oAuth2.0 hydra 安裝以及模擬驗證

**

來源於 我的同事分享

使用 Hydra

**
拉取Ory Hydra
$ docker pull oryd/hydra:v1.3.2
$ docker pull mariadb

安裝網絡
#創建網絡
$ docker network create mic_auth

安裝數據庫（任選其一）
安裝 MariaDB（首選）
$ docker run
–network mic_auth
–name ory-hydra-mic–mariadb
-e MYSQL_ROOT_PASSWORD=p@22w0rd
-d
-p 23306:3306
-d mariadb

安裝 PostgreSQL
$ docker run
–network mic_auth
–name ory-hydra-mic–postgres
-e POSTGRES_USER=mic
-e POSTGRES_PASSWORD=p@22w0rd
-e POSTGRES_DB=hydra
-d
-p 15432:5432
postgres:9.6

安裝 MySQL
$ docker run
–network mic_auth
–name ory-hydra-mic–mysql
-e MYSQL_ROOT_PASSWORD=p@22w0rd
-d
-p 13306:3306
-d mysql:5.7

上述命令開啓一個 數據庫的docker 實例, 設置 hydra 數據庫 以及創建一個用戶，用戶名 爲mic ，密碼爲 p@22w0rd。
配置 ORY Hydra

設置密碼

---

$ export SECRETS_SYSTEM=$(export LC_CTYPE=C; cat /dev/urandom | tr -dc ‘a-zA-Z0-9’ | fold -w 32 | head -n 1)

---

$ export SECRETS_SYSTEM=ar3S4Qc56Stnh1uzFPQWVOjo5Yp6eVOQ

The database url points us at the postgres instance. This could also be an ephermal in-memory database (export DSN=memory)

or a MySQL URI.

MySQL URI

#這邊要先創建mic的數據庫

MariaDB

$ export DSN=‘mysql://root:p@22w0rd@tcp(ory-hydra-mic–mariadb:3306)/hydra?max_conns=20&max_idle_conns=4’

Postgres

$ export DSN=postgres://mic:p@22w0rd@ory-hydra-mic–postgres:5432/hydra?sslmode=disable

MySQL

$ export DSN=‘mysql://root:p@22w0rd@tcp(ory-hydra-mic–mysql:3306)/mic?max_conns=20&max_idle_conns=4’

ORY Hydra does not do magic, it requires conscious decisions, for example running SQL migrations which is required

when installing a new version of ORY Hydra, or upgrading an existing installation.

It is the equivalent to hydra migrate sql --yes postgres://hydra:secret@ory-hydra-example--postgres:5432/hydra?sslmode=disable

要進行數據庫的初始化

$ docker run -it --rm
–network mic_auth
oryd/hydra:v1.3.2
migrate sql --yes $DSN

Let’s run the server (settings explained below):

#下面這個要改URLS_SELF_ISSUER,URLS_CONSENT,URLS_LOGIN
$ docker run -d
–name ory-hydra-mic–hydra
–network mic_auth
-p 9000:4444
-p 9001:4445
-e SECRETS_SYSTEM=KaTeX parse error: Undefined control sequence: \ at position 16: SECRETS_SYSTEM \̲ ̲ -e SERVE_PUBL…DSN
-e URLS_SELF_ISSUER=https://localhost:9000/
-e URLS_CONSENT=http://localhost:8080/consent
-e URLS_LOGIN=http://localhost:8080/login
oryd/hydra:v1.3.2 serve all

https://localhost:9000 是hydra 的報告服務端口，如果用postman 測試需要將 ssl驗證關閉
http://localhost:8080/login 是用戶登錄頁面，可以自己編輯一個美觀的網頁。

http://localhost:8080/consent 是授權頁面

And check if it’s running:

$ docker logs ory-hydra-mic–hydra

配置登錄 & 允許 App
$ docker pull oryd/hydra-login-consent-node
$ docker run -d
–name ory-hydra-mic–consent
-p 8080:3000
–network mic_auth
-e HYDRA_ADMIN_URL=https://ory-hydra-mic–hydra:4445
-e NODE_TLS_REJECT_UNAUTHORIZED=0
oryd/hydra-login-consent-node

Let’s check if it’s running ok:

$ docker logs ory-hydra-mic–consent

實現 OAuth 2.0 流程（將客戶的信息註冊到報告服務）

$ docker run --rm -it
-e HYDRA_ADMIN_URL=https://ory-hydra-mic–hydra:4445
–network mic_auth
oryd/hydra:v1.3.2
clients create --skip-tls-verify
–id oauth-test
–name oauth-test
–secret some-secret
–grant-types authorization_code,refresh_token,client_credentials,implicit
–response-types token,code,id_token
–scope openid,offline
–callbacks http://127.0.0.1:9010/callback

$ docker run --rm -it
–network mic_auth
-p 9010:9010
oryd/hydra:v1.3.2
token user --skip-tls-verify
–port 9010
–auth-url https://localhost:9000/oauth2/auth
–token-url https://ory-hydra-mic–hydra:4444/oauth2/token
–client-id oauth-test
–client-secret some-secret
–scope openid,offline

docker 容器執行後的截圖

將自己編輯的用戶註冊網頁，
授權更新網頁，
用戶登錄網頁等產生的信息 與hydra 接口進行交互！
端口訪問的域名是 https://localhost:9000/

https://www.ory.sh/docs/hydra/sdk/api#create-an-oauth-20-client

交互測試結果，靜等更新！