https://www.ory.sh/ logo
Join Slack
Powered by
Hello all, I am trying and failing to integrate or...
# talk-hydra
k
Hello all, I am trying and failing to integrate ory kratos and hydra with YouTrack auth module: https://www.jetbrains.com/help/youtrack/cloud/OAuth2-Authentication-Module.html#auth-service-endpoints I am following the kratos-hydra example: https://github.com/ory/examples/tree/master/kratos-hydra I attach the YouTrack OAuth config. When I try to authenticate through this OAuth module, I get properly redirected to the kratos UI login page, then to the constent page, but in the end I am brought back to the Youtrack page with an error "Cannot retrieve details from the user profile in the OAuth provider.". I would very much appreciate any tips o how to make it work. Thank you!
a
I may be shooting blind here but I think you may need to host Kratos and Hydra publicly in the internet when specifying the endpoints in the YouTrack (screenshot below) you have a couple of options for hosting: • use Ory Network as a playground/dev so that you can develop, once ready move to a production version (either hosted or managed) • use Ngrok to expose the self-hosted version of Kratos and Hydra in your PC to the publicly available internet access • lastly, and the most expensive approach 👉 actually host Kratos and Hydra somewhere on the internet and give that endpoint to the YouTrack hope this helps
k
thanks for the answer. public hosting is not needed. why would it be the case in the first place?
I believe the problem lies in the wrong "User Data" address. I suspect that 
<http://kamilk:4433/sessions/whoami>
is wrong, what should one use instead?
a
quick question cause I may have gotten your setup wrong do you self-host YouTrack in a locahost docker container? if: • that's the case, and • YouTrack container and Kratos/Hydra are in the same docker network then that value of 
<http://kamilk:4433>
& 
<http://kamilk:4444>
is correct and there shouldn't be a connectivity issue otherwise, one of my earlier proposal should work for you
k
I am properly redirected, I can authorize youtrack, so the urls are correct and working. Only after does it fail, I suspect the "User Data" address `http://kamilk:4433/sessions/whoami`is wrong.
which kratos / hydra url should one use for "The endpoint used to locate profile data for the authenticated user. When a user profile response object is returned by the authorization service, values from the specified field paths are copied to the user profile in Hub. Use a sequence of path segments separated by slashes (/) to specify a path to a field inside a nested object."?
a
oh that's a long one but, the URI is correct 
/sessions/whoami
k
it does not work. kratos rejects it as unauthorized
a
yeah, kratos expects cookie with a key 
ory_kratos_session
or a header with 
x-session-token
k
Copy code
time=2023-10-25T08:42:17Z level=info msg=started handling request http_request=map[headers:map[accept:application/json accept-encoding:gzip,deflate authorization:Value is sensitive and has been redacted. To see the value set config key "log.leak_sensitive_values = true" or environment variable "LOG_LEAK_SENSITIVE_VALUES=true". connection:Keep-Alive user-agent:Jersey/2.35 (Apache HttpClient 4.5.13)] host:kamilk:4433 method:GET path:/sessions/whoami query:<nil> remote:172.19.0.1:41176 scheme:http]
time=2023-10-25T08:42:17Z level=info msg=No valid session found. audience=audit error=map[debug: message:request does not have a valid authentication session reason:No active session was found in this request.
do I need something like https://github.com/lus/hydra-consent?
FWIW, I first tried to integrate youtrack with okta, and it works seamlessly.
I changed the endpoint used to locate profile data for the authenticated user to hydra's 
/userinfo
, (https://www.ory.sh/docs/hydra/reference/api#tag/oidc/operation/getOidcUserInfo) but the response is completely different from the endpoint schema:
Copy code
{
  "amr": [
    "password",
    "password"
  ],
  "aud": [
    "d1bb500e-db51-441b-88d2-ddd14a4966a5"
  ],
  "auth_time": 1698239501,
  "iat": 1698242703,
  "iss": "<http://kamilk:4444>",
  "rat": 1698242700,
  "sub": "a55f1edc-3424-4f81-bf28-fe3b49e9124c"
}
8 Views
Open in Slack
PreviousNext
Powered by