diff options
author | Jordan Bracco <href@random.sh> | 2021-08-06 15:55:35 +0200 |
---|---|---|
committer | Jordan Bracco <href@random.sh> | 2021-08-06 15:55:35 +0200 |
commit | fd639a6f74d3a2c4cdcc18f5191c101cd41f289b (patch) | |
tree | 70697bb7c165197eefdeb60f42fbb71045c8ca59 /config | |
parent | New rebar app (diff) |
Kratos flows
Diffstat (limited to 'config')
-rw-r--r-- | config/hydra.yml | 24 | ||||
-rw-r--r-- | config/kratos.yml | 139 | ||||
-rw-r--r-- | config/nginx.conf | 17 | ||||
-rw-r--r-- | config/sys.config | 15 |
4 files changed, 194 insertions, 1 deletions
diff --git a/config/hydra.yml b/config/hydra.yml new file mode 100644 index 0000000..2e3504e --- /dev/null +++ b/config/hydra.yml @@ -0,0 +1,24 @@ +serve: + cookies: + same_site_mode: Lax + +urls: + self: + issuer: http://127.0.0.1:4444 + consent: http://127.0.0.1:5000/account/oauth2/consent + login: http://127.0.0.1:5000/account/oauth2/login + logout: http://127.0.0.1:5000/account/oauth2/logout + error: http://127.0.0.1:5000/account/oauth2/error + +secrets: + system: + - youReallyNeedToChangeThis + +oidc: + subject_identifiers: + supported_types: + - pairwise + - public + pairwise: + salt: youReallyNeedToChangeThis + diff --git a/config/kratos.yml b/config/kratos.yml new file mode 100644 index 0000000..7d8ddbe --- /dev/null +++ b/config/kratos.yml @@ -0,0 +1,139 @@ +version: v0.7.1-alpha.1 + +#dsn: memory +dsn: "sqlite:///Users/href/dev/styx/priv/kratos.sqlite?_fk=true&mode=rwc" + + +serve: + public: + base_url: http://127.0.0.1:4433/ + host: '127.0.0.1' + port: 4433 + cors: + enabled: true + admin: + host: '127.0.0.1' + port: 4434 + base_url: http://kratos:4434/ + + +selfservice: + default_browser_return_url: http://127.0.0.1:5000/launchpad + whitelisted_return_urls: + - http://127.0.0.1:5000 + + methods: + link: + enabled: true + password: + enabled: true + config: + max_breaches: 0 + ignore_network_errors: false + haveibeenpwned_enabled: true + oidc: + enabled: true + config: + providers: [] + profile: + enabled: true + + flows: + error: + ui_url: http://127.0.0.1:5000/account/error + + settings: + ui_url: http://127.0.0.1:5000/account + privileged_session_max_age: 15m + + recovery: + enabled: true + ui_url: http://127.0.0.1:5000/account/recovery + + verification: + enabled: true + ui_url: http://127.0.0.1:5000/account/verification + after: + default_browser_return_url: http://127.0.0.1:5000/launchpad + + logout: + after: + default_browser_return_url: http://127.0.0.1:5000/ + + login: + ui_url: http://127.0.0.1:5000/login + lifespan: 15m + + registration: + lifespan: 15m + ui_url: http://127.0.0.1:5000/register + #before: + # hooks: + # - hook: web_hook + # config: + # url: http://a.aaa + # method: '' + # auth: + # type: api_key + # config: + # name: '' + # value: '' + # in: header + # body: '' + after: + password: + hooks: + - + hook: session + oidc: + hooks: + - hook: session + hooks: + - hook: web_hook + config: + url: http://a.aaa + method: '' + auth: + type: api_key + config: + name: '' + value: '' + in: header + body: '' + + + +log: + level: debug + format: text + leak_sensitive_values: true + +secrets: + cookie: + - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE + +session: + cookie: + name: 'erlconn_session' + persistent: true + path: '' + same_site: Strict + domain: '' + +hashers: + argon2: + parallelism: 1 + memory: 128MB + iterations: 2 + salt_length: 16 + key_length: 16 + +identity: + default_schema_url: file:///Users/href/dev/styx/priv/kratos/identity.schema.json + +courier: + smtp: + connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true&legacy_ssl=true + from_name: Erlang Connection + from_address: accounts@erlang-connection.eu + template_override_path: /Users/href/dev/styx/priv/kratos/courier-templates/ diff --git a/config/nginx.conf b/config/nginx.conf new file mode 100644 index 0000000..d2db15e --- /dev/null +++ b/config/nginx.conf @@ -0,0 +1,17 @@ +server { + + location ~ /(login|register|account|launchpad)/ { + proxy_pass http://styx:5000/; + } + + location ~ /(oauth2/(auth|revoke|sessions/logout|token)|userinfo|\.well-known/(openid-configuration|jwks\.json))/ { + proxy_pass http://hydra:5533/; + } + + location /self-service/ { + proxy_pass http://kratos:4433; + } + + root /my/static/site; + +} diff --git a/config/sys.config b/config/sys.config index 2eafc5f..60a32cb 100644 --- a/config/sys.config +++ b/config/sys.config @@ -1,3 +1,16 @@ [ - {styx, []} + {kernel, [{logger_level, debug}]}, + {styx, []}, + {ory, [ + {kratos_url, <<"http://127.0.0.1:4433">>}, + {kratos_admin_url, <<"http://127.0.0.1:4434">>}, + {hydra_url, <<"http://127.0.0.1:4444">>}, + {hydra_admin_url, <<"http://127.0.0.1:4445">>} + ]}, + {styx_web, [ + {site_title, <<"My SSO">>}, + {background_image_url, <<"https://images.unsplash.com/photo-1456428746267-a1756408f782?ixlib=rb-1.2.1&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=1908&q=80">>}, + {port, <<"5000">>} + ]}, + {styx_service, [{watch_assets, []}, {hydra, []}, {kratos, []}]} ]. |