Mixing
OAuth2 Server and Client in Same Docker Network
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I am trying to run a test OAuth2 client in the same Docker network as an OAuth2 server. The idea is to allow the testing of the entire application without having to run an external OAuth2 client.
The issue I am having is that the OAuth2 server endpoint that is passed to the OAuth2 client is only available outside the Docker network on my local machine (I am using a simple nginx proxy in order to handle this, see below). So when the client attempts to get the token when the callback is called, it can't resolve the hostname (since "localhost" in the context of the client container refers to the local network of that container, but "localhost" on my browser refers to the Docker network itself). Ideally, I would like to keep using nginx as a proxy for nicer hostnames during development.
To clarify, this is currently how the process works:
- User visits app.localhost in their browser
- User is redirected to auth.localhost to attempt a login
- User enters their credentials, the user is redirected to the callback
- The callback errors, since it cannot properly get the access token from auth.localhost
Here is my docker-compose, with irrelevant parts removed for brevity:
version: '3'
services:
hydra:
image: oryd/hydra:v1.0.0-beta.9
depends_on:
- hydra-migrate
command:
serve all --dangerous-force-http
environment:
- OAUTH2_ISSUER_URL=http://auth.localhost/
- OAUTH2_CONSENT_URL=http://auth.localhost/consent
- OAUTH2_LOGIN_URL=http://auth.localhost/auth/login
- DATABASE_URL=postgres://hydra@postgres:5432/hydra?sslmode=disable
- SYSTEM_SECRET=youReallyNeedToChangeThis
- OAUTH2_SHARE_ERROR_DEBUG=1
- OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise
- OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis
nginx:
image: nginx
ports:
- "80:80"
volumes:
- ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- hydra
- oauth2-test
oauth2-test:
build: https://github.com/chatlogs/oauth2-simple-client.git
environment:
- APP_URL=http://app.localhost
- OAUTH2_URL=http://auth.localhost
- OAUTH2_CLIENT_ID=test
- OAUTH2_CLIENT_SECRET=secret
depends_on:
- hydra-create-client
And here is my nginx.conf:
events {
worker_connections 1024;
}
http {
# Proxy ChatLogs Auth and Hydra OAuth server
server {
listen 80;
server_name auth.localhost;
location ^~ / {
proxy_pass http://chatlogs-auth:3000;
}
location ^~ /oauth2 {
proxy_pass http://hydra:4444/oauth2;
}
}
server {
listen 80;
server_name app.localhost;
location / {
proxy_pass http://oauth2-test:3000;
}
}
}
This is the error that oauth2-test shows:
oauth2-test_1 | { Error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80
oauth2-test_1 | at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:57:26)
oauth2-test_1 | errno: 'ENOTFOUND',
oauth2-test_1 | code: 'ENOTFOUND',
oauth2-test_1 | syscall: 'getaddrinfo',
oauth2-test_1 | hostname: 'auth.localhost',
oauth2-test_1 | host: 'auth.localhost',
oauth2-test_1 | port: 80,
oauth2-test_1 | trace:
oauth2-test_1 | [ { method: 'POST', url: 'http://auth.localhost/oauth2/token' } ],
oauth2-test_1 | isBoom: true,
oauth2-test_1 | isServer: true,
oauth2-test_1 | data: null,
oauth2-test_1 | output:
oauth2-test_1 | { statusCode: 502,
oauth2-test_1 | payload:
oauth2-test_1 | { message:
oauth2-test_1 | 'Client request error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80',
oauth2-test_1 | statusCode: 502,
oauth2-test_1 | error: 'Bad Gateway' },
oauth2-test_1 | headers: {} },
oauth2-test_1 | reformat: [Function] }
Any help is appreciated!
docker oauth-2.0
asked Jan 3 at 9:17
mattrickmattrick
86011428
add a comment |
I am trying to run a test OAuth2 client in the same Docker network as an OAuth2 server. The idea is to allow the testing of the entire application without having to run an external OAuth2 client.
