https://www.ory.sh/docs/next/hydra/oauth2#oauth-20-scope
A OAuth 2.0 Scope is not a permission:
A permission allows an actor to perform a certain action in a system: Bob is allowed to delete his own photos.
OAuth 2.0 Scope implies that an end-user granted certain privileges to a client: Bob allowed the OAuth 2.0 Client to delete all users.
The OAuth 2.0 Scope can be granted without the end-user actually having the right permissions. In the examples above, Bob granted an OAuth 2.
hydra login consent node
https://github.com/ory/hydra-login-consent-node
When login success, context data be saved .
Can use
GET https://openid.hydra:9002/oauth2/auth/sessions/consent?subject=foo@bar.com HTTP/1.1
check by subject.
routes/login.js hydra.acceptLoginRequest(challenge, { context: { "test1": "test1", "test2": { "test2i": "test2i"} }, Database keep context
Table name: hydra_oauth2_consent_request save context data. Here is Postgresql (pg). ===== Postgresql command ==== 1. Login Postgresql (pg) docker
psql hydra -U hydra
#login pg (already in db cmd)
\dt;
select * from hydra_oauth2_consent_request;
https://github.com/i-core/werther
https://github.com/ory/examples/blob/master/full-stack/docker-compose.yml
Maybe use 5 min quickstart.yml better.
1、use docker-machine create vm get ip: 192.168.99.100
2、deploy
https://www.ory.sh/docs/next/hydra/configure-deploy
docker network create hydraguide docker run \ --network hydraguide \ --name ory-hydra-example--postgres \ -e POSTGRES_USER=hydra \ -e POSTGRES_PASSWORD=secret \ -e POSTGRES_DB=hydra \ -d postgres:9.6 export SECRETS_SYSTEM=this_needs_to_be_the_same_always_and_also_very_$3cuR3-._ export DSN=postgres://hydra:secret@ory-hydra-example--postgres:5432/hydra?sslmode=disable docker pull oryd/hydra:latest docker run -it --rm \ --network hydraguide \ oryd/hydra:latest \ migrate sql --yes $DSN =====creat ssl cert and key====
!!注意!! 產生方式改用 https://sueboy.blogspot.com/2019/08/openssl-self-signed-certificate.html 較為保險,不容易發生 ERR_SSL_VERSION_OR_CIPHER_MISMATCH 錯誤!
create two cert.
https://blog.yorkxin.org/2013/09/30/oauth2-3-endpoints.html
Grant Type
Grant Type 透過 grant_type 參數來指定,其值定義如下:
值 意義
authorization_code 用 Authorization Code 求 Access Token (Authorization Code Grant Flow)。
password 用 Resorce Owner Password Credentials 求 Access Token (Resource Owner Password Credentials Grant Flow)。
client_credentials 用 Client Credentials 求 Access Token (Client Credentials Grant Flow)。
refresh_token 用 Refresh Token 換發 Access Token。
F… Now follow step run, Get level=error msg=“An error occurred” debug=“No CSRF value available in the session cookie” description=“The request is not allowed” error=request_forbidden hint=“You are not allowed to perform this action.”
If you run same broswer and restart docker or clear cookie, do many way. Just try broswer private mode.
Try dex docker or binary failed, it’s be pass.
Hydra docker-compose
1、get https://github.com/ory/hydra docker-compose -f quickstart.yml -f quickstart-postgres.