ory / examples-archive Goto Github PK
View Code? Open in Web Editor NEWTHIS REPOSITORY IS NOT UP TO DATE. Different docker-based examples for ORY's services (Hydra, Keto, Oathkeeper).
License: Apache License 2.0
THIS REPOSITORY IS NOT UP TO DATE. Different docker-based examples for ORY's services (Hydra, Keto, Oathkeeper).
License: Apache License 2.0
Full Stack example is giving me an error, right off the bat (which is not cool ^^)
make start-full-stack
hydra token user --client-id example-auth-code --client-secret secret --endpoint http://localhost:4444 --port 5555
http://localhost:5555
and click the Authorize linkTypeError: Cannot read property ‘match’ of undefined
at normalize (/usr/src/app/node_modules/url-join/lib/url-join.js:11:21)
at /usr/src/app/node_modules/url-join/lib/url-join.js:70:12
at get (/usr/src/app/services/hydra.js:8:16)
at Object.getLoginRequest (/usr/src/app/services/hydra.js:49:12)
at /usr/src/app/routes/login.js:17:9
at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
at next (/usr/src/app/node_modules/express/lib/router/route.js:131:13)
at csrf (/usr/src/app/node_modules/csurf/index.js:117:5)
at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
at next (/usr/src/app/node_modules/express/lib/router/route.js:131:13)
The following envvar ends with ;
rather than :
Applying `jwk` SQL migrations...
Applied 0 `jwk` SQL migrations.
Applying `client` SQL migrations...
An error occurred while running the migrations: could not apply client SQL migrations: Could not migrate sql schema, applied 0 Migrations: Unable to create migration plan because of 13: unknown migration in database
Please use issues only to raise potential bugs or request features. For everything else ask
the ORY Community or join the ORY Chat.
If you think you found a security vulnerability, please refrain from posting it publicly on the forums, the chat, or GitHub
and send us an email to [email protected] instead.
With Ory OS.10 is necessary to modify oathkeeper resource server rule(https://github.com/ory/examples/blob/master/full-stack/config/oathkeeper/rules/resource-server.json) in order to use the correct authorizer(Ory Keto): line "handler": "keto_warden"
should be replaced with line "handler": "keto_engine_acp_ory"
.
It is also necessary to modify oathkeeper-proxy
environment in docker-compose.yml(https://github.com/ory/examples/blob/master/full-stack/docker-compose.yml) to set the correct Ory Keto flag. Line AUTHORIZER_KETO_WARDEN_KETO_URL=http://keto:4466
should be replaced with line AUTHORIZER_KETO_URL=http://keto:4466
.
Pull Request ory/examples#26 addresses this and other issues.
Import fails:
Invalid command in: scripts/services/oathkeeper.sh
configurator_1 | configure stdout | + oathkeeper rules import --endpoint http://oathkeeper-api:4456/ /config/oathkeeper/rules/resource-server.json
configurator_1 | configure stdout | Usage:
configurator_1 | oathkeeper rules [flags]
configurator_1 | oathkeeper rules [command]
configurator_1 | Deleting roles in /config/keto/roles/*.json...
