OAuth2 Server and Client in Same Docker Network





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I am trying to run a test OAuth2 client in the same Docker network as an OAuth2 server. The idea is to allow the testing of the entire application without having to run an external OAuth2 client.



The issue I am having is that the OAuth2 server endpoint that is passed to the OAuth2 client is only available outside the Docker network on my local machine (I am using a simple nginx proxy in order to handle this, see below). So when the client attempts to get the token when the callback is called, it can't resolve the hostname (since "localhost" in the context of the client container refers to the local network of that container, but "localhost" on my browser refers to the Docker network itself). Ideally, I would like to keep using nginx as a proxy for nicer hostnames during development.



To clarify, this is currently how the process works:




  1. User visits app.localhost in their browser

  2. User is redirected to auth.localhost to attempt a login

  3. User enters their credentials, the user is redirected to the callback

  4. The callback errors, since it cannot properly get the access token from auth.localhost


Here is my docker-compose, with irrelevant parts removed for brevity:



version: '3'
services:
hydra:
image: oryd/hydra:v1.0.0-beta.9
depends_on:
- hydra-migrate
command:
serve all --dangerous-force-http
environment:
- OAUTH2_ISSUER_URL=http://auth.localhost/
- OAUTH2_CONSENT_URL=http://auth.localhost/consent
- OAUTH2_LOGIN_URL=http://auth.localhost/auth/login
- DATABASE_URL=postgres://hydra@postgres:5432/hydra?sslmode=disable
- SYSTEM_SECRET=youReallyNeedToChangeThis
- OAUTH2_SHARE_ERROR_DEBUG=1
- OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise
- OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis

nginx:
image: nginx
ports:
- "80:80"
volumes:
- ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- hydra
- oauth2-test

oauth2-test:
build: https://github.com/chatlogs/oauth2-simple-client.git
environment:
- APP_URL=http://app.localhost
- OAUTH2_URL=http://auth.localhost
- OAUTH2_CLIENT_ID=test
- OAUTH2_CLIENT_SECRET=secret
depends_on:
- hydra-create-client


And here is my nginx.conf:



events {
worker_connections 1024;
}

http {
# Proxy ChatLogs Auth and Hydra OAuth server
server {
listen 80;
server_name auth.localhost;

location ^~ / {
proxy_pass http://chatlogs-auth:3000;
}

location ^~ /oauth2 {
proxy_pass http://hydra:4444/oauth2;
}
}

server {
listen 80;
server_name app.localhost;

location / {
proxy_pass http://oauth2-test:3000;
}
}
}


This is the error that oauth2-test shows:



oauth2-test_1          | { Error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80
oauth2-test_1 | at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:57:26)
oauth2-test_1 | errno: 'ENOTFOUND',
oauth2-test_1 | code: 'ENOTFOUND',
oauth2-test_1 | syscall: 'getaddrinfo',
oauth2-test_1 | hostname: 'auth.localhost',
oauth2-test_1 | host: 'auth.localhost',
oauth2-test_1 | port: 80,
oauth2-test_1 | trace:
oauth2-test_1 | [ { method: 'POST', url: 'http://auth.localhost/oauth2/token' } ],
oauth2-test_1 | isBoom: true,
oauth2-test_1 | isServer: true,
oauth2-test_1 | data: null,
oauth2-test_1 | output:
oauth2-test_1 | { statusCode: 502,
oauth2-test_1 | payload:
oauth2-test_1 | { message:
oauth2-test_1 | 'Client request error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80',
oauth2-test_1 | statusCode: 502,
oauth2-test_1 | error: 'Bad Gateway' },
oauth2-test_1 | headers: {} },
oauth2-test_1 | reformat: [Function] }


Any help is appreciated!










share|improve this question































    0















    I am trying to run a test OAuth2 client in the same Docker network as an OAuth2 server. The idea is to allow the testing of the entire application without having to run an external OAuth2 client.



