https://www.ory.sh/ logo
Join Slack
Powered by
:wave: Hello, team! Is there any sort of documenta...
# talk-kratos
t
👋 Hello, team! Is there any sort of documentation about how to write the config file? I definitely have some errors in there and it's been driving me crazy for a few days.
w
Hi! 👋 As you didn’t provide any specifics regarding what you’re having trouble with I assume you just need a “cheat-sheet” for Kratos config. Have a look at this document here and let me know if you found what you were looking for 😉 https://www.ory.sh/docs/kratos/reference/configuration
t
version: v0.7.1-alpha.1 dsn: memory serve: public: base_url: http://localhost:4433/ cors: enabled: true allow_credentials: true allowed_origins: - 'https://localhost:4455/' - 'https://localhost:3000/' - 'http://localhost:4433/' allowed_methods: - POST - GET - PUT - PATCH - DELETE allowed_headers: - Authorization - Cookie - Content-Type exposed_headers: - Content-Type - Set-Cookie admin: base_url: http://localhost:4434/ selfservice: default_browser_return_url: http://localhost:3000/ allowed_return_urls: - http://localhost:3000/ methods: password: enabled: true config: haveibeenpwned_enabled: false min_password_length: 8 identifier_similarity_check_enabled: true profile: enabled: false flows: error: ui_url: http://localhost:3000/error settings: ui_url: http://localhost:3000/dashboard/changePassword/ privileged_session_max_age: 1m recovery: enabled: true ui_url: http://localhost:3000/auth/recovery verification: enabled: true ui_url: http://localhost:3000/auth/verification after: default_browser_return_url: http://localhost:3000/ logout: after: default_browser_return_url: http://localhost:3000/auth/login login: ui_url: http://localhost:3000/auth/login lifespan: 10m # after: # password: # hooks: _# - hook: require_verified_address_ registration: lifespan: 10m ui_url: http://localhost:3000/onboarding/registration after: password: hooks: - hook: session log: level: debug format: text leak_sensitive_values: true secrets: cookie: - XRhlCxFymN8l7/JgsYujFLoytBwVtjo1rJmxpXYO5GY= cipher: - bdWyFFJmGpih5cCvOHGhCUKbe7oDsv8f ciphers: algorithm: xchacha20-poly1305 hashers: algorithm: bcrypt bcrypt: cost: 8 identity: default_schema_id: default schemas: - id: default url: file:///etc/config/kratos/identity.schema.json courier: smtp: connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true session: cookie: name: "sid"
is this config causing these errors?
Before I even touch anything on the page, these errors are there
@wonderful-lamp-2357
@swift-chef-97535 can anyone help me?
p
Hi @thousands-holiday-39862 CORS is a browser error. Let's debug this, how are you running Kratos and your app? I see you are calling Kratos on http://localhost:4433 and your app is on http://localhost:3000 are you running Kratos in docker? is this the quickstart you are following?
t
Yes kratos is on docker
I was using quickstart
then I had to change a few things in the config and now it's like this
right now I am unable to send evena single request to kratos
everything errors out
Starts with some ambigous metwork error (which in most cases was connected to config)
Seems like I have a standard config and my codebase has not changed at all, so why these errors?
I am just very confused with all this
p
I believe you should be calling oathkeeper and your application should also be inside docker. have you tried calling kratos using cURL? it should work - CORS is a browser based error https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
t
I will try cURL, also I can try moving app inside docker, however it worked perfectly fine till now. I don't understand why it's causeing so many problems out of nowhere. I had cors error before, fixed it by changing config, then I had to change confid a few more times and now its like this
p
maybe there is an error in the config
check the kratos logs
it's possible that you aren't using the config at all as well
i would make sure by explicitly checking the kratos logs. is this on the latest quickstart?
