https://www.ory.sh/ logo
Join Slack
Powered by
Hi, I'm having trouble integrating Kratos and Hydr...
# talk-hydra
w
Hi, I'm having trouble integrating Kratos and Hydra when using Docker. When I set my client public host to 
hydra:4444
(as container name), requests from Kratos to Hydra are successful, but redirections are not (since the browser doesn't recognize 
<http://hydra:4444/>...
On the other hand, when I set the public host to 
localhost:4444
, redirects are fine but direct requests from Kratos to Hydra are obviously failing with "connection refused" user-facing self-service error. In both cases, the login & consent flow is interrupted. How should I configure docker-compose, kratos and hydra so it would work? I've looked at some references from the past, but for some reason I can't find one with an up to date Kratos configurations file. At least, none of the examples for the integration contains a methods.oidc part in the YML file.
l
You should use a hostname/IP that can be reached from all clients. if you are running the docker containers on your local machine, you could use your local op address (but not 127.0.0.1). On top of that you could add an entry to your hosts file where you map a domain like "hydra.test" to your local ip. But of course this is only for local testing scenarios - not for production.
r
You probably also want something like:
Copy code
ports:
  - 4444:4444
  - 4445:4445
On the hydra service to expose the port on “your” laptop.
(In your compose yaml)
w
@late-france-48187 I want to avoid using explicit IP addresses in my configurations. @red-machine-69654 the ports are exposed, the problem is with the hostname which can't be resolved correctly I've managed to solve the issue by overriding the urls with the 'webfinger' section in the configurations file The documentation is clearly lacking a lot of essential information about the way Hydra uses the configurations, I got it working by playing around and guessing.
r
We use nip.io and Traefik locally to have pretty urls. The ports are messy and confusing. What exactly did you have to trial and error?
w
Having a hydra.yml like that:
Copy code
...
urls:
  self:
    public: <http://hydra:4444>
    issuer: <http://hydra:4444>
  ...

...

webfinger:
  oidc_discovery:
    token_url: <http://hydra:4444/oauth2/token>
    auth_url: <http://localhost:4444/oauth2/auth>
...
Solved the issue. It was trial and error because the documentation only states that this webfinger section overrides the urls, but doesn't elaborate on that (why, when, where). However it solved my problem - redirections use localhost:4444, so they are resolved in the browser, and Kratos still uses hydra:4444 for direct requests, so they are resolved as well.
Open in Slack
PreviousNext
Powered by