Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd: Should not fatal if ORY Hydra SDK is unable to start #71

Closed
aeneasr opened this issue Jun 12, 2018 · 4 comments
Closed

cmd: Should not fatal if ORY Hydra SDK is unable to start #71

aeneasr opened this issue Jun 12, 2018 · 4 comments
Assignees
@aeneasr
Labels
feat New feature or request.

Comments

@aeneasr
Copy link
Member

aeneasr commented Jun 12, 2018

See https://community.ory.sh/t/please-specify-the-ory-hydra-endpoint-url/491
@aeneasr aeneasr added the feat New feature or request. label Jun 12, 2018
@aeneasr aeneasr self-assigned this Jun 12, 2018
@Detrous
Copy link

Detrous commented Jun 12, 2018

Update --help command. I need to specify this for work:
CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_URL=hydra_url

But this env variable not described in help

@aeneasr
Copy link
Member Author

aeneasr commented Jun 12, 2018

Yes, seems like it isn't being updated. I think one possibility is to introduce an CREDENTIALS_ISSUER_ID_TOKEN_STRATEGY which can be set to hydra or hs (for hmac-sha). The second would be the default and we could require the user to set a password and (optionally) generate a random one.

That way there would no longer be a direct dependency to ORY Hydra and thus the tutorial would work and ORY Oathkeeper would be standalone.

I'll work on this tomorrow.

aeneasr pushed a commit that referenced this issue Jun 13, 2018
Reduces setup complexity by making strategies configurable
0373371 
This patch adds another ID Token signing algorithm (HS256) which is easier to set up as it does not rely on ORY Hydra but instead on a shared secret.

Additionally the ability to specify which ID Token singing algorithm to use has been added. Environmental variables to configure the behvaiour have been added as well.

Further, the ORY Keto Warden Authorizer strategy is now optional and disabled when the environment variable `AUTHORIZER_KETO_WARDEN_KETO_URL` is empty.

Closes #71
@gentunian
Copy link

I will leave this for reference and shortcut for people having the same issue. For more information read the oathkeeper upgrade guide

I was having the same issue with the examples/full-stack commit 76bd4877044c5bdded0f6b8b8ad12cd5c7f087af (seems outdated as this is the last commit from examples) and environment has CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_URL set that should be changed to: CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_ADMIN_URL

Working environment:

    environment:
      - LOG_LEVEL=debug
      - PORT=4456
      - DATABASE_URL=postgres://dbuser:secret@postgresd:5432/accesscontroldb?sslmode=disable
      - ISSUER_URL=http://localhost:4455/
      - AUTHORIZER_KETO_WARDEN_KETO_URL=http://keto:4466
      - CREDENTIALS_ISSUER_ID_TOKEN_ALGORITHM=ory-hydra
      - CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_JWK_SET_ID=resources:hydra:jwk:oathkeeper
      - CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_ADMIN_URL=http://hydra:4445

@aeneasr
Copy link
Member Author

aeneasr commented Aug 26, 2018

Thanks! Master is not yet released but with rc.1 the examples will be upgraded too!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aeneasr aeneasr

Labels
feat New feature or request.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gentunian @aeneasr @Detrous