configurator_1 | + keto engines acp ory roles delete --endpoint http://keto:4466/ exact '[{' '"id":"admin",' '"members":' '[' '"[email protected]",' '"[email protected]"' ']' '}]'
keto_1 | time="2020-04-05T13:34:46Z" level=info msg="started handling request" method=DELETE remote="172.21.0.11:33650" request="/engines/acp/ory/exact/roles/%5B%7B"
postgresd_1 | ERROR: relation "rego_data" does not exist at character 13
postgresd_1 | STATEMENT: DELETE FROM rego_data WHERE pkey=$1 AND collection=$2
keto_1 | time="2020-04-05T13:34:46Z" level=error msg="An error occurred while handling a request" code=500 debug= details="map[]" error="ERROR: relation "rego_data" does not exist (SQLSTATE 42P01)" reason=
request-id= status=500 writer=JSON
keto_1 | time="2020-04-05T13:34:46Z" level=info msg="completed handling request" measure#keto.latency=1080400 method=DELETE remote="172.21.0.11:33650" request="/engines/acp/ory/exact/roles/%5B%7B" status=500
text_status="Internal Server Error" took=1.0804ms
configurator_1 | Unable to delete ORY Access Control Policy Role: [DELETE /engines/acp/ory/{flavor}/roles/{id}][500] deleteOryAccessControlPolicyRoleInternalServerError &{Code:0 Details:[] Message: Reason: Request:
Status:}
configurator_1 | configure stdout | Unable to delete ORY Access Control Policy Role: [DELETE /engines/acp/ory/{flavor}/roles/{id}][500] deleteOryAccessControlPolicyRoleInternalServerError &{Code:0 Details:[] Message: Reason: Request: Status:}
keto-migrate_1 | Config file not found because "Config File ".keto" Not Found in "[/]""
keto-migrate_1 | time="2020-04-05T13:34:19Z" level=info msg="Establishing connection with SQL database backend" dsn="postgres://:@postgresd:5432/accesscontroldb?sslmode=disable"
keto-migrate_1 | time="2020-04-05T13:34:19Z" level=info msg="Successfully connected to SQL database backend" dsn="postgres://:@postgresd:5432/accesscontroldb?sslmode=disable"
keto-migrate_1 | time="2020-04-05T13:34:19Z" level=info msg="Applying storage SQL migrations..."
keto-migrate_1 | panic: runtime error: invalid memory address or nil pointer dereference
keto-migrate_1 | [signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0xc82a20]
keto-migrate_1 |
keto-migrate_1 | goroutine 1 [running]:
keto-migrate_1 | github.com/jmoiron/sqlx.(*DB).DriverName(...)
keto-migrate_1 | /go/pkg/mod/github.com/jmoiron/[email protected]/sqlx.go:261
keto-migrate_1 | github.com/ory/keto/storage.(*SQLManager).CreateSchemas(0xc00000e038, 0xc00049d3e0, 0x1d, 0xc0004e20d0, 0x1)
keto-migrate_1 | /home/ory/storage/manager_sql.go:76 +0x60
keto-migrate_1 | github.com/ory/x/sqlcon.MigratorSQLCmd.func1(0xc0000b62c0, 0xc000412550, 0x1, 0x1)
keto-migrate_1 | /go/pkg/mod/github.com/ory/[email protected]/sqlcon/migrate.go:71 +0x390
keto-migrate_1 | github.com/spf13/cobra.(*Command).execute(0xc0000b62c0, 0xc000412510, 0x1, 0x1, 0xc0000b62c0, 0xc000412510)
keto-migrate_1 | /go/pkg/mod/github.com/spf13/[email protected]/command.go:842 +0x2aa
keto-migrate_1 | github.com/spf13/cobra.(*Command).ExecuteC(0x175e0a0, 0xf397c5, 0x9, 0x0)
keto-migrate_1 | /go/pkg/mod/github.com/spf13/[email protected]/command.go:943 +0x317
keto-migrate_1 | github.com/spf13/cobra.(*Command).Execute(...)
keto-migrate_1 | /go/pkg/mod/github.com/spf13/[email protected]/command.go:883
keto-migrate_1 | github.com/ory/keto/cmd.Execute()
keto-migrate_1 | /home/ory/cmd/root.go:52 +0x31
keto-migrate_1 | main.main()
keto-migrate_1 | /home/ory/main.go:25 +0x5a
full-stack_keto-migrate_1 exited with code 2
Configuration: Docker for Windows 10, git bash, gnu make.exe
After running "make start-full-stack", the docker containers build and start running, but the various curl commands return no records for clients, rules, or policies.
The docker log for the configurator container shows that various scripts in the scripts folder fail to run owing to carriage-returns injected by git.
The resolution is fairly simple -- add a .gitattributes file to disable CR/LF translation:
# Never do crlf translation of bash scripts
*.sh -crlf
I can submit a PR with this change, if desired.
