OpenID

https://github.com/ory/examples/blob/master/full-stack/docker-compose.yml Maybe use 5 min quickstart.yml better.

1、use docker-machine create vm get ip: 192.168.99.100 2、deploy https://www.ory.sh/docs/next/hydra/configure-deploy docker network create hydraguide docker run \ --network hydraguide \ --name ory-hydra-example--postgres \ -e POSTGRES_USER=hydra \ -e POSTGRES_PASSWORD=secret \ -e POSTGRES_DB=hydra \ -d postgres:9.6 export SECRETS_SYSTEM=this_needs_to_be_the_same_always_and_also_very_$3cuR3-._ export DSN=postgres://hydra:secret@ory-hydra-example--postgres:5432/hydra?sslmode=disable docker pull oryd/hydra:latest docker run -it --rm \ --network hydraguide \ oryd/hydra:latest \ migrate sql --yes $DSN =====creat ssl cert and key==== ！！注意！！ 產生方式改用 https://sueboy.blogspot.com/2019/08/openssl-self-signed-certificate.html 較為保險，不容易發生 ERR_SSL_VERSION_OR_CIPHER_MISMATCH 錯誤！ create two cert. 1. t.tt 2. openid.hydra In vm openssl genrsa -out t.tt.key 2048 openssl ecparam -genkey -name secp384r1 -out t.tt.key openssl req -new -x509 -sha256 -key t.tt.key -out t.tt.crt -days 3650 Important!! t.tt.crt step: Common Name (e.g. server FQDN or YOUR name) []: t.tt openssl genrsa -out openid.hydra.key 2048 openssl ecparam -genkey -name secp384r1 -out openid.hydra.key openssl req -new -x509 -sha256 -key openid.hydra.key -out openid.hydra.crt -days 3650 Important!! openid.hydra.crt step: Common Name (e.g. server FQDN or YOUR name) []: openid.hydra Use openid.hydra.key and openid.hydra.crt to base64 code https://www.base64encode.org/ ...

https://blog.yorkxin.org/2013/09/30/oauth2-3-endpoints.html Grant Type Grant Type 透過 grant_type 參數來指定，其值定義如下： 值 意義 authorization_code 用 Authorization Code 求 Access Token (Authorization Code Grant Flow)。 password 用 Resorce Owner Password Credentials 求 Access Token (Resource Owner Password Credentials Grant Flow)。 client_credentials 用 Client Credentials 求 Access Token (Client Credentials Grant Flow)。 refresh_token 用 Refresh Token 換發 Access Token。

F… Now follow step run, Get level=error msg=“An error occurred” debug=“No CSRF value available in the session cookie” description=“The request is not allowed” error=request_forbidden hint=“You are not allowed to perform this action.” If you run same broswer and restart docker or clear cookie, do many way. Just try broswer private mode. Try dex docker or binary failed, it’s be pass. Hydra docker-compose 1、get https://github.com/ory/hydra docker-compose -f quickstart.yml -f quickstart-postgres.yml up --build 注意 quickstart.yml run docker on host or run binary on host. hydra 5 minutes demo “IP Used” is 127.0.0.1 version: '3' services: hydra: image: oryd/hydra:latest ports: - "4444:4444" # Public port - "4445:4445" # Admin port - "5555:5555" # Port for hydra token user command: serve all --dangerous-force-http environment: - URLS_SELF_ISSUER=http://127.0.0.1:4444 - URLS_CONSENT=http://127.0.0.1:3000/consent - URLS_LOGIN=http://127.0.0.1:3000/login - URLS_LOGOUT=http://127.0.0.1:3000/logout - DSN=memory - SECRETS_SYSTEM=youReallyNeedToChangeThis - OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise - OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis restart: unless-stopped consent: environment: - HYDRA_ADMIN_URL=http://hydra:4445 image: oryd/hydra-login-consent-node:latest ports: - "3000:3000" restart: unless-stopped run VM or real server is real ip. Ex: 192.168.99.100 (docker-machine) version: '3' services: hydra: image: oryd/hydra:latest ports: - "4444:4444" # Public port - "4445:4445" # Admin port - "5555:5555" # Port for hydra token user command: serve all --dangerous-force-http environment: - URLS_SELF_ISSUER=http://192.168.99.100:4444 - URLS_CONSENT=http://192.168.99.100:3000/consent - URLS_LOGIN=http://192.168.99.100:3000/login - URLS_LOGOUT=http://192.168.99.100:3000/logout - DSN=memory - SECRETS_SYSTEM=youReallyNeedToChangeThis - OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise - OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis restart: unless-stopped consent: environment: - HYDRA_ADMIN_URL=http://hydra:4445 image: oryd/hydra-login-consent-node:latest ports: - "3000:3000" restart: unless-stopped If have cors problems. see https://github.com/ory/hydra/blob/master/quickstart-cors.yml ...