https://www.ory.sh/ logo
Join Slack
Powered by
Hey everyone, I am have trouble getting the ory_kr...
# talk-kratos
h
Hey everyone, I am have trouble getting the ory_kratos_session cookie when being redirected from selfservice-ui-node, I do not see it in my request headers in chrome. I have put my tld with session.cookie.domain in my kratos.yml and also have cors enabled. I am self-hosting kratos with docker. Is there something I am missing?
p
@high-soccer-36695 Are you hosting Kratos and the selfservice-ui-node application under the same domain?
h
Yes I believe so weirdly enough I can get the cookies under the application tab but there is nothing in request header
My docker compose file looks like this
Copy code
kratos:
    image: oryd/kratos:v0.10.1
    links:
      - postgres-kratos:postgres-kratos
    environment:
      - DSN=<postgres://kratos:secret@postgres-kratos:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4>
    ports:
      - '127.0.0.1:4433:4433'
      - '127.0.0.1:4434:4434'
    volumes:
      - type: bind
        source: ./Ory/kratos
        target: /etc/config/kratos
    command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier

  kratos-selfservice-ui-node:
    image: oryd/kratos-selfservice-ui-node:latest
    environment:
      - KRATOS_PUBLIC_URL=<http://kratos.openfoodfacts.localhost:4433/>
      - KRATOS_BROWSER_URL=<http://kratos.openfoodfacts.localhost:4433/>
    ports:
      - '127.0.0.1:4455:3000'
    restart: on-failure
And my configuration file
Copy code
version: v0.10.1

dsn: memory

serve:
  public:
    base_url: <http://kratos.openfoodfacts.localhost:4433/>
    cors:
      enabled: true
      allowed_origins:
        - <http://world.openfoodfacts.localhost/>
        - http://*.openfoodfacts.localhost/
      allowed_methods:
        - POST
        - GET
        - PUT
        - PATCH
        - DELETE
      allowed_headers:
        - Authorization
        - Cookie
        - Content-Type
      exposed_headers:
        - Content-Type
        - Set-Cookie
  admin:
    base_url: <http://kratos.openfoodfacts.localhost:4434/>

selfservice:
  default_browser_return_url: <http://kratos.openfoodfacts.localhost/cgi/kratos_auth.pl>
  allowed_return_urls:
    - <http://world.openfoodfacts.localhost/>
    - <http://kratos.openfoodfacts.localhost/cgi/kratos_auth.pl>

  methods:
    password:
      enabled: true

  flows:
    error:
      ui_url: <http://kratos.openfoodfacts.localhost:4455/error>

    settings:
      ui_url: <http://kratos.openfoodfacts.localhost:4455/settings>
      privileged_session_max_age: 15m

    recovery:
      enabled: true
      ui_url: <http://kratos.openfoodfacts.localhost:4455/recovery>

    verification:
      enabled: true
      ui_url: <http://kratos.openfoodfacts.localhost:4455/verification>
      after:
        default_browser_return_url: <http://kratos.openfoodfacts.localhost:4455/>

    logout:
      after:
        default_browser_return_url: <http://kratos.openfoodfacts.localhost:4455/login>

    login:
      ui_url: <http://kratos.openfoodfacts.localhost:4455/login>
      lifespan: 10m

    registration:
      lifespan: 10m
      ui_url: <http://kratos.openfoodfacts.localhost:4455/registration>
      after:
        password:
          hooks:
            - hook: session

log:
  level: debug
  format: text
  leak_sensitive_values: true

secrets:
  cookie:
    - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
  cipher:
    - 32-LONG-SECRET-NOT-SECURE-AT-ALL

session:
  cookie:
    domain: openfoodfacts.localhost

cookies:
  domain: openfoodfacts.localhost

ciphers:
  algorithm: xchacha20-poly1305

hashers:
  algorithm: bcrypt
  bcrypt:
    cost: 8

identity:
  default_schema_id: default
  schemas:
    - id: default
      url: file:///etc/config/kratos/identity.schema.json

courier:
  smtp:
    connection_uri: <smtps://test:test@mailslurper:1025/?skip_ssl_verify=true>
p
I think it is possible kratos-selfservice-ui-node is not including the cookie client side. Try remove 
KRATOS_BROWSER_URL
environment variable
h
Hey @proud-plumber-24205 this didn't work, and caused none of the ui pages to work without changing the pages to kratos, I want them to stay kratos.openfoodfacts.localhost . In my application tab the domain is correct, what would be causing it not to show up in the header?
p
Which URL are you visiting after removing the 
KRATOS_BROWSER_URL
. I think you only need 
KRATOS_PUBLIC_URL
. So you can sign in using this flow, but going back to the NodeJs app doesn't indicate you have a session? Could you show me the request? Browser -> Nodejs (:4455) -> Login Flow Init (redirect) -> Kratos (:4433) -> Redirect back to NodeJs (:4455) 
/login?flow=
h
The nodejs app is fine for showing that I have a session, and the header is fine there. After the login flow for example I want to be redirected to kratos.openfoodfacts.localhost/cgi/kratos_auth.pl, I am redirected here... the problem is the cookie is not showing up in the request header here.
Here is nodejs app it is good
I go to kratos.openfoodfacts.localhost/cgi/kratos_auth.yml there is no request header
If I remove KRATOS_BROWSER_URL, the http://kratos.openfoodfacts.localhost:4455/welcome welcome UI is fine but if I go to any of the other pages it says the site cant be reached
p
ah i thought the problem was with the nodejs app... Okay so the cookie isn't passed along when you visit another page 
kratos.openfoodfacts.localhost/cgi/kratos_auth.pl
Quite strange... maybe there is a setting missing on the service that is hosting this page, such as accepting the cookie header?
h
I am thinking maybe so, as I have went through all docs on cookies. I'll ask my mentors about this. Thank you for all your help
91 Views
Open in Slack
PreviousNext
Powered by