OAuth2 Server and Client in Same Docker Network





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I am trying to run a test OAuth2 client in the same Docker network as an OAuth2 server. The idea is to allow the testing of the entire application without having to run an external OAuth2 client.



The issue I am having is that the OAuth2 server endpoint that is passed to the OAuth2 client is only available outside the Docker network on my local machine (I am using a simple nginx proxy in order to handle this, see below). So when the client attempts to get the token when the callback is called, it can't resolve the hostname (since "localhost" in the context of the client container refers to the local network of that container, but "localhost" on my browser refers to the Docker network itself). Ideally, I would like to keep using nginx as a proxy for nicer hostnames during development.



To clarify, this is currently how the process works:




  1. User visits app.localhost in their browser

  2. User is redirected to auth.localhost to attempt a login

  3. User enters their credentials, the user is redirected to the callback

  4. The callback errors, since it cannot properly get the access token from auth.localhost


Here is my docker-compose, with irrelevant parts removed for brevity:



version: '3'

services:

  hydra:

    image: oryd/hydra:v1.0.0-beta.9

    depends_on:

      - hydra-migrate

    command:

      serve all --dangerous-force-http

    environment:

      - OAUTH2_ISSUER_URL=http://auth.localhost/

      - OAUTH2_CONSENT_URL=http://auth.localhost/consent

      - OAUTH2_LOGIN_URL=http://auth.localhost/auth/login

      - DATABASE_URL=postgres://hydra@postgres:5432/hydra?sslmode=disable

      - SYSTEM_SECRET=youReallyNeedToChangeThis

      - OAUTH2_SHARE_ERROR_DEBUG=1

      - OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise

      - OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis



  nginx:

    image: nginx

    ports:

      - "80:80"

    volumes:

      - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro

    depends_on:

      - hydra

      - oauth2-test



  oauth2-test:

    build: https://github.com/chatlogs/oauth2-simple-client.git

    environment:

      - APP_URL=http://app.localhost

      - OAUTH2_URL=http://auth.localhost

      - OAUTH2_CLIENT_ID=test

      - OAUTH2_CLIENT_SECRET=secret

    depends_on:

      - hydra-create-client


And here is my nginx.conf:



events {

  worker_connections  1024;

}



http {

  # Proxy ChatLogs Auth and Hydra OAuth server

  server {

    listen  80;

    server_name  auth.localhost;



    location ^~ / {

      proxy_pass  http://chatlogs-auth:3000;

    }



    location ^~ /oauth2 {

      proxy_pass  http://hydra:4444/oauth2;

    }

  }



  server {

    listen  80;

    server_name  app.localhost;



    location / {

      proxy_pass http://oauth2-test:3000;

    }

  }

}


This is the error that oauth2-test shows:



oauth2-test_1          | { Error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80

oauth2-test_1          |     at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:57:26)

oauth2-test_1          |   errno: 'ENOTFOUND',

oauth2-test_1          |   code: 'ENOTFOUND',

oauth2-test_1          |   syscall: 'getaddrinfo',

oauth2-test_1          |   hostname: 'auth.localhost',

oauth2-test_1          |   host: 'auth.localhost',

oauth2-test_1          |   port: 80,

oauth2-test_1          |   trace:

oauth2-test_1          |    [ { method: 'POST', url: 'http://auth.localhost/oauth2/token' } ],

oauth2-test_1          |   isBoom: true,

oauth2-test_1          |   isServer: true,

oauth2-test_1          |   data: null,

oauth2-test_1          |   output:

oauth2-test_1          |    { statusCode: 502,

oauth2-test_1          |      payload:

oauth2-test_1          |       { message:

oauth2-test_1          |          'Client request error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80',

oauth2-test_1          |         statusCode: 502,

oauth2-test_1          |         error: 'Bad Gateway' },

oauth2-test_1          |      headers: {} },

oauth2-test_1          |   reformat: [Function] }


Any help is appreciated!






docker oauth-2.0







share|improve this question































    0















    I am trying to run a test OAuth2 client in the same Docker network as an OAuth2 server. The idea is to allow the testing of the entire application without having to run an external OAuth2 client.



