https://www.ory.sh/ logo
Join Slack
Powered by
Hi, I'm having trouble integrating Kratos and Hydr...
# ory-selfhosting
w
Hi, I'm having trouble integrating Kratos and Hydra when using Docker. When I set my client public host to 
hydra:4444
 (as container name), requests from Kratos to Hydra are successful, but redirections are not (since the browser doesn't recognize 
<http://hydra:4444/>...
On the other hand, when I set the public host to 
localhost:4444
 , redirects are fine but direct requests from Kratos to Hydra are obviously failing with "connection refused" user-facing self-service error. In both cases, the login & consent flow is interrupted. How should I configure docker-compose, kratos and hydra so it would work? I've looked at some references from the past, but for some reason I can't find one with an up to date Kratos configurations file. At least, none of the examples for the integration contains a methods.oidc part in the YML file.
p
Hi @witty-actor-17128 We currently don't have an "out of the box" solution for Kratos and Hydra. But we are working on it. @able-glass-7253 maybe you could point @witty-actor-17128 in the right direction?
a
Hi @witty-actor-17128, I would suggest that you go with the first approach and configure your operating system to resolve the DNS name 
hydra
to the IP 127.0.0.1 (on linux you'd just add a line to 
/etc/hosts
)
w
Thanks, I want to avoid this kind of solution. I actually got it working by using the webfinger section in the configurations file, however the comments doesn't really explain where and how these urls are overriden. In hydra.yml:
Copy code
...
urls:
  self:
    public: <http://hydra:4444>
    issuer: <http://hydra:4444>
  ...

...

webfinger:
  oidc_discovery:
    token_url: <http://hydra:4444/oauth2/token>
    auth_url: <http://localhost:4444/oauth2/auth>
...
In kratos.yml:
Copy code
...
oidc:
      enabled: true
      config:
        providers:
          - id: "hydra"
            mapper_url: file:///etc/config/kratos/oidc.hydra.jsonnet
            issuer_url: <http://hydra:4444/>
            auth_url: <http://hydra:4444/oauth2/auth>
            token_url: <http://hydra:4444/oauth2/token>
            scope:
              - openid offline
            provider: generic
            ...
That works (for some reason)
3 Views
Open in Slack
PreviousNext
Powered by