hundreds-train-83112
05/17/2022, 1:46 PMhundreds-train-83112
05/17/2022, 1:48 PMhundreds-train-83112
05/17/2022, 2:05 PMhundreds-train-83112
05/17/2022, 2:15 PMambitious-solstice-89744
05/17/2022, 2:20 PMhundreds-train-83112
05/17/2022, 2:21 PMhundreds-train-83112
05/17/2022, 2:21 PMambitious-solstice-89744
05/17/2022, 2:24 PMhundreds-train-83112
05/17/2022, 2:24 PMambitious-solstice-89744
05/17/2022, 2:27 PMhundreds-train-83112
05/17/2022, 2:32 PMambitious-solstice-89744
05/17/2022, 2:56 PMhundreds-train-83112
05/17/2022, 3:08 PMory proxy/tunnel
like in the example below because I don't have control over `external.com`:
ory tunnel \
--cookie-domain <http://external.com|external.com> \
<https://app1.external.com/> \
<https://auth.external.com>
hundreds-train-83112
05/17/2022, 3:25 PMory tunnel \
<https://app1.external.com/> \
<https://proxy.mydomain.com>
hundreds-train-83112
05/18/2022, 3:26 PMambitious-solstice-89744
05/18/2022, 3:35 PMhundreds-train-83112
05/18/2022, 3:36 PMhundreds-train-83112
05/18/2022, 3:36 PMdamp-sunset-69236
05/18/2022, 4:48 PMdamp-sunset-69236
05/18/2022, 4:49 PMhundreds-train-83112
05/18/2022, 4:49 PMBefore you start, you need a running Ory Cloud project or a self-hosted version of Ory Kratos, Ory Hydra...
hundreds-train-83112
05/19/2022, 9:55 AMory tunnel
won't work:
• First, I setup my Kratos instance running at https://kratos.my.owned.domain
• Then, I created a tunnel using:
ory tunnel \
--sdk-url <https://krato.my.owned.domain> \
--cookie-domain <http://extenral-platform.com|extenral-platform.com> \
<https://external-platform.com> \
<https://tunnel.my.owned.domain>
• Then I made the tunnel public at https://tunnel.my.owned.domain
• If I initialize the login flow addressing the tunnel:
curl -iH "Accept: application/json" <https://tunnel.my.owned.domain/self-service/login/browser?return_to=https://external-platform.com>
...
set-cookie: csrf_token_cb65a7d7a96218bec508e681e5a5a9471717b874b24ca09bea5be06fc0aa84c9=wAZhlznen6skLI/E+W8pm/PVVBEvVld8MroY1khh0qg=; Path=/; Domain=<http://external-platform.com|external-platform.com>; Max-Age=31536000; HttpOnly; Secure; SameSite=Lax
As you can see the domain in the cookie is "external-platform.com" but the browser agent doesn't store the cookie since it doesn't match the request domaindamp-sunset-69236
05/19/2022, 10:32 AMhundreds-train-83112
05/19/2022, 10:34 AMdamp-sunset-69236
05/19/2022, 10:36 AMhundreds-train-83112
05/19/2022, 10:38 AMhundreds-train-83112
05/19/2022, 10:39 AMdamp-sunset-69236
05/19/2022, 10:49 AMory tunnel \
--sdk-url <https://krato.my.owned.domain> \
--cookie-domain <http://extenral-platform.com|extenral-platform.com> \
<https://external-platform.com> \
<https://tunnel.my.owned.domain>
To make it work you need to request <https://tunnel.external-platform.com>
hundreds-train-83112
05/19/2022, 10:50 AMdamp-sunset-69236
05/19/2022, 10:51 AMdamp-sunset-69236
05/19/2022, 10:53 AMhundreds-train-83112
05/19/2022, 10:56 AMdamp-sunset-69236
05/19/2022, 10:58 AMhundreds-train-83112
05/19/2022, 11:00 AMdamp-sunset-69236
05/19/2022, 11:00 AMdamp-sunset-69236
05/19/2022, 11:01 AMhundreds-train-83112
05/19/2022, 11:02 AMhundreds-train-83112
05/19/2022, 11:03 AMIs it possible to run a backend service on your platform?In the external platform where the game's hosted: no In the cluster where we have Kratos running: yes