The issue I am having is that the OAuth2 server endpoint that is passed to the OAuth2 client is only available outside the Docker network on my local machine (I am using a simple nginx proxy in order to handle this, see below). So when the client attempts to get the token when the callback is called, it can't resolve the hostname (since "localhost" in the context of the client container refers to the local network of that container, but "localhost" on my browser refers to the Docker network itself). Ideally, I would like to keep using nginx as a proxy for nicer hostnames during development.
To clarify, this is currently how the process works:
- User visits app.localhost in their browser
- User is redirected to auth.localhost to attempt a login
- User enters their credentials, the user is redirected to the callback
- The callback errors, since it cannot properly get the access token from auth.localhost
Here is my docker-compose, with irrelevant parts removed for brevity:
version: '3'
services:
hydra:
image: oryd/hydra:v1.0.0-beta.9
depends_on:
- hydra-migrate
command:
serve all --dangerous-force-http
environment:
- OAUTH2_ISSUER_URL=http://auth.localhost/
- OAUTH2_CONSENT_URL=http://auth.localhost/consent
- OAUTH2_LOGIN_URL=http://auth.localhost/auth/login
- DATABASE_URL=postgres://hydra@postgres:5432/hydra?sslmode=disable
- SYSTEM_SECRET=youReallyNeedToChangeThis
- OAUTH2_SHARE_ERROR_DEBUG=1
- OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise
- OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis
nginx:
image: nginx
ports:
- "80:80"
volumes:
- ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- hydra
- oauth2-test
oauth2-test:
build: https://github.com/chatlogs/oauth2-simple-client.git
environment:
- APP_URL=http://app.localhost
- OAUTH2_URL=http://auth.localhost
- OAUTH2_CLIENT_ID=test
- OAUTH2_CLIENT_SECRET=secret
depends_on:
- hydra-create-client
And here is my nginx.conf:
events {
worker_connections 1024;
}
http {
# Proxy ChatLogs Auth and Hydra OAuth server
server {
listen 80;
server_name auth.localhost;
location ^~ / {
proxy_pass http://chatlogs-auth:3000;
}
location ^~ /oauth2 {
proxy_pass http://hydra:4444/oauth2;
}
}
server {
listen 80;
server_name app.localhost;
location / {
proxy_pass http://oauth2-test:3000;
}
}
}
This is the error that oauth2-test shows:
oauth2-test_1 | { Error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80
oauth2-test_1 | at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:57:26)
oauth2-test_1 | errno: 'ENOTFOUND',
oauth2-test_1 | code: 'ENOTFOUND',
oauth2-test_1 | syscall: 'getaddrinfo',
oauth2-test_1 | hostname: 'auth.localhost',
oauth2-test_1 | host: 'auth.localhost',
oauth2-test_1 | port: 80,
oauth2-test_1 | trace:
oauth2-test_1 | [ { method: 'POST', url: 'http://auth.localhost/oauth2/token' } ],
oauth2-test_1 | isBoom: true,
oauth2-test_1 | isServer: true,
oauth2-test_1 | data: null,
oauth2-test_1 | output:
oauth2-test_1 | { statusCode: 502,
oauth2-test_1 | payload:
oauth2-test_1 | { message:
oauth2-test_1 | 'Client request error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80',
oauth2-test_1 | statusCode: 502,
oauth2-test_1 | error: 'Bad Gateway' },
oauth2-test_1 | headers: {} },
oauth2-test_1 | reformat: [Function] }
Any help is appreciated!
docker oauth-2.0
asked Jan 3 at 9:17
mattrickmattrick
86011428
add a comment |
I am trying to run a test OAuth2 client in the same Docker network as an OAuth2 server. The idea is to allow the testing of the entire application without having to run an external OAuth2 client.
