EExcel 丞燕快速查詢2

EExcel 丞燕快速查詢2
EExcel 丞燕快速查詢2 https://sandk.ffbizs.com/

OpenID hydra dex

F... Now follow step run, Get level=error msg="An error occurred" debug="No CSRF value available in the session cookie" description="The request is not allowed" error=request_forbidden hint="You are not allowed to perform this action."

If you run same broswer and restart docker or clear cookie, do many way. Just try broswer private mode.



Try dex docker or binary failed, it's be pass.

Hydra docker-compose

1、get https://github.com/ory/hydra



docker-compose -f quickstart.yml -f quickstart-postgres.yml up --build

注意 quickstart.yml



run docker on host or run binary on host. hydra 5 minutes demo "IP Used" is 127.0.0.1



version: '3'

services:

  hydra:
    image: oryd/hydra:latest
    ports:
      - "4444:4444" # Public port
      - "4445:4445" # Admin port
      - "5555:5555" # Port for hydra token user
    command:
      serve all --dangerous-force-http
    environment:
      - URLS_SELF_ISSUER=http://127.0.0.1:4444
      - URLS_CONSENT=http://127.0.0.1:3000/consent
      - URLS_LOGIN=http://127.0.0.1:3000/login
      - URLS_LOGOUT=http://127.0.0.1:3000/logout
      - DSN=memory
      - SECRETS_SYSTEM=youReallyNeedToChangeThis
      - OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise
      - OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis
    restart: unless-stopped

  consent:
    environment:
      - HYDRA_ADMIN_URL=http://hydra:4445
    image: oryd/hydra-login-consent-node:latest
    ports:
      - "3000:3000"
    restart: unless-stopped


run VM or real server is real ip. Ex: 192.168.99.100 (docker-machine)




version: '3'

services:

  hydra:
    image: oryd/hydra:latest
    ports:
      - "4444:4444" # Public port
      - "4445:4445" # Admin port
      - "5555:5555" # Port for hydra token user
    command:
      serve all --dangerous-force-http
    environment:
      - URLS_SELF_ISSUER=http://192.168.99.100:4444
      - URLS_CONSENT=http://192.168.99.100:3000/consent
      - URLS_LOGIN=http://192.168.99.100:3000/login
      - URLS_LOGOUT=http://192.168.99.100:3000/logout
      - DSN=memory
      - SECRETS_SYSTEM=youReallyNeedToChangeThis
      - OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise
      - OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis
    restart: unless-stopped

  consent:
    environment:
      - HYDRA_ADMIN_URL=http://hydra:4445
    image: oryd/hydra-login-consent-node:latest
    ports:
      - "3000:3000"
    restart: unless-stopped


If have cors problems. see https://github.com/ory/hydra/blob/master/quickstart-cors.yml


Check hydra OpenID startup or not 確認是否正常啟動


http://192.168.99.100:4444/.well-known/jwks.json


Create clients


Download hydra binary.

https://www.ory.sh/docs/next/hydra/install#download-binaries
https://github.com/ory/hydra/releases
https://github.com/ory/hydra/releases/tag/v1.0.0-rc.15

PS: Maybe version renew, so try to get best new.


hydra clients create --endpoint http://192.168.99.100:4445/ --id auth-code-client --secret secret --grant-types authorization_code,refresh_token --response-types code,id_token --scope openid,offline --callbacks http://127.0.0.1:5555/callback

! new version use endpoint, different before auth-url and token-url, But I think you still can use old way... Maybe

! scope "openid,offline" next step must use same. So scope is definend by yourself.

Thanks https://dotblogs.com.tw/liguobao/2018/12/30/132746


Check clients 查看clients


hydra clients list --endpoint http://192.168.99.100:4445


Emu all step OpenID


Fllow website that run command pop website. If no pop, http://127.0.0.1:5555/



hydra token user --client-id auth-code-client --client-secret secret --endpoint http://192.168.99.100:4444 --port 5555 --scope openid,offline

This step will run server on port 5555

! here scope "openid,offline" must same before create.








Get userinfo. Copy Access Token replace string after Bearer



curl -X GET http://192.168.99.100:4444/userinfo -H 'Accept: application/json' -H 'Authorization: Bearer MmadDHs3VdWC7LZTIdBKUHyzgsWHe2XbzHpwjKrF7Rs.tXlg7rShEEbkcczNWJGS84sIvokTF6Ae7bhSQZfHMgA' 

Get json
{"sid":"c7d5665b-76e7-475a-95a8-cc521352663b","sub":"foo@bar.com"}


Modify edit add userinfo info.


https://github.com/ory/hydra-login-consent-node/blob/master/routes/login.js
subject: 'foo@bar.com', -> subject: 'foo@bar.com-success',


This docker test
1. docker ps
2. get oryd/hydra-login-consent-node:v1.0.0-rc.10 containerid
3. docker exec -it containerid /bin/sh
4. vi bin/www change port 3000 - > 3001
5. vi routes/login.js subject: 'foo@bar.com', => subject: 'foo@bar.com--success',
5. node ./bin/www &
6. ps
7. kill old node (be exit container)
8. docker exec -it containerid /bin/sh
9. vi bin/www change port 3001 - > 3000
10. node ./bin/www &
11. kill old node (be exit container)
12. docker exec -it containerid /bin/sh
13. netstat -nlp (check port 3000)


====================
https://mileschou.github.io/auth-notes/src/hydra/user-login-and-consent-flow.html#oauth-2-0-%E8%88%87-open-id-connect
====================
https://dotblogs.com.tw/liguobao/2018/12/30/132746
OAUTH2_ISSUER_URL hydra所在的地址
OAUTH2_CONSENT_URL 授权页面地址
OAUTH2_LOGIN_URL 登录页面地址

XX应用请求授权
-> 跳转到OAUTH2_LOGIN_URL地址
-> 登录成功
->跳转到OAUTH2_CONSENT_URL授权页面
-> 授权成功
->回调XX应用地址并且返回相关授权code/token
-> XX应用使用code/token获取用户信息或者其他操作
標籤 ,