Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Dr. Doofenshmirtz
    @noelukwa_twitter
    @cainlevy i fixed it.. i had a middleware somewhere logging errors..
    @cainlevy i am trying to get a full grasp of authn.. from the documentation.. authn should handle every thing about authentication.. so the only thing i should use for user validation on my backend is the token from authn. with i get with 'subjectfrom' ..
    or am i missing something?
    like how do i validate the user is authenticated ..
    Lance Ivy
    @cainlevy
    @noelukwa_twitter you've got it! the access token is their session, and you get their account id from there. if you're familiar with ruby on the backend then these examples might help: https://github.com/keratin/authn-rb/#example-sessions
    Dr. Doofenshmirtz
    @noelukwa_twitter
    i am using go
    Dr. Doofenshmirtz
    @noelukwa_twitter
    @cainlevy one final issue.. i am trying to open my api to other clients.. i am using ory/hydra to do the authorization.. but my api is protected with authn.. how do i connect hydra to get valid tokens from authn-server
    Dr. Doofenshmirtz
    @noelukwa_twitter
    i want user to be able to login with their credentials..
    and also third parties to be able to use my site on behalf of the user
    Dr. Doofenshmirtz
    @noelukwa_twitter
    @cainlevy
    Lance Ivy
    @cainlevy

    @noelukwa_twitter oh i'm very interested in your experience here! i've discussed ory/hydra with another authn user but my knowledge is only hypothetical.

    at present, i think you need to build your /login and /consent pages in your application. the login page should follow the normal login guide (https://keratin.github.io/authn-server/#/guide-implementing_login) and the consent page should follow normal session requirements.

    Dr. Doofenshmirtz
    @noelukwa_twitter
    i understand.. what i want to know is.. now my server will be protected by hydra
    how about those that log in with authn
    Lance Ivy
    @cainlevy
    hmm, is there a reason your app couldn't accept both hydra and authn tokens?
    feel free to DM me if there's more relevant detail
    Dr. Doofenshmirtz
    @noelukwa_twitter
    i am trying to figure out a way to check, if a request has either a valid authn token or a valid hydra token.. if none then return unauthorised error.
    Dr. Doofenshmirtz
    @noelukwa_twitter
    hello
    ????
    @cainlevy
    Lance Ivy
    @cainlevy
    yep, i've responded to your DM
    Matteo Poli
    @Urion_gitlab
    Hello, I have trouble setting up the auth server with keratin. I have created a docker-compose file similar to the one you can find on the keratin official repo. If I try to POST on http://localhost:8765/accounts with the correct json (username and password) keratin server return 422 error saying that username and password are missing.
    Lance Ivy
    @cainlevy
    Hmm, could you include an example of your POST?
    Matteo Poli
    @Urion_gitlab
    For sure
    curl --location --request POST 'http://localhost:8765/accounts' \ --header 'Content-Type: application/json' \ --header 'Origin: http://localhost:8765' \ --data-raw '{ "username": "Username", "password": "Password" }'
    I have some problems at the moment. For example, I can't find a guide on how to create database tables for keratin. Also, I tried to add "USERNAME_IS_EMAIL=true" in my .env file, inside the folder where I ran my docker compose. But It does not work
    version: '3'
    services:
      postgres:
        container_name: postgres_container
        image: postgres
        environment:
          POSTGRES_USER: ${POSTGRES_USER:-postgres}
          POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
          PGDATA: /data/postgres
        volumes:
          - postgres:/data/postgres
        ports:
          - "5432:5432"
        restart: unless-stopped
    
      redis:
        image: redis
    
      keratin:
        image: keratin/authn-server:latest
        ports:
          - "8765:3000"
        environment:
          DATABASE_URL: postgres://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@postgres:5432/${POSTGRES_DB_NAME:-selfood}?sslmode=disable
          REDIS_URL: redis://redis:6379/0
          AUTHN_URL: http://authn:3000
          APP_DOMAINS: localhost
          SECRET_KEY_BASE: abcdef
        env_file:
          - .env
        depends_on:
          - redis
          - postgres
        healthcheck:
            test: ["CMD", "curl", "-f", "http://localhost:5432"]
            interval: 30s
            timeout: 10s
            retries: 5
    
    volumes:
      postgres:
    And this is my docker-compose file
    Matteo Poli
    @Urion_gitlab
    @cainlevy
    Lance Ivy
    @cainlevy

    @Urion_gitlab my apologies, I was away for a couple days.

    Also, I tried to add "USERNAME_IS_EMAIL=true" in my .env file, inside the folder where I ran my docker compose. But It does not work

    I know this one well enough. Docker will read a .env file but you must still tell it which ones to pass through to a container. Try adding - USERNAME_IS_EMAIL (with no value) inside the docker-compose.yml > services > keratin > environment stanza.

    edit: Actually I just noticed your env_file configuration. I haven't used that before, so I'm not sure if it has the same behavior that I'm describing. More here: https://docs.docker.com/compose/env-file/

    I can't find a guide on how to create database tables for keratin.

    Thanks for the feedback! I'll make a note on that. Meanwhile, what you need to do is create the database you want AuthN to use, then execute AuthN with the migrate command. With Docker Compose that might look like:

    docker-compose run --rm keratin ./authn migrate
    Lance Ivy
    @cainlevy
    @Urion_gitlab Ah-hah! AuthN isn't parsing the JSON body. This curl works:
    curl --location --header 'Origin: http://localhost:8765' \
        --request POST 'http://localhost:8765/accounts' \
        -F 'username=Username' \
        -F 'password=Password'
    Lance Ivy
    @cainlevy
    Matteo Poli
    @Urion_gitlab
    @cainlevy This means that I have to create a sql script?
    Matteo Poli
    @Urion_gitlab
    I can see from the logs that I've to create a specific database to make keratin works
    Also, I tried the GET /accounts/available passing as Content-Type application/json and it works correctly
    Lance Ivy
    @cainlevy
    @Urion_gitlab You do need to create the database that you want AuthN to connect to, yes.
    Did the GET /accounts/available use a query string? The content type be ignored.
    Matteo Poli
    @Urion_gitlab
    Nope, I tried it with a json
    curl --location --request GET 'http://localhost:8765/accounts/available' \ --header 'Content-Type: application/json' \ --header 'Origin: http://localhost:8765' \ --data-raw '{ "username": "MatteoAho" }'
    this curl works correctly
    Matteo Poli
    @Urion_gitlab
    @cainlevy Also, i tried the POST api to create the account as you said before. It works but, I can create the same account few and few times
    image.png
    Am I wrong? Have I to create some config?
    Dr. Doofenshmirtz
    @noelukwa_twitter
    @cainlevy hello, please who has used authn on kubernetes before?

    i am trying to do this but its not working ```
    env:

            - name: DATABASE_URL
              value: mysql://root:uchechukwu@${mysql-db}:3306/authn

    ```

    please help
    Lance Ivy
    @cainlevy

    @Urion_gitlab I'm not sure how I missed your last question! I'll check my Gitter notification settings.

    You shouldn't require config to have unique usernames. What database is that?

    @noelukwa_twitter I know some folks have used Kubernetes but I haven't stayed in touch. Are you getting a descriptive error?
    Dr. Doofenshmirtz
    @noelukwa_twitter
    @cainlevy i am trying to attach the db url to the container in kubernetes but its not starting up... perhaps if there was a way to just specify db name, db pass, db user.. and let the container create the url
    Lance Ivy
    @cainlevy
    Separate fields would require the same information. Are you worried about the interpolation? Is there any information in the starting logs?