When attempting to access /articles/secure-backend-with-ory-oathkeeper
with a valid access token, the following error occurs:
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<h1>invalid signature</h1>
<h2>401</h2>
<pre>UnauthorizedError: invalid signature
at /usr/src/app/node_modules/express-jwt/lib/index.js:102:22
at Object.module.exports [as verify] (/usr/src/app/node_modules/jsonwebtoken/verify.js:102:12)
at verifyToken (/usr/src/app/node_modules/express-jwt/lib/index.js:100:13)
at fn (/usr/src/app/node_modules/async/lib/async.js:746:34)
at /usr/src/app/node_modules/async/lib/async.js:1213:16
at /usr/src/app/node_modules/async/lib/async.js:166:37
at /usr/src/app/node_modules/async/lib/async.js:706:43
at /usr/src/app/node_modules/async/lib/async.js:167:37
at Immediate.<anonymous> (/usr/src/app/node_modules/async/lib/async.js:1206:34)
at runCallback (timers.js:696:18)</pre>
</body>
</html>
When attempting to access /articles/secure-backend-with-oauth2-token-introspection with a valid token, the following error is presented:gist
Token works on other endpoints just fine.
Image attached
The logfile:
GET /articles/secure-backend-with-oauth2-token-introspection 304 462.220 ms - -
Error
at /usr/src/app/services/hydra.js:21:33
at process._tickCallback (internal/process/next_tick.js:68:7)
identity provider logs:
> [email protected] start /usr/src/app
> node ./bin/www
An error occurred while making a HTTP request: { error:
'Error 404 - The requested route does not exist. Make sure you are using the right path, domain, and port.' }
GET /login?login_challenge=7d1971da088f4bff9ae62f98c39bbff6 500 489.029 ms - 213
hydra logs:
time="2019-12-04T04:04:04Z" level=info msg="started handling request" method=GET remote="192.168.48.13:32878" request=/oauth2/auth/requests/login/0ffed3bdd4dc4a20a8159e1ff1470cb7
time="2019-12-04T04:04:04Z" level=info msg="completed handling request" measure#hydra/admin: http://localhost:4444/.latency=1019600 method=GET remote="192.168.48.13:32878" request=/oauth2/auth/requests/login/0ffed3bdd4dc4a20a8159e1ff1470cb7 status=404 text_status="Not Found" took=1.0196ms
I did
docker stop $(docker ps -aq)
docker rm $(docker ps -aq)
make start-full-stack
Following curls worked without errors by returning some JSON
$ curl http://localhost:4445/clients
$ curl http://localhost:4456/rules
$ curl http://localhost:4466/policies
hydra token user --client-id example-auth-code --client-secret secret --endpoint http://localhost:4444 --port 5555
opens safari and every works fine to end page with introspection
But when I open http://127.0.0.1:4477 there are 4 example links. First 3 links fail in same way.
They ask for login then they ask for consent and then they print "Forbidden"
I've successfully compiled hydra at Win32 system by using git-bash console. I used this steps to compile the hydra
go get -d -u github.com/ory/hydra cd $(go env GOPATH)/src/github.com/ory/hydra HYDRA_LATEST=$(git describe --abbrev=0 --tags) git checkout $HYDRA_LATEST GO111MODULE=on go install \ -ldflags "-X github.com/ory/hydra/cmd.Version=$HYDRA_LATEST -X github.com/ory/hydra/cmd.BuildTime=
TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ' -X github.com/ory/hydra/cmd.GitHash=
git rev-parse HEAD" \ github.com/ory/hydra
after that
`
$ git checkout master
Already on 'master'
Your branch is behind 'origin/master' by 98 commits, and can be fast-forwarded.
(use "git pull" to update your local branch)
`
then when I executed the hydra.exe it gave me this error
`
x@x MINGW32 ~/go/src/github.com/ory/hydra (master)
$ which hydra.exe
/d/Users/S54034/go/bin/hydra.exe
x@x MINGW32 ~/go/src/github.com/ory/hydra (master)
$ hydra.exe help
D:/Users/S54034/go/bin/hydra.exe: error while loading shared libraries: : cannot open shared object file: No such file or directory
x@x MINGW32 ~/go/src/github.com/ory/hydra (master)
$ hydra.exe
D:/Users/S54034/go/bin/hydra.exe: error while loading shared libraries: : cannot open shared object file: No such file or directory
`
After using the command make start-full-stack
oathkeeper api docker container keeps restarting with the following error in the logs:
time="2018-06-18T05:16:06Z" level=fatal msg="Unable to initialize the ID Token signing algorithm" error="The secret set in CREDENTIALS_ISSUER_ID_TOKEN_HS256_SECRET must be 32 characters long."
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.