This project is a containerized setup for running ORY Kratos and ORY Hydra locally for development and testing purposes.
- Clone this repository to your local machine.
git clone https://github.com/konstantin-evo/ory-hydra-with-kratos-idp.git
- Navigate to the project directory.
- Starting ORY Kratos
docker-compose -f docker-compose-kratos.yml up -d
- Starting ORY Hydra
docker-compose -f docker-compose-hydra.yml up -d
After running the application, the services will be available on the following ports:
Port | Description |
---|---|
4433 | Kratos public URL |
4434 | Kratos admin URL |
4444 | Hydra public URL |
4445 | Hydra admin URL |
4455 | Kratos UI: Kratos sign up, sign in, logout |
- docker-compose-kratos.yml:
- Sets up services related to ORY Kratos, including migrations and UI.
- Defines volumes for SQLite database and configuration files.
- docker-compose-hydra.yml:
- Sets up services related to ORY Hydra, including migrations and API endpoints.
- Defines volumes for SQLite database and configuration files.
- kratos.yml (inside the
config
folder):
- Configuration file for ORY Kratos service.
- Specifies database connection, cookie settings, identity schemas, SMTP settings, and OAuth2 provider URL.
- hydra.yml (inside the
config
folder):
- Configuration file for ORY Hydra service.
- Specifies database connection, CORS settings, public and admin endpoints, identity schemas, and OAuth2 provider settings.
- identity.schema.json (inside the
config/kratos
folder):
- JSON schema defining the structure of identity data expected by ORY Kratos.
- Includes properties like email with validation rules.
Each configuration file plays a crucial role in setting up and customizing the behavior of the ORY Kratos and ORY Hydra services, including database connections, API endpoints, security settings, and identity schemas. These files are essential for running the project locally and managing user authentication and authorization processes.
All necessary requests are available in the Ory Hydra - Kratos API.postman_collection.json
collection.
Below are a few basic requests along with descriptions to help you get started quickly:
- Create Client in Hydra
This request creates a client in Hydra, allowing you to authenticate and obtain tokens for API access.
- Endpoint: `http://localhost:4445/admin/clients`
- Method: POST
- Headers:
- Content-Type: application/json
- Accept: application/json
- Body:
{
"grant_types": [
"authorization_code",
"refresh_token"
],
"redirect_uris": [
"http://127.0.0.1:8080/callback"
],
"response_types": [
"code",
"id_token"
],
"scope": "openid offline",
"token_endpoint_auth_method": "none"
}
- Authenticate and Get Authorization Code
Redirects to the authorization endpoint to authenticate and obtain an authorization code.
- Endpoint: `http://127.0.0.1:4444/oauth2/auth`
- Method: GET
- Parameters:
- client_id: Your client ID
- redirect_uri: Redirect URI after authentication
- response_type: code
- scope: offline openid
- Headers:
- Accept: application/json
- Exchange Authorization Code for Access Token
Exchanges the obtained authorization code for an access token.
- Endpoint: `http://127.0.0.1:4444/oauth2/token`
- Method: POST
- Headers:
- Content-Type: application/x-www-form-urlencoded
- Accept: application/json
- Body:
grant_type=authorization_code
&client_id=YourClientID
&code=AuthorizationCode
&redirect_uri=http://127.0.0.1:5555/callback
- Introspect Token
Validates and introspects the access token.
- Endpoint: `http://localhost:4445/admin/oauth2/introspect`
- Method: POST
- Headers:
- Content-Type: application/x-www-form-urlencoded
- Accept: application/json
- Body:
token=YourAccessToken
&scope=offline openid
- Create Identity in Kratos
Creates a user identity in Kratos with the specified credentials.
- Endpoint: `http://127.0.0.1:4434/admin/identities`
- Method: POST
- Headers:
- Content-Type: application/json
- Accept: application/json
- Authorization: Bearer YourAPIKey
- Body:
{
"schema_id": "default",
"traits": {
"email": "userName@example.org"
},
"credentials": {
"password": {
"config": {
"hashed_password": "$2a$12$xBWtJ38zTL.5GB661P/MN.PfMrAaWbEwci5y2fUE9bR4dF/GRUxdm"
}
}
}
}
These basic requests cover client setup, authentication, token management, token introspection, and user identity creation in Hydra and Kratos APIs. Adjust the parameters and endpoints as needed for your specific application.