https://www.ory.sh/ logo
Join Slack
Powered by
Hi friends, I'm trying to use an Ory Cloud project...
# ory-network
b
Hi friends, I'm trying to use an Ory Cloud project as an OIDC provider. Is this possible? Can I generate a 
.well-known/openid-configuration
from my Ory Cloud project?
m
Hello Dustuu, you want to offer something like “Login with Ory Cloud” ? so serve OIDC flows? This will be possible once Ory Hydra is integrated, scheduled in Q3 🤞
h
Q3 😛
😅 1
b
I basically want to use Ory Cloud as an aggregator for other login providers. Right now my setup is: -Users sign up / sign in via their social providers -These social providers are handled by Azure Active Directory B2C -Azure B2C provides auth to my website via OIDC So I suppose it could be used to provide something like "Login with <ory cloud project name here>", but that's not really my goal- my goal is just to authenticate to my one app.
h
Then I don’t think you need this endpoint, you would need it if someone else uses your app like a social sign in system. To use ory as an aggregator for login, you would set up social sign in and then just proceed to validate the session :)
b
Unfortunately the technology I'm using (Azure Static Web Apps) only supports OIDC providers for auth: https://docs.microsoft.com/en-us/azure/static-web-apps/authentication-custom?tabs=openid-connect
So it expects a configuration like this:
Copy code
{
  "auth": {
    "identityProviders": {
      "customOpenIdConnectProviders": {
        "myProvider": {
          "registration": {
            "clientIdSettingName": "MY_PROVIDER_CLIENT_ID",
            "clientCredential": {
              "clientSecretSettingName": "MY_PROVIDER_CLIENT_SECRET"
            },
            "openIdConnectConfiguration": {
              "wellKnownOpenIdConfiguration": "https://<PROVIDER_ISSUER_URL>/.well-known/openid-configuration"
            }
          },
          "login": {
            "nameClaimType": "<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name>",
            "scopes": [],
            "loginParameterNames": []
          }
        }
      }
    }
  }
}
h
ok - so you want to sign into Azure’s managed authentication using your Ory Cloud project?
b
Yes!
Not sure if that's possible though 🙂
h
Ah I see - I fear that this is not yet possible using Ory Cloud only, because we are still working to get our OAuth2 product (which you need here) to Ory Cloud. It is currently available in open source: https://github.com/ory/kratos There are a few folks who have managed to get those two working together (ory cloud + ory hydra self-hosted) but it’s no easy feat! Are you bound to azure managed auth? Basically Ory is also a managed auth system 🙂
b
I'm not bound to it actually. Azure static web apps is basically a service that combines a website and API running on azure, plus shared auth for both. But I can also host them independently without the static web apps service, which is something I've been thinking about doing. I think if I made that change, I could use Ory as my auth directly.
Or I suppose I could use just ory self-hosted and not use the cloud version at all 😅
m
I think hackerman meant to post this link: github.com/ory/hydra You can now selfhost Hydra and then migrate to Ory Cloud when it becomes available there. Since its using the same Hydra package you can import your configuration. But if you choose to host independently from azure that will probably be much easier (as in no Hydra needed) Since you mentioned it already has shared auth, what is the reason to add Ory in the first place? Not that I dont think its a good idea, just not very familiar with azure web apps 😄
b
The auth component of azure web apps doesn't really give you any user identity tools, so it's basically limited to just login/logout. That's why I started using Azure B2C on top of it to wrap my identity providers and manage my users. But I was unhappy with a lot of aspects of B2C (plus it's not open source like Ory) so that's why I started looking into alternatives 😅 I think I wanted to move off of the static web apps service anyways in the future, so that's probably what I'll start looking into and I'll come back to Ory once I get that taken care of 🙂 thanks for all the advice!
🙏 1
3 Views
Open in Slack
PreviousNext
Powered by