https://www.ory.sh/ logo
Join Slack
Powered by
- i am trying to use a standard Ory network projec...
# ory-network
h
• i am trying to use a standard Ory network project with all default settings except Google social sign-in is enabled. • when i have an OpenID client send an authorization request, I get an error, "You are seeing this page because configuration key urls.login is not set". • but in the documentation, it looks like 
urls.login
is configured in the Hydra deployment, which seems like something the Ory servers should handle • and in any case, i don't see an obvious place in the settings to change it am i missing something here? bug in the cloud deployment?
this is an old project that i created a while ago and never used, so maybe some config has gone stale?
when i 
ory get oauth2-config
, there is an entry for 
urls.login
same error if i do 
ory perform authorization-code
as suggested in the documentation
same error with a fresh Ory Network project
🤷‍♂️
w
Hey there Richard! Social sign-in is something that Ory Identities (Kratos) handles, while OAuth2 flows is the Ory OAuth2 & OpenID Connect (Hydra) domain. The integration between these two parts of the system is something we’re currently working on (see the latest announcement by @high-optician-2097) and has just landed in Ory Network very early this morning 🌅 . https://ory-community.slack.com/archives/C010F2N7XR9/p1666854452815349
h
Hi @happy-kangaroo-57071 - we just released the native integration this morning. Can you try again? 🙂 You might need to create a new project to get the example working from this page: https://github.com/ory/hydra#get-started
h
yep, will try again. to be clear, the fresh project i tried was not using social, just a new-out-of-the-box Ory project.
ok, cool, fresh new project works now: • Create project • 
ory create oauth2-client
ory perform authorization-code
• Get a sign in / sign up page, completes authz flow, as expected
h
aesome!
h
... and Social Sign-in as well, after I figured out how to write Jsonnet 🙂
fwiw, it wasn't immediately clear to me from the Social config that I needed to provide Jsonnet, and then my first attempt at Jsonnet was invalid. would be helpful to have a bit more hand-holding in the UI.
h
good point, fyi @busy-agent-44567 @fast-lunch-54279
👀 2
h
ok next challenge 🙂 After succeeding with Google, i tried to connect Ory to an enterprise OIDC provider. • Configured Ory to request "openid" and "email" scopes, and the following basic Jsonnet
Copy code
local claims = std.extVar('claims');

{
  identity: {
    traits: {
      email: claims.email,
    },
  },
}
• Ory successfully talks to the enterprise OIDC provider, but then reports that it did not get an "email" claim (500 "Field does not exist: email") • I confirmed that the enterprise provider provides an "email" claim in UserInfo by running my own OIDC client with the same parameters as I gave Ory
as a general comment, debugging the Jsonnet layer is challenging. it doesn't look like there's a way to see its input, which means you're kind of feeling around in the dark.
h
as a general comment, debugging the Jsonnet layer is challenging. it doesn’t look like there’s a way to see its input, which means you’re kind of feeling around in the dark.
That is true 😞 do you have an ID Token from the enterprise provider I could take a look into? For debugging you could also do:
Copy code
{
  identity: { matadata_admin: { oidc_claims: claims } }
}
which will put the data into the metadata fields
2 Views
Open in Slack
PreviousNext
Powered by