Wstępna implementacja JWT - tak tego nie rób!
This commit is contained in:
parent
6655736a69
commit
4d17cee46c
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
.env
|
@ -9,3 +9,9 @@ Całość oparta do docker.
|
||||
Proste zmokowane api oraz krakend config-watcher (restertujący usługę po zmianie pliku konfiguracyjnego). Fajny patent wykorzystujący [Reflex](https://github.com/cespare/reflex).
|
||||
|
||||
|
||||
- etap2 (JWT)
|
||||
|
||||
Tutaj już będzie deko więcej roboty.
|
||||
|
||||
|
||||
|
||||
|
@ -13,6 +13,43 @@ services:
|
||||
- ./api-mocks:/opt/lwan/wwwroot
|
||||
ports:
|
||||
- "8000:8080"
|
||||
|
||||
hydra-migrate:
|
||||
image: oryd/hydra:v1.8.5
|
||||
environment:
|
||||
- DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
|
||||
command:
|
||||
migrate sql -e --yes
|
||||
restart: on-failure
|
||||
|
||||
hydra:
|
||||
image: oryd/hydra:v1.8.5
|
||||
ports:
|
||||
- "4444:4444" # Public port
|
||||
- "4445:4445" # Admin port
|
||||
- "5555:5555" # Port for hydra token user
|
||||
command:
|
||||
serve all --dangerous-force-http
|
||||
environment:
|
||||
- TRACING_PROVIDER=jaeger
|
||||
- TRACING_PROVIDERS_JAEGER_SAMPLING_SERVER_URL=http://jaeger:5778/sampling
|
||||
- TRACING_PROVIDERS_JAEGER_LOCAL_AGENT_ADDRESS=jaeger:6831
|
||||
- TRACING_PROVIDERS_JAEGER_SAMPLING_TYPE=const
|
||||
- TRACING_PROVIDERS_JAEGER_SAMPLING_VALUE=1
|
||||
- URLS_SELF_ISSUER=http://127.0.0.1:4444
|
||||
- URLS_CONSENT=http://127.0.0.1:3000/consent
|
||||
- URLS_LOGIN=http://127.0.0.1:3000/login
|
||||
- URLS_LOGOUT=http://127.0.0.1:3000/logout
|
||||
- DSN=memory
|
||||
- STRATEGIES_ACCESS_TOKEN=jwt
|
||||
- SECRETS_SYSTEM=dUjs9EV7BuyXUcckKBVrYOdacsggIkna
|
||||
- OIDC_SUBJECT_IDENTIFIERS_SUPPORTED_TYPES=public
|
||||
- OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT=dUjs9EV7BuyXUcckKBVrYOdacsggIkna
|
||||
- SERVE_COOKIES_SAME_SITE_MODE=Lax
|
||||
- DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- hydra-migrate
|
||||
|
||||
kraken:
|
||||
image: devopsfaith/krakend:config-watcher
|
||||
|
@ -73,6 +73,23 @@
|
||||
"sequential": true
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"endpoint": "/jwt_access",
|
||||
"backend": [
|
||||
{
|
||||
"url_pattern": "/users/1.json"
|
||||
}
|
||||
],
|
||||
"extra_config": {
|
||||
"github.com/devopsfaith/krakend-jose/validator": {
|
||||
"alg": "RS256",
|
||||
"issuer": "http://127.0.0.1:4444/",
|
||||
"jwk-url": "http://hydra:4444/.well-known/jwks.json",
|
||||
"disable_jwk_security": true
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user