Preparation
export SECRETS_SYSTEM=`export LC_CTYPE=C; cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`export HYDRA_VERSION=v2.2.0export HYDRA_IMAGE=oryd/hydra:v2.2.0-distrolessexport CONSENT_IMAGE=oryd/hydra-login-consent-node:$HYDRA_VERSIONexport POSTGRESQL_IMAGE=postgres:16.3-alpine
export NETWORK_NAME=hydranetexport POSTGRESQL_NAME=ory-hydra-postgresexport HYDRA_ADMIN=hydra-adminexport HYDRA_PUBLIC=hydra-public
export DSN=postgres://hydra:secret@$POSTGRESQL_NAME:5432/hydra?sslmode=disableCreate network
docker network create $NETWORK_NAMEPostgreSQL
docker run \ --network $NETWORK_NAME \ --name $POSTGRESQL_NAME \ -v ${PWD}/postgres/init.sql:/docker-entrypoint-initdb.d/init.sql \ -e POSTGRES_USER=hydra \ -e POSTGRES_PASSWORD=secret \ -e POSTGRES_DB=hydra \ -d $POSTGRESQL_IMAGEHydra
Prepare Data in DB
docker run -it --rm \ --network $NETWORK_NAME \ $HYDRA_IMAGE \ migrate sql --yes $DSNRun Hydra
Consensus
Let’s have a consensus:
export PUBLIC_PORT=4444export ADMIN_PORT=4445Let’s pull:
docker pull $HYDRA_IMAGEALL IN ONE RUN
Run all in one:
docker run -d \ --name hydra-all \ --network $NETWORK_NAME \ -p $PUBLIC_PORT:4444 \ -p $ADMIN_PORT:4445 \ -e SECRETS_SYSTEM=$SECRETS_SYSTEM \ -e DSN=$DSN \ -e URLS_SELF_ISSUER=https://localhost:4444/ \ -e URLS_CONSENT=http://localhost:9020/consent \ -e URLS_LOGIN=http://localhost:9020/login \ $HYDRA_IMAGE serve allRun Admin and Public separately
Admin
docker run -d \ --name $HYDRA_ADMIN \ --network $NETWORK_NAME \ -p $ADMIN_PORT:4445 \ -e SECRETS_SYSTEM=$SECRETS_SYSTEM \ -e DSN=$DSN \ -e URLS_SELF_ISSUER=https://localhost:4444/ \ -e URLS_CONSENT=http://localhost:9020/consent \ -e URLS_LOGIN=http://localhost:9020/login \ $HYDRA_IMAGE serve adminPublic
docker run -d \ --name $HYDRA_PUBLIC \ --network $NETWORK_NAME \ -p $PUBLIC_PORT:4444 \ -e SECRETS_SYSTEM=$SECRETS_SYSTEM \ -e DSN=$DSN \ -e URLS_SELF_ISSUER=https://localhost:4444/ \ -e URLS_CONSENT=http://localhost:9020/consent \ -e URLS_LOGIN=http://localhost:9020/login \ $HYDRA_IMAGE serve publicHydra Consent UI
Let’s pull
docker pull $CONSENT_IMAGERun it:
docker run -d \ --name hydra-consent \ -p 9020:3000 \ --network $NETWORK_NAME \ -e HYDRA_ADMIN_URL=https://$HYDRA_ADMIN:$ADMIN_PORT \ -e NODE_TLS_REJECT_UNAUTHORIZED=0 \ $CONSENT_IMAGEExample
Let’s make this simple
alias hydra="docker run --rm -it -e HYDRA_ADMIN_URL=https://${HYDRA_ADMIN}:${ADMIN_PORT} --network $NETWORK_NAME ${HYDRA_IMAGE} create --help"Create A Client
hydra create oauth2-client \ -e http://${HYDRA_ADMIN}:${ADMIN_PORT} \ --name "hydra-client-eg" \ --redirect-uri http://127.0.0.1:9010/callback \ --grant-type authorization_code,refresh_token,client_credentials,implicit \ --response-type token,code,id_token \ --scope openid,offline,photos.read \ --skip-tls-verifyGet Client secret and ID. Put them in CLIENT_SECRET and CLIENT_ID accordingly.
Perform authentication
hydra perform client-credentials \ --endpoint http://hydra-public:4444/ \ --client-id "${CLIENT_ID}" \ --client-secret "${CLIENT_SECRET}"Delete All
for i in $(hydra ls oauth2-clients -e http://${HYDRA_ADMIN}:${ADMIN_PORT} --format json | jq -r ".items[].client_id" ) ; do hydra -e http://$HYDRA_ADMIN:$HYDRA_PORT delete oauth2-client $i;doneTroubleshooting
Hydra Help
docker run -it --rm $HYDRA_IMAGE help serveCheck ports
docker container ls --format "table {{.ID}}\t{{.Names}}\t{{.Ports}}" -a