    The issue I am having is that the OAuth2 server endpoint that is passed to the OAuth2 client is only available outside the Docker network on my local machine (I am using a simple nginx proxy in order to handle this, see below). So when the client attempts to get the token when the callback is called, it can't resolve the hostname (since "localhost" in the context of the client container refers to the local network of that container, but "localhost" on my browser refers to the Docker network itself). Ideally, I would like to keep using nginx as a proxy for nicer hostnames during development.



    To clarify, this is currently how the process works:




    1. User visits app.localhost in their browser

    2. User is redirected to auth.localhost to attempt a login

    3. User enters their credentials, the user is redirected to the callback

    4. The callback errors, since it cannot properly get the access token from auth.localhost


    Here is my docker-compose, with irrelevant parts removed for brevity:



    version: '3'
    services:
    hydra:
    image: oryd/hydra:v1.0.0-beta.9
    depends_on:
    - hydra-migrate
    command:
    serve all --dangerous-force-http
    environment:
    - OAUTH2_ISSUER_URL=http://auth.localhost/
    - OAUTH2_CONSENT_URL=http://auth.localhost/consent
    - OAUTH2_LOGIN_URL=http://auth.localhost/auth/login
    - DATABASE_URL=postgres://hydra@postgres:5432/hydra?sslmode=disable
    - SYSTEM_SECRET=youReallyNeedToChangeThis
    - OAUTH2_SHARE_ERROR_DEBUG=1
    - OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise
    - OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis

    nginx:
    image: nginx
    ports:
    - "80:80"
    volumes:
    - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
    depends_on:
    - hydra
    - oauth2-test

    oauth2-test:
    build: https://github.com/chatlogs/oauth2-simple-client.git
    environment:
    - APP_URL=http://app.localhost
    - OAUTH2_URL=http://auth.localhost
    - OAUTH2_CLIENT_ID=test
    - OAUTH2_CLIENT_SECRET=secret
    depends_on:
    - hydra-create-client


    And here is my nginx.conf:



    events {
    worker_connections 1024;
    }

    http {
    # Proxy ChatLogs Auth and Hydra OAuth server
    server {
    listen 80;
    server_name auth.localhost;

    location ^~ / {
    proxy_pass http://chatlogs-auth:3000;
    }

    location ^~ /oauth2 {
    proxy_pass http://hydra:4444/oauth2;
    }
    }

    server {
    listen 80;
    server_name app.localhost;

    location / {
    proxy_pass http://oauth2-test:3000;
    }
    }
    }


    This is the error that oauth2-test shows:



    oauth2-test_1          | { Error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80
    oauth2-test_1 | at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:57:26)
    oauth2-test_1 | errno: 'ENOTFOUND',
    oauth2-test_1 | code: 'ENOTFOUND',
    oauth2-test_1 | syscall: 'getaddrinfo',
    oauth2-test_1 | hostname: 'auth.localhost',
    oauth2-test_1 | host: 'auth.localhost',
    oauth2-test_1 | port: 80,
    oauth2-test_1 | trace:
    oauth2-test_1 | [ { method: 'POST', url: 'http://auth.localhost/oauth2/token' } ],
    oauth2-test_1 | isBoom: true,
    oauth2-test_1 | isServer: true,
    oauth2-test_1 | data: null,
    oauth2-test_1 | output:
    oauth2-test_1 | { statusCode: 502,
    oauth2-test_1 | payload:
    oauth2-test_1 | { message:
    oauth2-test_1 | 'Client request error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80',
    oauth2-test_1 | statusCode: 502,
    oauth2-test_1 | error: 'Bad Gateway' },
    oauth2-test_1 | headers: {} },
    oauth2-test_1 | reformat: [Function] }


    Any help is appreciated!










    share|improve this question



























      0












      0








      0








      I am trying to run a test OAuth2 client in the same Docker network as an OAuth2 server. The idea is to allow the testing of the entire application without having to run an external OAuth2 client.