t
i think so
Cache-Control: private, no-cache, no-store, must-revalidate Content-Type: text/html; charset=utf-8 Location: http://localhost:3000/auth/login?flow=ccee7ccf-c830-4235-8eef-a1757cb7dd46 Set-Cookie: csrf_token_82b119fa58a0a1cb6faa9738c1d0dbbf04fcc89a657b7beb31fcde400ced48ab=yx9LLIUJgzBEPDVUGJb3lzlAtq9V5U7mh5Zrz9jdCD0=; Path=/; Max-Age=31536000; HttpOnly; SameSite=Lax Vary: Origin Vary: Cookie Date: Fri, 02 Sep 2022 092956 GMT Content-Length: 101
here is curl response
it did give back a flow and a token I guess
how do I check logs?
p
yeah, but i mean it is also not affected by CORS so we know at least kratos is running
you need to do a docker logs command with the container id
you can get the container names by calling 
docker ps
Example
Copy code
➜  ~ docker ps
CONTAINER ID   IMAGE                           COMMAND           CREATED          STATUS          PORTS                                                                                                                                    NAMES
755ae79e9a64   oryd/mailslurper:latest-smtps   "./mailslurper"   54 minutes ago   Up 54 minutes   0.0.0.0:1025->1025/tcp, :::1025->1025/tcp, 2500/tcp, 8080/tcp, 0.0.0.0:4436-4437->4436-4437/tcp, :::4436-4437->4436-4437/tcp, 8085/tcp   mailslurper
➜  ~ docker logs 755ae79e9a64
time="2022-09-02T08:38:31Z" level=info msg="Starting MailSlurper Server v1.14.1" who=MailSlurper
time="2022-09-02T08:38:31Z" level=info msg="Connecting to database" who=MailSlurper
time="2022-09-02T08:38:31Z" level=info msg="Creating database tables..." who=MailSlurper
time="2022-09-02T08:38:31Z" level=info msg="Created tables successfully." who=MailSlurper
time="2022-09-02T08:38:31Z" level=info msg="Worker pool configured for 1000 workers" who="SMTP Server Pool"
time="2022-09-02T08:38:31Z" level=info msg="SMTP listener running on SSL 0.0.0.0:1025" who="SMTP Listener"
time="2022-09-02T08:38:31Z" level=info msg="1 receiver(s) listening" who="SMTP Listener"
time="2022-09-02T08:38:31Z" level=info msg="HTTP admin listener running on 0.0.0.0:4436" who=MailSlurper
⇨ http server started on [::]:4436
⇨ http server started on [::]:4437
time="2022-09-02T08:39:34Z" level=info msg="Mail collection page 1 retrieved" who=ServiceController
➜  ~
t
got the logs
a lot of info there, what am I looking for?
p
any sort of error when when reading the config. so this would be when the config changes. you can try update the config to see the logs change
since the config can be changed at runtime
t
I changed config and did a ctrl f for error
but nothing
I couldnt even tell
if the logs were different when I changed the config
p
hmm 🤔 have you tried running the kratos binary with the config file outside of docker as a test? just trying to do process of elimination here. It might also be that the docker container has been running a while and it kept the values as they were before you changed say cors configs.
also the logs should've changed. but it is difficult to spot
also depends on the log level of kratos
t
I have restarted containers multiple times. I am not sure how to run Kratos binary outside of docker?
