so if I am setting up kratos + hydra I just need to configur Ory Community #talk-hydra

Join Slack

so if I am setting up kratos + hydra, I just need ...

# talk-hydra

rhythmic-raincoat-85174

04/24/2023, 9:40 PM

so if I am setting up kratos + hydra, I just need to configure hydra with krato's login and logout urls?

high-hospital-5525

04/25/2023, 5:22 AM

Pretty much correct, I recently connected central Kratos + Hydra and used that as OIDC provider for another separate Kratos Only thing missing by default was the consent flow. I got it working with custom self-service-ui image from here https://github.com/ory/kratos-selfservice-ui-node/issues/224

wonderful-river-44748

04/25/2023, 11:37 AM

My team and I are also currently trying to setup hydra + kratos. Is it possible you could help give us some pointers or guide us? Lmk in dms if you would be willing to help out because there is almost 0 documentation on kratos + hydra. Its an open source project so we are looking for volunteers whenever we can.

rhythmic-raincoat-85174

04/25/2023, 4:17 PM

i am currently in the process of setting it up my self in a self contained k8s environment (minikube). I'll let you know if I have any luck 🙂 thanks for the tips @high-hospital-5525

magnificent-energy-493

04/25/2023, 4:53 PM

Anything you can contribute to the examples repository helps others as well! https://github.com/ory/examples There is a draft PR here https://github.com/ory/examples/pull/67 but so far did not have time to work on it 😕

high-hospital-5525

04/26/2023, 6:25 AM

Unlikely to find time to contribute with an example currently 😔 But to get anyone started, basically adding

kratos.config.oauth2_provider.url

- point to hydra admin endpoint (port 4445), I run them in the same cluster so pointed internally And

hydra.config.urls.self.issuer

hydra.config.urls.login

- point to Kratos that you'll use for login

hydra.config.urls.consent

- point to UI that has consent flow. Can use the modified self-service UI I mentioned earlier Also need an

OAuth2Client

but that gets more specific and depends on what is your client domain etc. If you want to connect a different client-Kratos to this "Kratos+Hydra" setup then you need to just add a

generic

provider in client-Kratos that points to this one and has the clientId+Secret

rhythmic-raincoat-85174

04/26/2023, 11:03 PM

If you want to connect a different client-Kratos to this "Kratos+Hydra" setup then you need to just add a
generic
provider in client-Kratos that points to this one and has the clientId+Secret

rhythmic-raincoat-85174

04/26/2023, 11:03 PM

basically you are referring to using it as a IdP

rhythmic-raincoat-85174

04/26/2023, 11:03 PM

right?

magnificent-energy-493

04/27/2023, 7:50 AM

I think that is most likely what they meant! I wanted to explore use cases like that as well, Kratos+Hydra as “main IdP” and then different “tenant” Kratos connected via OIDC. This would make it easier to have different configurations and a similar setup to what we do for multi-tenancy in Ory Network.

delightful-noon-48365

05/02/2023, 11:03 AM

Hi all and @magnificent-energy-493, I fixed the consent page that was not working on your PR https://github.com/ory/examples/pull/67

magnificent-energy-493

05/03/2023, 7:14 AM

Awesome! I will see to review and merge your PR asap 🙇

adorable-scooter-1570

05/15/2023, 8:49 AM

thanks @delightful-noon-48365. i pulled the latest code from your PR and ran it locally. the docker build runs fine. but when i run this command:

Copy code

code_client=$(sudo docker-compose exec hydra \
    hydra create client \
    --endpoint <http://127.0.0.1:4445> \
    --grant-type authorization_code,refresh_token \
    --response-type code,id_token \
    --format json \
    --scope openid --scope offline \
    --redirect-uri <http://127.0.0.1:5555/callback>)

i get this error message:

service "hydra" is not running container #1

any idea why this would happen? the site still loads and seems to run correctly. i can see the consent page now.

delightful-noon-48365

05/15/2023, 9:09 AM

Hi @adorable-scooter-1570, you’re welcome ! I have also update the kratos-selfservice-ui-node with this hydra integration inside the PR #257. Did you run this command on the path where your docker compose file is located?

adorable-scooter-1570

05/15/2023, 9:17 AM

@delightful-noon-48365 no, i did not. but i just tried that and yep, that worked.

adorable-scooter-1570

05/15/2023, 9:20 AM

then i'll look over the PR next and hopefully we can get that merged

adorable-scooter-1570

05/15/2023, 9:23 AM

one other thing before i do that though. the font on the welcome page isn't right in your PR when compared to how it looked previously. here's a side-by-side comparison, before and after:

adorable-scooter-1570

05/15/2023, 9:24 AM

looking in the dev console, it seems that something in the build process didn't apply the styles the way it's supposed to. before and after:

adorable-scooter-1570

05/15/2023, 9:26 AM

i poked around a bit in the Ory stack and couldn't figure out how or where these styles get built. i think it's beyond my abilities right now. maybe @magnificent-energy-493 can answer that one though. not sure if this is related to any code you changed or not @delightful-noon-48365.

delightful-noon-48365

05/15/2023, 10:04 AM

@adorable-scooter-1570 I found it, it's the partial view file standard_headers.hbs of the example that is not align with the original one from kratos-selfservice-ui-node project. I'll create a new PR to align the example to the new version for all files including standard_headers.hbs.

delightful-noon-48365

05/15/2023, 10:39 AM

The PR that fix fonts, icons and design : https://github.com/ory/examples/pull/71

adorable-scooter-1570

05/15/2023, 5:38 PM

@delightful-noon-48365 fantastic! nicely done. i'm looking over the PR now.

22 Views

Open in Slack

Previous Next