      The issue I am having is that the OAuth2 server endpoint that is passed to the OAuth2 client is only available outside the Docker network on my local machine (I am using a simple nginx proxy in order to handle this, see below). So when the client attempts to get the token when the callback is called, it can't resolve the hostname (since "localhost" in the context of the client container refers to the local network of that container, but "localhost" on my browser refers to the Docker network itself). Ideally, I would like to keep using nginx as a proxy for nicer hostnames during development.



      To clarify, this is currently how the process works:




      1. User visits app.localhost in their browser

      2. User is redirected to auth.localhost to attempt a login

      3. User enters their credentials, the user is redirected to the callback

      4. The callback errors, since it cannot properly get the access token from auth.localhost


      Here is my docker-compose, with irrelevant parts removed for brevity:



      version: '3'
      services:
      hydra:
      image: oryd/hydra:v1.0.0-beta.9
      depends_on:
      - hydra-migrate
      command:
      serve all --dangerous-force-http
      environment:
      - OAUTH2_ISSUER_URL=http://auth.localhost/
      - OAUTH2_CONSENT_URL=http://auth.localhost/consent
      - OAUTH2_LOGIN_URL=http://auth.localhost/auth/login
      - DATABASE_URL=postgres://hydra@postgres:5432/hydra?sslmode=disable
      - SYSTEM_SECRET=youReallyNeedToChangeThis
      - OAUTH2_SHARE_ERROR_DEBUG=1
      - OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise
      - OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis

      nginx:
      image: nginx
      ports:
      - "80:80"
      volumes:
      - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      depends_on:
      - hydra
      - oauth2-test

      oauth2-test:
      build: https://github.com/chatlogs/oauth2-simple-client.git
      environment:
      - APP_URL=http://app.localhost
      - OAUTH2_URL=http://auth.localhost
      - OAUTH2_CLIENT_ID=test
      - OAUTH2_CLIENT_SECRET=secret
      depends_on:
      - hydra-create-client


      And here is my nginx.conf:



      events {
      worker_connections 1024;
      }

      http {
      # Proxy ChatLogs Auth and Hydra OAuth server
      server {
      listen 80;
      server_name auth.localhost;

      location ^~ / {
      proxy_pass http://chatlogs-auth:3000;
      }

      location ^~ /oauth2 {
      proxy_pass http://hydra:4444/oauth2;
      }
      }

      server {
      listen 80;
      server_name app.localhost;

      location / {
      proxy_pass http://oauth2-test:3000;
      }
      }
      }


      This is the error that oauth2-test shows:



      oauth2-test_1          | { Error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80
      oauth2-test_1 | at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:57:26)
      oauth2-test_1 | errno: 'ENOTFOUND',
      oauth2-test_1 | code: 'ENOTFOUND',
      oauth2-test_1 | syscall: 'getaddrinfo',
      oauth2-test_1 | hostname: 'auth.localhost',
      oauth2-test_1 | host: 'auth.localhost',
      oauth2-test_1 | port: 80,
      oauth2-test_1 | trace:
      oauth2-test_1 | [ { method: 'POST', url: 'http://auth.localhost/oauth2/token' } ],
      oauth2-test_1 | isBoom: true,
      oauth2-test_1 | isServer: true,
      oauth2-test_1 | data: null,
      oauth2-test_1 | output:
      oauth2-test_1 | { statusCode: 502,
      oauth2-test_1 | payload:
      oauth2-test_1 | { message:
      oauth2-test_1 | 'Client request error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80',
      oauth2-test_1 | statusCode: 502,
      oauth2-test_1 | error: 'Bad Gateway' },
      oauth2-test_1 | headers: {} },
      oauth2-test_1 | reformat: [Function] }


      Any help is appreciated!










      share|improve this question
















      I am trying to run a test OAuth2 client in the same Docker network as an OAuth2 server. The idea is to allow the testing of the entire application without having to run an external OAuth2 client.



      The issue I am having is that the OAuth2 server endpoint that is passed to the OAuth2 client is only available outside the Docker network on my local machine (I am using a simple nginx proxy in order to handle this, see below). So when the client attempts to get the token when the callback is called, it can't resolve the hostname (since "localhost" in the context of the client container refers to the local network of that container, but "localhost" on my browser refers to the Docker network itself). Ideally, I would like to keep using nginx as a proxy for nicer hostnames during development.