2022-09-02T093249.747806840Z {"level":"info","message":"HTTP GET /login","meta":{"req":{"headers":{"accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9,ka;q=0.8,und;q=0.7","connection":"keep-alive","cookie":"csrf_token_82b119fa58a0a1cb6faa9738c1d0dbbf04fcc89a657b7beb31fcde400ced48ab=nPPRunvEq86lYpjtBe8HBPMBL0JvQY7Ny0h3Z/9FgqM=; csrf_token_dc00b22e96a17ebfc20ec30276b3639d78899dea58cd5bfa217fd2941625a35d=C4A0PZybykmCpWBXp7eBjeZnbl7dJYTNSRxJNV5QdhU=; csrf_token_806060ca5bf70dff3caa0e5c860002aade9d470a5a4dce73bcfa7ba10778f481=Xh/zXBSk2fA/M7Uniwo3K3tbBZezw4mDN4nB+2Wlt5U=","host":"localhost:4455","referer":"http://localhost:4455/welcome","sec-ch-ua":"\"Chromium\";v=\"104\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"104\"","sec-ch-ua-mobile":"?0","sec-ch-ua-platform":"\"macOS\"","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"same-origin","sec-fetch-user":"?1","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"},"httpVersion":"1.1","method":"GET","originalUrl":"/login","query":{},"url":"/login"},"res":{"statusCode":303},"responseTime":24}}
this is my last log
timestamp stays the same
even when I change the config
p
You can download the binary for your OS https://github.com/ory/kratos/releases/tag/v0.10.1 then run the binary in your terminal
Copy code
./kratos -c "/path/to/kratos.yml" --dev serve
t
Usage: kratos [command] Available Commands: completion Generate the autocompletion script for the specified shell courier Commands related to the Ory Kratos message courier delete Delete resources format Helpers for formatting code get Get resources hashers This command contains helpers around hashing help Help about any command import Import resources lint Helpers for linting code list List resources migrate Various migration helpers remote Helpers and management for remote Ory Kratos instances serve Run the Ory Kratos server validate Validate resources version Show the build version, build time, and git hash Flags: -h, --help help for kratos Use "kratos [command] --help" for more information about a command. Saving session...completed. Deleting expired sessions...none found.
Okay look, Sr Dev just came in and fixed this problem with CORSUnblock extension in my browser
However I just want to know why I did not have these errors before
I did not need corsunblock before
p
just running cors unblock isn't the fix 🙂 the browser has cors enabled to protect you, which means the server needs to comply. Kratos needs to say it's fine for your localhost:3000 app to send it requests.
my theory is that cors isn't being set by kratos. either because the config is incorrect or something with docker networking
1. run kratos outside of docker so we can ensure we aren't running into docker networking issues etc. 2. check any errors in the terminal when running kratos with your config
3. ensure kratos has cors configs enabled and 
localhost:3000
is on that allow list
t
Usage: kratos [command] Available Commands: completion Generate the autocompletion script for the specified shell courier Commands related to the Ory Kratos message courier delete Delete resources format Helpers for formatting code get Get resources hashers This command contains helpers around hashing help Help about any command import Import resources lint Helpers for linting code list List resources migrate Various migration helpers remote Helpers and management for remote Ory Kratos instances serve Run the Ory Kratos server validate Validate resources version Show the build version, build time, and git hash Flags: -h, --help help for kratos Use "kratos [command] --help" for more information about a command. Saving session...completed. Deleting expired sessions...none found.
I got this back
p
4. ensure the browser URL is pointing to 
localhost:3000
and the sdk is pointing to kratos on 
localhost
. using 
127.0.0.1
instead will change what it allows since it sees it as a different origin
t
when I ran
the binary
p
./kratos serve -c "path/to/config" --dev
t
I'm gonna run kratos rn
outside docker
umm - zsh: no such file or directory: ./kratos
it worked las time
FATA[2022-09-02T142600+04:00] Unable to instantiate configuration. audience=application error=map[message:lstat contrib/quickstart/kratos/email-password: no such file or directory] service_name=Ory Kratos service_version=v0.10.1
here
I tried to run kratos outside docker and this happened
no wait
FATA[2022-09-02T142724+04:00] Unable to instantiate configuration. audience=application error=map[message:open /etc/config/kratos/identity.schema.json: no such file or directory stack_trace: github.com/ory/kratos/driver/config.(*Config).validateIdentitySchemas /project/driver/config/config.go:395 github.com/ory/kratos/driver/config.New /project/driver/config/config.go:345 github.com/ory/kratos/driver.NewWithoutInit /project/driver/factory.go:24 github.com/ory/kratos/driver.New /project/driver/factory.go:13 github.com/ory/kratos/cmd/serve.NewServeCmd.func1 /project/cmd/serve/root.go:33 github.com/spf13/cobra.(*Command).execute /go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:860 github.com/spf13/cobra.(*Command).ExecuteC /go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:974 github.com/spf13/cobra.(*Command).Execute /go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:902 github.com/ory/kratos/cmd.Execute /project/cmd/root.go:51 main.main /project/main.go:35 runtime.main /usr/local/go/src/runtime/proc.go:255 runtime.goexit
same with correct path
what can I try?
