https://www.ory.sh/ logo
Join SlackCommunities
Powered by
using professional <https://auth.knoxxa.digital/u...
# ory-network
f
using professional https://auth.knoxxa.digital/ui/welcome <-- all working, great https://test.knoxxa.digital/ <-- php, ory proxy, nginx (as per tutorial) issues are: 1. don't know how to get the token so i can log out (tried all cookie values, and jwts etc..) 2. when logging in, console log shows there is mixed content and form throws error console error: Mixed Content: The page at 'https://test.knoxxa.digital/.ory/ui/settings?flow=8d9dcec5-90fe-4646-86d7-e11d95efb78f' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://test.knoxxa.digital/.ory/self-service/settings?flow=8d9dcec5-90fe-4646-86d7-e11d95efb78f'. This endpoint should be made available over a secure connection.
p
Hey @full-father-97136 In your application the front-end should have a logout URL which you need to generate using the 
/self-service/logout/browser
endpoint. https://www.ory.sh/docs/reference/api#tag/frontend/operation/createBrowserLogoutFlow For the insecure endpoint, I think this is most likely due to the proxy. In production you do not need the Ory tunnel / proxy since you can use the Custom Domain Name instead https://www.ory.sh/docs/guides/custom-domains. This should solve your insecure URL problems.
f
many thnks, will try them both now
for custom domain, am using Ory for *.knoxxa.digital domain: auth.knoxxa.digital cookie domain: knoxxa.digital cors: enabled cors-origin: https://*.knoxxa.digital
p
I see, then you do not need to Ory proxy in production 🙂 Only when testing it locally - since you have a localhost domain instead of knoxxa.digital
f
ok so i just use the PHP directly with no proxy.. will try now
ok is live, however i login on https://auth.knoxxa.digital/ui/welcome ... and if i go to https://test.knoxxa.digital the session is not active
cookie is there however
fixed... had to setHost to the auth.knoxxa.digital
i wonder if it was that all along.
"host" is little misleading...
little confused.. do i need to use javascript to get logout token, or can i use php curl to get it ?
thinking javascript as front end
p
You can initialize the logout flow from your PHP backend using the session cookie and give the logout URL to the browser. I'm assuming the PHP server is also rendering the page, so you could just inject the logout URL into the page. Here is an example of an Express server doing the same https://github.com/ory/kratos-selfservice-ui-node/blob/master/src/routes/welcome.ts#L20-L25
You can also initialize it in the background through javascript using ajax or fetch.
f
merci
function logout() { console.log("logout"); $.getJSON('https://auth.knoxxa.digital/self-service/logout/browser', function(data) { console.log(data); }); }
getting a 401 error
p
You need to include the cookie in the header
Copy code
await fetch(url, {
  credentials: 'include'
})
f
all working, big thanks
🎉 1
function logout() { fetch('https://auth.knoxxa.digital/self-service/logout/browser', { credentials: 'include' }) .then((response) => response.json()) .then((data) => { console.log('Success:', data['logout_url']); window.location.href = data['logout_url'] + "&return_to={ory_return}"; }) .catch((error) => { console.error('Error:', error); }); }
on wiki.js trying oauth.. The request is not allowed. No CSRF value available in the session cookie.
p
Hi @full-father-97136 Could you give some context?
f
that is the message it gives, let me run through quickly so i know we are doing it right, i can then post to wiki.js forum so other people can use
so using OpenID rather than Outh option in Wiki.JS
then in console.org.sh i use in oauth2 clients:
scope: email
client ID, client Secret etc all straight forward
Constent section all straight forward
Oauth2 flows: i selected all of them
response types i selected all of them
Authenication method: HTTP Body
not sure on this one
Backchannel Logout Session Required ? not sure on this one
Frontchannel Logout URI: https://docs.knoxxa.digital
Frontchannel Logout Session Required ? not sure on this one
Backchannel Logout URI ? not sure on this one
Advanced, i didnt put anything
acutally will try: allow cors origin: https://docs.knoxxa.digital
it works now... just it doesnt redirect back to https://docs.knoxxa.digital
after login
p
The oauth client determines where it redirects back to not wiki.js
oh wait, sorry no, the redirect is a configuration value you need to give to your project
the client only determines the callback URL
Now that I think of it, so the wiki.js page (docs.knoxxa.digital) is making the request to Ory for login, this is an OAuth2 flow, so in this case wiki.js is the client. The account experience is doing the IAM + Consent. This should then redirect you back to the client through the callback, wiki.js should then complete the flow to whichever URL you give it. So i guess this configuration is outside of Ory.
f
ok, will post to wiki.js forum
p
Where is it redirecting you to?
f
p
could you send me a DM with a har file showing the flow?
f
is that the wiki.js HAR file
p
i'm guessing your browser is still doing the redirects, so it can record the requests in a har file
f
when a user is logged in, i want to use javascript to a crud rest api with nodejs, express and postgresql.. 1. what variable do i send from the session to the rest api, and what does the rest api do to ensure that it is the user that is requesting?
7 Views
Open in Slack
PreviousNext
Powered by