      To clarify, this is currently how the process works:




      1. User visits app.localhost in their browser

      2. User is redirected to auth.localhost to attempt a login

      3. User enters their credentials, the user is redirected to the callback

      4. The callback errors, since it cannot properly get the access token from auth.localhost


      Here is my docker-compose, with irrelevant parts removed for brevity:



      version: '3'
      services:
      hydra:
      image: oryd/hydra:v1.0.0-beta.9
      depends_on:
      - hydra-migrate
      command:
      serve all --dangerous-force-http
      environment:
      - OAUTH2_ISSUER_URL=http://auth.localhost/
      - OAUTH2_CONSENT_URL=http://auth.localhost/consent
      - OAUTH2_LOGIN_URL=http://auth.localhost/auth/login
      - DATABASE_URL=postgres://hydra@postgres:5432/hydra?sslmode=disable
      - SYSTEM_SECRET=youReallyNeedToChangeThis
      - OAUTH2_SHARE_ERROR_DEBUG=1
      - OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise
      - OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis

      nginx:
      image: nginx
      ports:
      - "80:80"
      volumes:
      - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      depends_on:
      - hydra
      - oauth2-test

      oauth2-test:
      build: https://github.com/chatlogs/oauth2-simple-client.git
      environment:
      - APP_URL=http://app.localhost
      - OAUTH2_URL=http://auth.localhost
      - OAUTH2_CLIENT_ID=test
      - OAUTH2_CLIENT_SECRET=secret
      depends_on:
      - hydra-create-client


      And here is my nginx.conf:



      events {
      worker_connections 1024;
      }

      http {
      # Proxy ChatLogs Auth and Hydra OAuth server
      server {
      listen 80;
      server_name auth.localhost;

      location ^~ / {
      proxy_pass http://chatlogs-auth:3000;
      }

      location ^~ /oauth2 {
      proxy_pass http://hydra:4444/oauth2;
      }
      }

      server {
      listen 80;
      server_name app.localhost;

      location / {
      proxy_pass http://oauth2-test:3000;
      }
      }
      }


      This is the error that oauth2-test shows:



      oauth2-test_1          | { Error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80
      oauth2-test_1 | at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:57:26)
      oauth2-test_1 | errno: 'ENOTFOUND',
      oauth2-test_1 | code: 'ENOTFOUND',
      oauth2-test_1 | syscall: 'getaddrinfo',
      oauth2-test_1 | hostname: 'auth.localhost',
      oauth2-test_1 | host: 'auth.localhost',
      oauth2-test_1 | port: 80,
      oauth2-test_1 | trace:
      oauth2-test_1 | [ { method: 'POST', url: 'http://auth.localhost/oauth2/token' } ],
      oauth2-test_1 | isBoom: true,
      oauth2-test_1 | isServer: true,
      oauth2-test_1 | data: null,
      oauth2-test_1 | output:
      oauth2-test_1 | { statusCode: 502,
      oauth2-test_1 | payload:
      oauth2-test_1 | { message:
      oauth2-test_1 | 'Client request error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80',
      oauth2-test_1 | statusCode: 502,
      oauth2-test_1 | error: 'Bad Gateway' },
      oauth2-test_1 | headers: {} },
      oauth2-test_1 | reformat: [Function] }


      Any help is appreciated!







      docker oauth-2.0






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 3 at 9:24







      mattrick

















      asked Jan 3 at 9:17









      mattrickmattrick

      86011428




      86011428
























          0






          active

          oldest

          votes












          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54019308%2foauth2-server-and-client-in-same-docker-network%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54019308%2foauth2-server-and-client-in-same-docker-network%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          'app-layout' is not a known element: how to share Component with different Modules

          android studio warns about leanback feature tag usage required on manifest while using Unity exported app?

          WPF add header to Image with URL pettitions [duplicate]