Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How do we set the redirect_uri #26

Closed
anshudutta opened this issue Oct 17, 2019 · 8 comments
Closed

How do we set the redirect_uri #26

anshudutta opened this issue Oct 17, 2019 · 8 comments

Comments

@anshudutta
Copy link

anshudutta commented Oct 17, 2019
edited
Loading

I have a kubernetes CRD like so

apiVersion: v1
data:
  client_id: Z3JhZmFuYS1vYXV0aDItZXhwZXJpbWVudA==
  client_secret: MTIzNDU2LWV4cGVyaW1lbnQ=
kind: Secret
metadata:
  name: grafana-oauth2-secret
  namespace: hydra
type: Opaque

---
apiVersion: hydra.ory.sh/v1alpha1
kind: OAuth2Client
metadata:
  name: grafana-oauth2-client
  namespace: hydra
spec:
  grantTypes:
    - client_credentials
    - implicit
    - authorization_code
    - refresh_token
  responseTypes:
    - id_token
    - code
    - token
  scope: "grafana"
  secretName: grafana-oauth2-secret

When I query a GET request to the admin server - http://hydra-admin:4445/client, I see two issues

  1. The redirect_uris is null
  2. The client_id, that was passed is set as client_name
{
    "client_id": "e2bd5fa5-9f6d-4773-9334-25310e522a23",
    "client_name": "grafana-oauth2-client",
    "redirect_uris": null,
    "grant_types": [
      "client_credentials",
      "implicit",
      "authorization_code",
      "refresh_token"
    ],
    "response_types": [
      "id_token",
      "code",
      "token"
    ],
    "scope": "grafana",
    "audience": null,
    "owner": "",
    "policy_uri": "",
    "allowed_cors_origins": null,
    "tos_uri": "",
    "client_uri": "",
    "logo_uri": "",
    "contacts": null,
    "client_secret_expires_at": 0,
    "subject_type": "public",
    "token_endpoint_auth_method": "client_secret_basic",
    "userinfo_signed_response_alg": "none",
    "created_at": "2019-10-16T23:12:34Z",
    "updated_at": "2019-10-16T23:12:34Z"
  }

This doesn't work because without setting the redirect_uris, hydra fails validation for oauth-client request

The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed" error=invalid_request hint="The \"redirect_uri\" parameter does not match any of the OAuth 2.0 Client's pre-registered redirect urls

But I could not find any way to set it.
I think the problem is that the current code is designed for grant type client_credentials even though it says that it is designed for all grant types. Because only that grant type doesn't need a redirect_uri
@paulbdavis
Copy link
Contributor

I am having the same issue. By setting a value in the database manually, it makes it work (so far, still working on implementing the whole flow) even without specifying it in the url

@aeneasr
Copy link
Member

aeneasr commented Oct 30, 2019

/cc @jakkab

@paulbdavis paulbdavis mentioned this issue Oct 30, 2019
Closed
@piotrmsc
Copy link
Collaborator

piotrmsc commented Nov 4, 2019
edited
Loading

According to https://github.com/ory/hydra-maester/blob/master/api/v1alpha1/oauth2client_types.go#L35 it's not possible to set redirect_uri and current CRD is designed like you mentioned, for client_credentials only. Other properties of oauth2 client are not presenet as well.
Which obviously is a bug :(

/cc @jakkab @aeneasr

@jakkab
Copy link
Contributor

jakkab commented Nov 5, 2019
edited
Loading

@anshudutta
ad1. As mentioned above, we need to adjust the CRD, PR is coming.
ad2. I've created the resources you provided (secret + oauth2client) on a cluster and everything seems to work just fine. In your case, the registered client should have the following properties:
"client_id":"grafana-oauth2-experiment" (from secret)
"client_name":"" (this field is not populated)
"owner": "grafana-oauth2-client/hydra" (name/namespace of the kubernetes resource that represents this client)
Please make sure you're using the latest release.

@paulbdavis
Copy link
Contributor

I have opened #30 to fix this particular part.

@jakkab @aeneasr I think that the CRD should be filled out and finalized as much as it can as soon as possible, since the CRD is a global resource and there may be many instances of the maester running in different namespaces

@p-bakker
Copy link

p-bakker commented Nov 21, 2019
edited
Loading

As this case is about redirect_urls, which have been implemented by #30 already, should this case be closed and a new one opened to augment the CRD with all the stuff that is missing (see https://www.ory.sh/docs/hydra/sdk/api#schemaoauth2client for everything that can be set on a client)?

@jakkab You said:

ad1. As mentioned above, we need to adjust the CRD, PR is coming.

Is this a PR to augment the CRD with everything a oauth client in Hydra can have, or were you just talking about adding the redirect_urls?

@piotrmsc
Copy link
Collaborator

piotrmsc commented Nov 21, 2019
edited
Loading

Hi @p-bakker , for other properties please create separate issue ;-) PR provided by @paulbdavis added redirect_uris only to crd spec.

@p-bakker p-bakker mentioned this issue Nov 21, 2019
Closed
@p-bakker
Copy link

Created #36

So I think this case can be closed now

@aeneasr aeneasr closed this as completed Nov 21, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@anshudutta @paulbdavis @aeneasr @p-bakker @piotrmsc @jakkab