The issue I am having is that the OAuth2 server endpoint that is passed to the OAuth2 client is only available outside the Docker network on my local machine (I am using a simple nginx proxy in order to handle this, see below). So when the client attempts to get the token when the callback is called, it can't resolve the hostname (since "localhost" in the context of the client container refers to the local network of that container, but "localhost" on my browser refers to the Docker network itself). Ideally, I would like to keep using nginx as a proxy for nicer hostnames during development.
To clarify, this is currently how the process works:
- User visits app.localhost in their browser
- User is redirected to auth.localhost to attempt a login
- User enters their credentials, the user is redirected to the callback
- The callback errors, since it cannot properly get the access token from auth.localhost
Here is my docker-compose, with irrelevant parts removed for brevity:
version: '3'
services:
hydra:
image: oryd/hydra:v1.0.0-beta.9
depends_on:
- hydra-migrate
command:
serve all --dangerous-force-http
environment:
- OAUTH2_ISSUER_URL=http://auth.localhost/
- OAUTH2_CONSENT_URL=http://auth.localhost/consent
- OAUTH2_LOGIN_URL=http://auth.localhost/auth/login
- DATABASE_URL=postgres://hydra@postgres:5432/hydra?sslmode=disable
- SYSTEM_SECRET=youReallyNeedToChangeThis
- OAUTH2_SHARE_ERROR_DEBUG=1
- OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise
- OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis
nginx:
image: nginx
ports:
- "80:80"
volumes:
- ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- hydra
- oauth2-test
oauth2-test:
build: https://github.com/chatlogs/oauth2-simple-client.git
environment:
- APP_URL=http://app.localhost
- OAUTH2_URL=http://auth.localhost
- OAUTH2_CLIENT_ID=test
- OAUTH2_CLIENT_SECRET=secret
depends_on:
- hydra-create-client
And here is my nginx.conf:
events {
worker_connections 1024;
}
http {
# Proxy ChatLogs Auth and Hydra OAuth server
server {
listen 80;
server_name auth.localhost;
location ^~ / {
proxy_pass http://chatlogs-auth:3000;
}
location ^~ /oauth2 {
proxy_pass http://hydra:4444/oauth2;
}
}
server {
listen 80;
server_name app.localhost;
location / {
proxy_pass http://oauth2-test:3000;
}
}
}
This is the error that oauth2-test shows:
oauth2-test_1 | { Error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80
oauth2-test_1 | at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:57:26)
oauth2-test_1 | errno: 'ENOTFOUND',
oauth2-test_1 | code: 'ENOTFOUND',
oauth2-test_1 | syscall: 'getaddrinfo',
oauth2-test_1 | hostname: 'auth.localhost',
oauth2-test_1 | host: 'auth.localhost',
oauth2-test_1 | port: 80,
oauth2-test_1 | trace:
oauth2-test_1 | [ { method: 'POST', url: 'http://auth.localhost/oauth2/token' } ],
oauth2-test_1 | isBoom: true,
oauth2-test_1 | isServer: true,
oauth2-test_1 | data: null,
oauth2-test_1 | output:
oauth2-test_1 | { statusCode: 502,
oauth2-test_1 | payload:
oauth2-test_1 | { message:
oauth2-test_1 | 'Client request error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80',
oauth2-test_1 | statusCode: 502,
oauth2-test_1 | error: 'Bad Gateway' },
oauth2-test_1 | headers: {} },
oauth2-test_1 | reformat: [Function] }
Any help is appreciated!
docker oauth-2.0
asked Jan 3 at 9:17
mattrickmattrick
86011428
I am trying to run a test OAuth2 client in the same Docker network as an OAuth2 server. The idea is to allow the testing of the entire application without having to run an external OAuth2 client.
