https://www.ory.sh/ logo
Join Slack
Powered by
:wave: Is there any way to configure a session `to...
# talk-kratos
c
👋 Is there any way to configure a session 
tokenizer
in a self-hosted kratos? (https://www.ory.sh/docs/identities/session-to-jwt-cors#json-web-token-templates)
w
yes. what error are you seeing when you try?
c
Actually, kratos does not even start because of a misconfiguration. I've been using 
kratos:1.0.0
and it does not start as the 
tokenizer
is not accepted as a property for 
session.whoami
Copy code
ory-standalone-kratos-1                      | time=2024-01-23T15:18:42Z level=error msg=Unable to instantiate configuration. func=<http://github.com/ory/kratos/driver.NewWithoutInit|github.com/ory/kratos/driver.NewWithoutInit> file=/project/driver/factory.go:43 audience=application error=map[message:I[#/session/whoami] S[#/properties/session/properties/whoami/additionalProperties] additionalProperties "tokenizer" not allowed stack_trace:stack trace could not be recovered from error type *jsonschema.ValidationError] service_name=Ory Kratos service_version=v1.0.0
ory-standalone-kratos-1                      | Error: I[#/session/whoami] S[#/properties/session/properties/whoami/additionalProperties] additionalProperties "tokenizer" not allowed
w
yep. looks like 
script/render-schemas.sh
is what you need. run that from your repo directory: 
bash script/render-schemas.sh
and try again.
c
I came across another thread where you talked about that
w
the config schema that your runtime is testing your configuration against is older than the one that allows 
tokenizer
how are you running kratos?
c
through the latest docker image actually, so I guess I'll have to build it before right?
(I mean, right after the script exec)
w
yeah - what i had to do.
run script. run docker build with the updated tag (it pushes it just to my local docker) then run that "updated tag" from compose. that's about it.
i think the makefile has the "docker build" you are looking for iirc
c
Alright, thank you Chris, I'll try that right away. Any plan to get this "official" docker image configured as this? Do you have any more information?
w
i wanna say it's like 
IMAGE_TAG=something make docker
🙂 i don't work for ory. i only use their stuff and attempt to tinker with their code.
c
Yes I figured it out but I wondered if you got any issue tracked down in kratos repository
w
ah. no. not sure if there's an issue or if that config schema is "not yet ready for prime-time".
i just know that's the simplest way i could come up with that would (officially at least) update the config schema to point to the version that supports the feature in question.
c
Thank you Chris for your help 👍 It looks like it's better now, still have to troubleshoot few minor unrelated stuff 😉
t
Hi, just stumbled upon this thread. I must say, am also in the same boat. I was able to build the new docker and add the config etc. for the tokenizer. Upon hitting the whoami endpoint with the required tokenize_as query parameter, I get the error: request malformed, could not sign the token. I have trying providing url for the jwks file, using base64 encoded etc. but no luck. Did you guys also had the same problem?
I have the exactly same problem as this issue: https://github.com/ory/kratos/issues/3685
okay so i solved this issue by generating a new jwks using the oathkeeper cli as shown here: https://www.ory.sh/docs/oathkeeper/cli/oathkeeper-credentials-generate and then base64 encoded and directly copied to the config file.
c
hi @witty-holiday-65473 , I faced the same issue (additionalProperties "tokenizer" not allowed), but I don't install Kratos on my machine, for now I'm using docker-compose, e.g.: https://www.ory.sh/docs/kratos/quickstart#clone-ory-kratos-and-run-it-in-docker Could you help me to get, how can I fix that issue in docker-compose? (where should I run 
ash script/render-schemas.sh
OR is there another way to fix it)? Also the same question in case if I run Kratos using Helm? Thanks in advance and looking forward to hearing any advice from you
87 Views
Open in Slack
PreviousNext
Powered by