Hi I am trying to run `Oathkeeper kratos Kong` example menti Ory Community #ory-network

Hi, I am trying to run `Oathkeeper-kratos-Kong` e...

agreeable-microphone-83376

08/11/2023, 3:38 PM

Hi, I am trying to run

Oathkeeper-kratos-Kong

example mentioned here: https://www.ory.sh/zero-trust-api-security-ory-tutorial/ Example: https://github.com/ory/examples/tree/master/kratos-oathkeeper-kong If I run the Self hosted Kratos and Oathkeeper in docker, the kong example works perfectly fine. But, I am using Ory Cloud, and want to use the Kratos

Identities

from cloud. When I replace the Kratos url to

<http://localhost:4000/sessions/whoami>

and error handler to

<http://localhost:4000/ui/login>

, it gives CORS issue. To fix this, I tried using Ory Tunnel via CLI on windows. I used following command for Tunnel:

ory tunnel --project <my-ory-slug-> --dev <http://localhost:8000>

Tunnel starts, runs and also gives me the access on

<http://localhost:4000>

and I am able to login as well. But when I run the service to call

hello

world

using:

<http://localhost:8000/hello>

<http://localhost:8000/world>

I get unauthorized error. and if I use

<http://127.0.0.1:8000/hello>

<http://127.0.0.1:8000/world>

I get Forbidden error. Will be thankful if you can share how to solve this.

steep-lamp-91158

08/11/2023, 3:49 PM

Please check in your browser with the dev tools on what domain the cookies are being set and if they are included when you send the request.

localhost

127.0.0.1

steep-lamp-91158

08/11/2023, 3:50 PM

try also calling

/sessions/whoami

directly to see if it is a oathkeeper config error

steep-lamp-91158

08/11/2023, 3:54 PM

also the cookie name could be an issue https://github.com/ory/examples/blob/e5179f8661ec014437bbd5cbfa2f6aea73c153fe/kratos-oathkeeper-kong/oathkeeper/oathkeeper.yml#L66

steep-lamp-91158

08/11/2023, 3:55 PM

actually I think it is very likely the cookie name

steep-lamp-91158

08/11/2023, 3:55 PM

@magnificent-energy-493 maybe we can add Ory Network to those examples?

agreeable-microphone-83376

08/11/2023, 4:55 PM

@magnificent-energy-493 @steep-lamp-91158 I had it in my mind from past some time to share with you guys that your ory cloud documentation, esp. examples are really lagging behind and is esp. a pain for the cloud customers. An update in this direction will be really helpful because in case of cloud we have extra burden of handling CORS while doing local development.

agreeable-microphone-83376

08/11/2023, 4:56 PM

1. Just re-checked from browser: Cookies are being set on

localhost

<http://localhost:4000>

2. http://localhost:4000/sessions/whoami in browser gives me a proper response of whoami 3. WHat will be cookies name for Kratos in case of Ory Cloud Identities? Following is my current cookies session section in oathkeeper.yml

Copy code

cookie_session:
    enabled: true
    config:
      check_session_url: <http://localhost:4000/sessions/whoami>
      preserve_path: true
      extra_from: "@this"
      subject_from: "identity.id"
      only:
        - ory_kratos_session

steep-lamp-91158

08/11/2023, 7:30 PM

You have to check, it contains a random part

agreeable-microphone-83376

08/11/2023, 11:00 PM

@steep-lamp-91158 Is there any example of oathkeeper and ory network? Will use that example to understand where am I going wrong.

steep-lamp-91158

08/14/2023, 9:07 AM

check the cookie name in the devtools, it will be something like

ory_session_xxxx

where xxx is some random part that is unique per project

steep-lamp-91158

08/14/2023, 9:08 AM

you can just forward all cookies by omitting the

only

key

8 Views

Open in Slack

Previous Next