OpenID hydra

https://www.ory.sh/docs/next/hydra/oauth2#oauth-20-scope A OAuth 2.0 Scope is not a permission: A permission allows an actor to perform a certain action in a system: Bob is allowed to delete his own photos. OAuth 2.0 Scope implies that an end-user granted certain privileges to a client: Bob allowed the OAuth 2.0 Client to delete all users. The OAuth 2.0 Scope can be granted without the end-user actually having the right permissions. In the examples above, Bob granted an OAuth 2.

繼續閱讀

hydra login consent node https://github.com/ory/hydra-login-consent-node When login success, context data be saved . Can use GET https://openid.hydra:9002/oauth2/auth/sessions/consent?subject=foo@bar.com HTTP/1.1 check by subject. routes/login.js hydra.acceptLoginRequest(challenge, { context: { "test1": "test1", "test2": { "test2i": "test2i"} }, Database keep context Table name: hydra_oauth2_consent_request save context data. Here is Postgresql (pg). ===== Postgresql command ==== 1. Login Postgresql (pg) docker psql hydra -U hydra #login pg (already in db cmd) \dt; select * from hydra_oauth2_consent_request;

繼續閱讀

1、use docker-machine create vm get ip: 192.168.99.100 2、deploy https://www.ory.sh/docs/next/hydra/configure-deploy docker network create hydraguide docker run \ --network hydraguide \ --name ory-hydra-example--postgres \ -e POSTGRES_USER=hydra \ -e POSTGRES_PASSWORD=secret \ -e POSTGRES_DB=hydra \ -d postgres:9.6 export SECRETS_SYSTEM=this_needs_to_be_the_same_always_and_also_very_$3cuR3-._ export DSN=postgres://hydra:secret@ory-hydra-example--postgres:5432/hydra?sslmode=disable docker pull oryd/hydra:latest docker run -it --rm \ --network hydraguide \ oryd/hydra:latest \ migrate sql --yes $DSN =====creat ssl cert and key==== !!注意!! 產生方式改用 https://sueboy.blogspot.com/2019/08/openssl-self-signed-certificate.html 較為保險,不容易發生 ERR_SSL_VERSION_OR_CIPHER_MISMATCH 錯誤! create two cert.

繼續閱讀

OpenID grant_type

https://blog.yorkxin.org/2013/09/30/oauth2-3-endpoints.html Grant Type Grant Type 透過 grant_type 參數來指定,其值定義如下: 值 意義 authorization_code 用 Authorization Code 求 Access Token (Authorization Code Grant Flow)。 password 用 Resorce Owner Password Credentials 求 Access Token (Resource Owner Password Credentials Grant Flow)。 client_credentials 用 Client Credentials 求 Access Token (Client Credentials Grant Flow)。 refresh_token 用 Refresh Token 換發 Access Token。

繼續閱讀

OpenID hydra dex

F… Now follow step run, Get level=error msg=“An error occurred” debug=“No CSRF value available in the session cookie” description=“The request is not allowed” error=request_forbidden hint=“You are not allowed to perform this action.” If you run same broswer and restart docker or clear cookie, do many way. Just try broswer private mode. Try dex docker or binary failed, it’s be pass. Hydra docker-compose 1、get https://github.com/ory/hydra docker-compose -f quickstart.yml -f quickstart-postgres.

繼續閱讀

作者的圖片

Sue boy

Sueboy Can support You

CIO

Taiwan