Kratos flows

4 files changed, 194 insertions, 1 deletions

diff --git a/config/hydra.yml b/config/hydra.yml
new file mode 100644
index 0000000..2e3504e
--- /dev/null
+++ b/config/hydra.yml
@@ -0,0 +1,24 @@
+serve:
+  cookies:
+    same_site_mode: Lax
+
+urls:
+  self:
+    issuer: http://127.0.0.1:4444
+  consent: http://127.0.0.1:5000/account/oauth2/consent
+  login: http://127.0.0.1:5000/account/oauth2/login
+  logout: http://127.0.0.1:5000/account/oauth2/logout
+  error: http://127.0.0.1:5000/account/oauth2/error
+
+secrets:
+  system:
+    - youReallyNeedToChangeThis
+
+oidc:
+  subject_identifiers:
+    supported_types:
+      - pairwise
+      - public
+    pairwise:
+      salt: youReallyNeedToChangeThis
+
diff --git a/config/kratos.yml b/config/kratos.yml
new file mode 100644
index 0000000..7d8ddbe
--- /dev/null
+++ b/config/kratos.yml
@@ -0,0 +1,139 @@
+version: v0.7.1-alpha.1
+
+#dsn: memory
+dsn: "sqlite:///Users/href/dev/styx/priv/kratos.sqlite?_fk=true&mode=rwc"
+
+
+serve:
+  public:
+    base_url: http://127.0.0.1:4433/
+    host: '127.0.0.1'
+    port: 4433
+    cors:
+      enabled: true
+  admin:
+    host: '127.0.0.1'
+    port: 4434
+    base_url: http://kratos:4434/
+
+
+selfservice:
+  default_browser_return_url: http://127.0.0.1:5000/launchpad
+  whitelisted_return_urls:
+    - http://127.0.0.1:5000
+
+  methods:
+    link:
+      enabled: true
+    password:
+      enabled: true
+      config:
+        max_breaches: 0
+        ignore_network_errors: false
+        haveibeenpwned_enabled: true
+    oidc:
+      enabled: true
+      config:
+        providers: []
+    profile:
+      enabled: true
+
+  flows:
+    error:
+      ui_url: http://127.0.0.1:5000/account/error
+
+    settings:
+      ui_url: http://127.0.0.1:5000/account
+      privileged_session_max_age: 15m
+
+    recovery:
+      enabled: true
+      ui_url: http://127.0.0.1:5000/account/recovery
+
+    verification:
+      enabled: true
+      ui_url: http://127.0.0.1:5000/account/verification
+      after:
+        default_browser_return_url: http://127.0.0.1:5000/launchpad
+
+    logout:
+      after:
+        default_browser_return_url: http://127.0.0.1:5000/
+
+    login:
+      ui_url: http://127.0.0.1:5000/login
+      lifespan: 15m
+
+    registration:
+      lifespan: 15m
+      ui_url: http://127.0.0.1:5000/register
+      #before:
+      #  hooks:
+      #    - hook: web_hook
+      #      config:
+      #        url: http://a.aaa
+      #        method: ''
+      #        auth:
+      #          type: api_key
+      #          config:
+      #            name: ''
+      #            value: ''
+      #            in: header
+      #        body: ''
+      after:
+        password:
+          hooks:
+            -
+              hook: session
+        oidc:
+          hooks:
+            - hook: session
+        hooks:
+          - hook: web_hook
+            config:
+              url: http://a.aaa
+              method: ''
+              auth:
+                type: api_key
+                config:
+                  name: ''
+                  value: ''
+                  in: header
+              body: ''
+
+
+
+log:
+  level: debug
+  format: text
+  leak_sensitive_values: true
+
+secrets:
+  cookie:
+    - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
+
+session:
+  cookie:
+    name: 'erlconn_session'
+    persistent: true
+    path: ''
+    same_site: Strict
+    domain: ''
+
+hashers:
+  argon2:
+    parallelism: 1
+    memory: 128MB
+    iterations: 2
+    salt_length: 16
+    key_length: 16
+
+identity:
+  default_schema_url: file:///Users/href/dev/styx/priv/kratos/identity.schema.json
+
+courier:
+  smtp:
+    connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true&legacy_ssl=true
+    from_name: Erlang Connection
+    from_address: accounts@erlang-connection.eu
+  template_override_path: /Users/href/dev/styx/priv/kratos/courier-templates/
diff --git a/config/nginx.conf b/config/nginx.conf
new file mode 100644
index 0000000..d2db15e
--- /dev/null
+++ b/config/nginx.conf
@@ -0,0 +1,17 @@
+server {
+
+    location ~ /(login|register|account|launchpad)/ {
+        proxy_pass http://styx:5000/;
+    }
+
+    location ~ /(oauth2/(auth|revoke|sessions/logout|token)|userinfo|\.well-known/(openid-configuration|jwks\.json))/ {
+      proxy_pass http://hydra:5533/;
+    }
+
+    location /self-service/ {
+      proxy_pass http://kratos:4433;
+    }
+
+    root /my/static/site;
+
+}
diff --git a/config/sys.config b/config/sys.config
index 2eafc5f..60a32cb 100644
--- a/config/sys.config
+++ b/config/sys.config
@@ -1,3 +1,16 @@
 [
-  {styx, []}
+  {kernel, [{logger_level, debug}]},
+  {styx, []},
+  {ory, [
+    {kratos_url, <<"http://127.0.0.1:4433">>},
+    {kratos_admin_url, <<"http://127.0.0.1:4434">>},
+    {hydra_url, <<"http://127.0.0.1:4444">>},
+    {hydra_admin_url, <<"http://127.0.0.1:4445">>}
+  ]},
+  {styx_web, [
+    {site_title, <<"My SSO">>},
+    {background_image_url, <<"https://images.unsplash.com/photo-1456428746267-a1756408f782?ixlib=rb-1.2.1&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=1908&q=80">>},
+    {port, <<"5000">>}
+  ]},
+  {styx_service, [{watch_assets, []}, {hydra, []}, {kratos, []}]}
 ].