0, 0x1)
keto-migrate_1 | /home/ory/storage/manager_sql.go:76 +0x60
keto-migrate_1 | github.com/ory/x/sqlcon.MigratorSQLCmd.func1(0xc0000b62c0, 0xc000412550, 0x1, 0x1)
keto-migrate_1 | /go/pkg/mod/github.com/ory/[email protected]/sqlcon/migrate.go:71 +0x390
keto-migrate_1 | github.com/spf13/cobra.(*Command).execute(0xc0000b62c0, 0xc000412510, 0x1, 0x1, 0xc0000b62c0, 0xc000412510)
keto-migrate_1 | /go/pkg/mod/github.com/spf13/[email protected]/command.go:842 +0x2aa
keto-migrate_1 | github.com/spf13/cobra.(*Command).ExecuteC(0x175e0a0, 0xf397c5, 0x9, 0x0)
keto-migrate_1 | /go/pkg/mod/github.com/spf13/[email protected]/command.go:943 +0x317
keto-migrate_1 | github.com/spf13/cobra.(*Command).Execute(...)
keto-migrate_1 | /go/pkg/mod/github.com/spf13/[email protected]/command.go:883
keto-migrate_1 | github.com/ory/keto/cmd.Execute()
keto-migrate_1 | /home/ory/cmd/root.go:52 +0x31
keto-migrate_1 | main.main()
keto-migrate_1 | /home/ory/main.go:25 +0x5a
full-stack_keto-migrate_1 exited with code 2

Configuration: Docker for Windows 10, git bash, gnu make.exe

After running "make start-full-stack", the docker containers build and start running, but the various curl commands return no records for clients, rules, or policies.

The docker log for the configurator container shows that various scripts in the scripts folder fail to run owing to carriage-returns injected by git.

The resolution is fairly simple -- add a .gitattributes file to disable CR/LF translation:

# Never do crlf translation of bash scripts
*.sh -crlf

I can submit a PR with this change, if desired.

https://ory-am.gitbooks.io/hydra/content/tutorial.html

When attempting to access /articles/secure-backend-with-ory-oathkeeper with a valid access token, the following error occurs:

<!DOCTYPE html>
<html>
    <head>
        <title></title>
    </head>
    <body>
        <h1>invalid signature</h1>
        <h2>401</h2>
        <pre>UnauthorizedError: invalid signature
    at /usr/src/app/node_modules/express-jwt/lib/index.js:102:22
    at Object.module.exports [as verify] (/usr/src/app/node_modules/jsonwebtoken/verify.js:102:12)
    at verifyToken (/usr/src/app/node_modules/express-jwt/lib/index.js:100:13)
    at fn (/usr/src/app/node_modules/async/lib/async.js:746:34)
    at /usr/src/app/node_modules/async/lib/async.js:1213:16
    at /usr/src/app/node_modules/async/lib/async.js:166:37
    at /usr/src/app/node_modules/async/lib/async.js:706:43
    at /usr/src/app/node_modules/async/lib/async.js:167:37
    at Immediate.&lt;anonymous&gt; (/usr/src/app/node_modules/async/lib/async.js:1206:34)
    at runCallback (timers.js:696:18)</pre>
    </body>
</html>

When attempting to access /articles/secure-backend-with-oauth2-token-introspection with a valid token, the following error is presented:gist

Token works on other endpoints just fine.
Image attached

The logfile:
GET /articles/secure-backend-with-oauth2-token-introspection 304 462.220 ms - -

• make start-full-stack
• hydra token user --client-id example-auth-code --client-secret secret --endpoint http://localhost:4444 --port 5555
• Authorize application

Error
    at /usr/src/app/services/hydra.js:21:33
    at process._tickCallback (internal/process/next_tick.js:68:7)

identity provider logs:

> [email protected] start /usr/src/app
> node ./bin/www

An error occurred while making a HTTP request:  { error:
   'Error 404 - The requested route does not exist. Make sure you are using the right path, domain, and port.' }
GET /login?login_challenge=7d1971da088f4bff9ae62f98c39bbff6 500 489.029 ms - 213

hydra logs:

time="2019-12-04T04:04:04Z" level=info msg="started handling request" method=GET remote="192.168.48.13:32878" request=/oauth2/auth/requests/login/0ffed3bdd4dc4a20a8159e1ff1470cb7
time="2019-12-04T04:04:04Z" level=info msg="completed handling request" measure#hydra/admin: http://localhost:4444/.latency=1019600 method=GET remote="192.168.48.13:32878" request=/oauth2/auth/requests/login/0ffed3bdd4dc4a20a8159e1ff1470cb7 status=404 text_status="Not Found" took=1.0196ms

I did

docker stop $(docker ps -aq)
docker rm $(docker ps -aq)
make start-full-stack

Following curls worked without errors by returning some JSON

$ curl http://localhost:4445/clients
$ curl http://localhost:4456/rules
$ curl http://localhost:4466/policies

 hydra token user --client-id example-auth-code --client-secret secret --endpoint http://localhost:4444 --port 5555

opens safari and every works fine to end page with introspection

But when I open http://127.0.0.1:4477 there are 4 example links. First 3 links fail in same way.

They ask for login then they ask for consent and then they print "Forbidden"

URL looks like http://localhost:4477/auth/callback?code=SBOIQzPSKeMy3GmtzcCOV3H0cTBfRuYzY7zlZlNvPwA.Sm5hL36-kRH2Vq9w1DYfG9BYLdkFM5UwVEW5GViAI60&scope=offline%20openid%20articles.read&state=Z2VgU7vQAmSTIsBSsGI7DrV9

I've successfully compiled hydra at Win32 system by using git-bash console. I used this steps to compile the hydra

go get -d -u github.com/ory/hydra cd $(go env GOPATH)/src/github.com/ory/hydra HYDRA_LATEST=$(git describe --abbrev=0 --tags) git checkout $HYDRA_LATEST GO111MODULE=on go install \ -ldflags "-X github.com/ory/hydra/cmd.Version=$HYDRA_LATEST -X github.com/ory/hydra/cmd.BuildTime=TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ' -X github.com/ory/hydra/cmd.GitHash=git rev-parse HEAD" \ github.com/ory/hydra

after that
`
$ git checkout master
Already on 'master'
Your branch is behind 'origin/master' by 98 commits, and can be fast-forwarded.
(use "git pull" to update your local branch)

`

then when I executed the hydra.exe it gave me this error
`
x@x MINGW32 ~/go/src/github.com/ory/hydra (master)
$ which hydra.exe
/d/Users/S54034/go/bin/hydra.exe

x@x MINGW32 ~/go/src/github.com/ory/hydra (master)
$ hydra.exe help
D:/Users/S54034/go/bin/hydra.exe: error while loading shared libraries: : cannot open shared object file: No such file or directory

x@x MINGW32 ~/go/src/github.com/ory/hydra (master)
$ hydra.exe
D:/Users/S54034/go/bin/hydra.exe: error while loading shared libraries: : cannot open shared object file: No such file or directory

`

After using the command make start-full-stack oathkeeper api docker container keeps restarting with the following error in the logs:

time="2018-06-18T05:16:06Z" level=fatal msg="Unable to initialize the ID Token signing algorithm" error="The secret set in CREDENTIALS_ISSUER_ID_TOKEN_HS256_SECRET must be 32 characters long."