I know I am stupid but please dont abandon me 😅😅
i tried and it gives me the same error, but since its asking for schema it means it sees the config right?
The configuration contains values or keys which are invalid: identity.schemas.0.url: ./identity.schema.json ^-- "./identity.schema.json" is not valid "uri"
returns this error
I tried different formats
with '' and without
I even tried giving it the full path, it just doesnt work
p
you need a prefix indicating what type of uri it is example
Copy code
identity:
  default_schema_id: default
  schemas:
    - id: default
      url: file:///etc/config/kratos/identity.schema.json
this is from the quickstart currently. Let's change it to a file inside the same folder
Copy code
identity:
  default_schema_id: default
  schemas:
    - id: default
      url: file://./identity.schema.json
t
okay, on it
still this
FATA[2022-09-02T155112+04:00] Unable to instantiate configuration. audience=application error=map[message:open ./identity.schema.json: no such file or directory stack_trace:
p
are you sure the identity schema is in the same folder?
i just ran this on my machine and it worked
Copy code
identity:
  default_schema_id: default
  schemas:
    - id: default
      url: file://./identity.schema.json
t
okay, when I to ctrl + click it does go to the file, so I guess Im making another mistake
p
can you paste your kratos.yml file here?
just don't paste any sensitive content
like oidc client id + secret etc.
t
dsn: memory serve: public: base_url: http://localhost:4433/ cors: enabled: true allow_credentials: true allowed_origins: - https://localhost:4455/ - https://localhost:3000/ allowed_methods: - POST - GET - PUT - PATCH - DELETE allowed_headers: - Authorization - Cookie - Content-Type exposed_headers: - Content-Type - Set-Cookie admin: base_url: http://localhost:4434/ selfservice: default_browser_return_url: http://localhost:3000/ allowed_return_urls: - http://localhost:3000/ methods: password: enabled: true config: haveibeenpwned_enabled: false min_password_length: 8 identifier_similarity_check_enabled: true profile: enabled: false flows: error: ui_url: http://localhost:3000/error settings: ui_url: http://localhost:3000/dashboard/changePassword/ privileged_session_max_age: 1m recovery: enabled: true ui_url: http://localhost:3000/auth/recovery verification: enabled: true ui_url: http://localhost:3000/auth/verification after: default_browser_return_url: http://localhost:3000/ logout: after: default_browser_return_url: http://localhost:3000/auth/login login: ui_url: http://localhost:3000/auth/login lifespan: 10m # after: # password: # hooks: _# - hook: require_verified_address_ registration: lifespan: 10m ui_url: http://localhost:3000/onboarding/registration after: password: hooks: - hook: session log: level: debug format: text leak_sensitive_values: true secrets: ??? ciphers: algorithm: xchacha20-poly1305 hashers: algorithm: bcrypt bcrypt: cost: 8 identity: default_schema_id: default schemas: - id: default url: file://./identity.schema.json courier: smtp: connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true session: cookie: name: "sid"
p
the config seems fine, kratos loaded it up and started running
just place the identity.schema.json file inside the same folder as your 
kratos.yml
t
it is 😄 😄
p
try this, place the 
kratos
binary + 
kratos.yml
+ 
identity.schema.json
inside the same folder. then 
cd
in your terminal into the folder
t
okay
now its giving me this
WARN[2022-09-02T161612+04:00] Unable to connect to database, retrying. audience=application error=map[message:unsupported dialect 'sqlite3' stack_trace:stack trace could not be recovered from error type *errors.errorString] service_name=Ory Kratos service_version=v0.10.1
over and over
FATA[2022-09-02T162157+04:00] Unable to initialize service registry. audience=application error=map[message:unsupported dialect 'sqlite3' stack_trace:
this was the final error
p
check to download the binary with the 
sqlite
tag e.g.
