Wstępna implementacja JWT - tak tego nie rób!
This commit is contained in:
parent
6655736a69
commit
4d17cee46c
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
.env
|
@ -9,3 +9,9 @@ Całość oparta do docker.
|
|||||||
Proste zmokowane api oraz krakend config-watcher (restertujący usługę po zmianie pliku konfiguracyjnego). Fajny patent wykorzystujący [Reflex](https://github.com/cespare/reflex).
|
Proste zmokowane api oraz krakend config-watcher (restertujący usługę po zmianie pliku konfiguracyjnego). Fajny patent wykorzystujący [Reflex](https://github.com/cespare/reflex).
|
||||||
|
|
||||||
|
|
||||||
|
- etap2 (JWT)
|
||||||
|
|
||||||
|
Tutaj już będzie deko więcej roboty.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -14,6 +14,43 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- "8000:8080"
|
- "8000:8080"
|
||||||
|
|
||||||
|
hydra-migrate:
|
||||||
|
image: oryd/hydra:v1.8.5
|
||||||
|
environment:
|
||||||
|
- DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
|
||||||
|
command:
|
||||||
|
migrate sql -e --yes
|
||||||
|
restart: on-failure
|
||||||
|
|
||||||
|
hydra:
|
||||||
|
image: oryd/hydra:v1.8.5
|
||||||
|
ports:
|
||||||
|
- "4444:4444" # Public port
|
||||||
|
- "4445:4445" # Admin port
|
||||||
|
- "5555:5555" # Port for hydra token user
|
||||||
|
command:
|
||||||
|
serve all --dangerous-force-http
|
||||||
|
environment:
|
||||||
|
- TRACING_PROVIDER=jaeger
|
||||||
|
- TRACING_PROVIDERS_JAEGER_SAMPLING_SERVER_URL=http://jaeger:5778/sampling
|
||||||
|
- TRACING_PROVIDERS_JAEGER_LOCAL_AGENT_ADDRESS=jaeger:6831
|
||||||
|
- TRACING_PROVIDERS_JAEGER_SAMPLING_TYPE=const
|
||||||
|
- TRACING_PROVIDERS_JAEGER_SAMPLING_VALUE=1
|
||||||
|
- URLS_SELF_ISSUER=http://127.0.0.1:4444
|
||||||
|
- URLS_CONSENT=http://127.0.0.1:3000/consent
|
||||||
|
- URLS_LOGIN=http://127.0.0.1:3000/login
|
||||||
|
- URLS_LOGOUT=http://127.0.0.1:3000/logout
|
||||||
|
- DSN=memory
|
||||||
|
- STRATEGIES_ACCESS_TOKEN=jwt
|
||||||
|
- SECRETS_SYSTEM=dUjs9EV7BuyXUcckKBVrYOdacsggIkna
|
||||||
|
- OIDC_SUBJECT_IDENTIFIERS_SUPPORTED_TYPES=public
|
||||||
|
- OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT=dUjs9EV7BuyXUcckKBVrYOdacsggIkna
|
||||||
|
- SERVE_COOKIES_SAME_SITE_MODE=Lax
|
||||||
|
- DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
|
||||||
|
restart: unless-stopped
|
||||||
|
depends_on:
|
||||||
|
- hydra-migrate
|
||||||
|
|
||||||
kraken:
|
kraken:
|
||||||
image: devopsfaith/krakend:config-watcher
|
image: devopsfaith/krakend:config-watcher
|
||||||
volumes:
|
volumes:
|
||||||
|
@ -73,6 +73,23 @@
|
|||||||
"sequential": true
|
"sequential": true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"endpoint": "/jwt_access",
|
||||||
|
"backend": [
|
||||||
|
{
|
||||||
|
"url_pattern": "/users/1.json"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"extra_config": {
|
||||||
|
"github.com/devopsfaith/krakend-jose/validator": {
|
||||||
|
"alg": "RS256",
|
||||||
|
"issuer": "http://127.0.0.1:4444/",
|
||||||
|
"jwk-url": "http://hydra:4444/.well-known/jwks.json",
|
||||||
|
"disable_jwk_security": true
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user