https://www.ory.sh/ logo
Join Slack
Powered by
This message was deleted.
# general
m
This message was deleted.
n
what exactly do you mean by consent? oauth 2.0 consent is part of hydra
w
Is it? What I'm talking about is the app that's configured under the "consent" URL in the hydra conf.
What this is trying to implement, I'd assume.
Sans the login/logout.
n
if self-hosting, neither kratos nor hydra provide the UI built-in, that must be built separately. but ory does have example apps you can use like that one
w
So we tried that one but it didn't work.
Specifically the email claim wasn't found when trying to tie our ownCloud instance to it.
So we set up the little example app and added skip-consent, and then ownCloud wouldn't see the "email" attribute even though the scope was set up for the client.
Works on Keycloak etc.
n
storing extra data during consent must also be built separately - https://www.ory.sh/docs/oauth2-oidc/userinfo-oidc
w
Ok so, we don't have the resources to build that. Does that mean the setup we've made is for all intents and purposes useless?
n
if you want everything pre-built you'd want to look into the ory network
w
The paid solution? So that has consent handling built in?
n
that has pre-built UIs for the entire flow so you get everything out of the box, you mostly just configure things
there is a free developer account so i would recommend creating one and checking out how it all works
w
Can it be hosted on-premise? We'd need to do that due to data security regs.
n
AFAIK it cannot
w
Ok, thanks for the info.
r
hey @wide-daybreak-39428 to add to Andrew’s answer, also add the email to the scope of the consent request. The scope is also used in the skipConsent scenario.
Copy code
const { consent_challenge } = req.query // the HTTP request

const challenge = await oauth2
  .getOAuth2ConsentRequest({ consentChallenge: String(consent_challenge) })
  .then(({ data: body }) => body)

const skipConsent =
  challenge.skip || // skip because the user accepted the consent previously
  challenge.client.skip_consent // skip because the client is trusted

if (skipConsent) {
  // If the consent is skipped, we accept the consent request immediately.
  await oauth2.acceptOAuth2ConsentRequest({
    consentChallenge: String(consent_challenge),
    acceptOAuth2ConsentRequest: {
      grant_scope: challenge.requested_scope,
      grant_access_token_audience: challenge.requested_access_token_audience,
      session,
    },
  })
}
as per the docs: 
scope
(optional): The scope of the access request, which specifies what resources the requesting application can access. eg 
scope=email+name
On-Premise: We have some hybrid scenarios (self-hosted & network) for which we can provide a support/service offering. If you’re interested, we can schedule a quick call to discuss your regulatory and security requirements? It’s likely that Ory network already fulfills most of those needs.
d
Hi @wide-daybreak-39428, for your information there is a example on how integrate Kratos and Hydra together here : https://github.com/ory/examples/tree/master/kratos-hydra/
Open in Slack
PreviousNext
Powered by