The issue I am having is that the OAuth2 server endpoint that is passed to the OAuth2 client is only available outside the Docker network on my local machine (I am using a simple nginx proxy in order to handle this, see below). So when the client attempts to get the token when the callback is called, it can't resolve the hostname (since "localhost" in the context of the client container refers to the local network of that container, but "localhost" on my browser refers to the Docker network itself). Ideally, I would like to keep using nginx as a proxy for nicer hostnames during development.
To clarify, this is currently how the process works:
- User visits app.localhost in their browser
- User is redirected to auth.localhost to attempt a login
- User enters their credentials, the user is redirected to the callback
- The callback errors, since it cannot properly get the access token from auth.localhost
Here is my docker-compose, with irrelevant parts removed for brevity:
version: '3'
services:
hydra:
image: oryd/hydra:v1.0.0-beta.9
depends_on:
- hydra-migrate
command:
serve all --dangerous-force-http
environment:
- OAUTH2_ISSUER_URL=http://auth.localhost/
- OAUTH2_CONSENT_URL=http://auth.localhost/consent
- OAUTH2_LOGIN_URL=http://auth.localhost/auth/login
- DATABASE_URL=postgres://hydra@postgres:5432/hydra?sslmode=disable
- SYSTEM_SECRET=youReallyNeedToChangeThis
- OAUTH2_SHARE_ERROR_DEBUG=1
- OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise
- OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis
nginx:
image: nginx
ports:
- "80:80"
volumes:
- ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- hydra
- oauth2-test
oauth2-test:
build: https://github.com/chatlogs/oauth2-simple-client.git
environment:
- APP_URL=http://app.localhost
- OAUTH2_URL=http://auth.localhost
- OAUTH2_CLIENT_ID=test
- OAUTH2_CLIENT_SECRET=secret
depends_on:
- hydra-create-client
And here is my nginx.conf:
events {
worker_connections 1024;
}
http {
# Proxy ChatLogs Auth and Hydra OAuth server
server {
listen 80;
server_name auth.localhost;
location ^~ / {
proxy_pass http://chatlogs-auth:3000;
}
location ^~ /oauth2 {
proxy_pass http://hydra:4444/oauth2;
}
}
server {
listen 80;
server_name app.localhost;
location / {
proxy_pass http://oauth2-test:3000;
}
}
}
This is the error that oauth2-test shows:
oauth2-test_1 | { Error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80
oauth2-test_1 | at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:57:26)
oauth2-test_1 | errno: 'ENOTFOUND',
oauth2-test_1 | code: 'ENOTFOUND',
oauth2-test_1 | syscall: 'getaddrinfo',
oauth2-test_1 | hostname: 'auth.localhost',
oauth2-test_1 | host: 'auth.localhost',
oauth2-test_1 | port: 80,
oauth2-test_1 | trace:
oauth2-test_1 | [ { method: 'POST', url: 'http://auth.localhost/oauth2/token' } ],
oauth2-test_1 | isBoom: true,
oauth2-test_1 | isServer: true,
oauth2-test_1 | data: null,
oauth2-test_1 | output:
oauth2-test_1 | { statusCode: 502,
oauth2-test_1 | payload:
oauth2-test_1 | { message:
oauth2-test_1 | 'Client request error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80',
oauth2-test_1 | statusCode: 502,
oauth2-test_1 | error: 'Bad Gateway' },
oauth2-test_1 | headers: {} },
oauth2-test_1 | reformat: [Function] }
Any help is appreciated!
docker oauth-2.0
docker oauth-2.0
asked Jan 3 at 9:17
mattrickmattrick
86011428
asked Jan 3 at 9:17
mattrickmattrick
86011428
edited Jan 3 at 9:24
mattrick
asked Jan 3 at 9:17
mattrickmattrick
86011428
asked Jan 3 at 9:17
mattrickmattrick
86011428
asked Jan 3 at 9:17
mattrickmattrick
86011428
86011428
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54019308%2foauth2-server-and-client-in-same-docker-network%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54019308%2foauth2-server-and-client-in-same-docker-network%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