Copy code
kratos_0.10.1-linux_sqlite_64bit.tar.gz
because your dsn is 
memory
it will use sqlite as the database
t
okay, on it
FATA[2022-09-02T162956+04:00] Failed to gracefully shutdown admin httpd: listen tcp 0.0.0.04434 bind: address already in use audience=application service_name=Ory Kratos service_version=v0.10.1 FATA[2022-09-02T162956+04:00] Failed to gracefully shutdown public httpd: listen tcp 0.0.0.04433 bind: address already in use audience=application service_name=Ory Kratos service_version=v0.10.1
it started
but still failed in the end
p
because the ports are still used in docker
kill the docker containers
t
docker is paused
okay sec
okay I think it is running
p
now try your app running on 
localhost:3000
t
it runs and gives the same errors
so my browser refuses to send a request to kratos? what else could be at play?
p
how is the query constructed? is it a fetch request?
t
I am using functions form @ory/client
p
can you show me how you are creating the sdk isntance?
t
sure, it's just I've been doing it the same since the first time I used kratos. 1 sec
const basePath = process.env.REACT_APP_ORY_URL || "http://localhost:4433"; const ory = new V0alpha2Api( new Configuration({ basePath, baseOptions: { withCredentials: true, }, }) );
p
yeah that looks correct. i wonder then why you're getting cors.
maybe there is a bug or something. let me check on my side quick.
found the bug
😂
check the kratos config under cors, you set the allow origin there
the URLs are incorrect
Copy code
cors:
      enabled: true
      allow_credentials: true
      allowed_origins:
        - <http://localhost:4455>
        - <http://localhost:3000>
      allowed_methods:
        - POST
        - GET
        - PUT
        - PATCH
        - DELETE
change 
https
-> 
http
s
@thousands-holiday-39862 hey this has been a very long help session. Many of your problems have nothing to do with Ory but are Docker issues. Why not save yourself a lot of time and effort and use the Ory Cloud dev account with Ory CLI? We cannot keep supporting this problem on public community Slack. I hope you understand. Maybe someone else in the community or from Docker can otherwise help you.
t
I changed it, but it still did not help.
@swift-chef-97535 we've been trying to get to the core of the issue, seems like we are really close
I cant just tell my manager to switch to ory cloud
I changed http but it still does the same
as I'm running kratos outside docker, it doesnt seem like a docker problem at this point
Browser just refuses to connect to kratos,
p
remove the headers as well please to see if that's the problem. it might be the case that something there is incorrect and it overrides the defaults
Copy code
allowed_headers:
        - Authorization
        - Cookie
        - Content-Type
      exposed_headers:
        - Content-Type
        - Set-Cookie
s
I would be happy to talk to you about the path to Ory Cloud. The reason we built the Cli is because many devs have challenges setting up the whole Ory ecosystem the running at scale. We can help you with it. The dev account is free
t
deleted them but no use 😞
cors error is gone, but it still.
xhr.js?9a23:187 GET http://localhost:4433/sessions/whoami net::ERR_CONNECTION_REFUSED
createError.js?c11a:16 Uncaught (in promise) Error: Network Error at createError (createError.js?c11a161) at XMLHttpRequest.handleError (xhr.js?9a23991)
gives me these errors
8 Views
Open in Slack
PreviousNext
Powered by