    The issue I am having is that the OAuth2 server endpoint that is passed to the OAuth2 client is only available outside the Docker network on my local machine (I am using a simple nginx proxy in order to handle this, see below). So when the client attempts to get the token when the callback is called, it can't resolve the hostname (since "localhost" in the context of the client container refers to the local network of that container, but "localhost" on my browser refers to the Docker network itself). Ideally, I would like to keep using nginx as a proxy for nicer hostnames during development.



    To clarify, this is currently how the process works:




    1. User visits app.localhost in their browser

    2. User is redirected to auth.localhost to attempt a login

    3. User enters their credentials, the user is redirected to the callback

    4. The callback errors, since it cannot properly get the access token from auth.localhost


    Here is my docker-compose, with irrelevant parts removed for brevity:



    version: '3'
    
services:
    
  hydra:
    
    image: oryd/hydra:v1.0.0-beta.9
    
    depends_on:
    
      - hydra-migrate
    
    command:
    
      serve all --dangerous-force-http
    
    environment:
    
      - OAUTH2_ISSUER_URL=http://auth.localhost/
    
      - OAUTH2_CONSENT_URL=http://auth.localhost/consent
    
      - OAUTH2_LOGIN_URL=http://auth.localhost/auth/login
    
      - DATABASE_URL=postgres://hydra@postgres:5432/hydra?sslmode=disable
    
      - SYSTEM_SECRET=youReallyNeedToChangeThis
    
      - OAUTH2_SHARE_ERROR_DEBUG=1
    
      - OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise
    
      - OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis
    

    
  nginx:
    
    image: nginx
    
    ports:
    
      - "80:80"
    
    volumes:
    
      - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
    
    depends_on:
    
      - hydra
    
      - oauth2-test
    

    
  oauth2-test:
    
    build: https://github.com/chatlogs/oauth2-simple-client.git
    
    environment:
    
      - APP_URL=http://app.localhost
    
      - OAUTH2_URL=http://auth.localhost
    
      - OAUTH2_CLIENT_ID=test
    
      - OAUTH2_CLIENT_SECRET=secret
    
    depends_on:
    
      - hydra-create-client


    And here is my nginx.conf:



    events {
    
  worker_connections  1024;
    
}
    

    
http {
    
  # Proxy ChatLogs Auth and Hydra OAuth server
    
  server {
    
    listen  80;
    
    server_name  auth.localhost;
    

    
    location ^~ / {
    
      proxy_pass  http://chatlogs-auth:3000;
    
    }
    

    
    location ^~ /oauth2 {
    
      proxy_pass  http://hydra:4444/oauth2;
    
    }
    
  }
    

    
  server {
    
    listen  80;
    
    server_name  app.localhost;
    

    
    location / {
    
      proxy_pass http://oauth2-test:3000;
    
    }
    
  }
    
}


    This is the error that oauth2-test shows:



    oauth2-test_1          | { Error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80
    
oauth2-test_1          |     at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:57:26)
    
oauth2-test_1          |   errno: 'ENOTFOUND',
    
oauth2-test_1          |   code: 'ENOTFOUND',
    
oauth2-test_1          |   syscall: 'getaddrinfo',
    
oauth2-test_1          |   hostname: 'auth.localhost',
    
oauth2-test_1          |   host: 'auth.localhost',
    
oauth2-test_1          |   port: 80,
    
oauth2-test_1          |   trace:
    
oauth2-test_1          |    [ { method: 'POST', url: 'http://auth.localhost/oauth2/token' } ],
    
oauth2-test_1          |   isBoom: true,
    
oauth2-test_1          |   isServer: true,
    
oauth2-test_1          |   data: null,
    
oauth2-test_1          |   output:
    
oauth2-test_1          |    { statusCode: 502,
    
oauth2-test_1          |      payload:
    
oauth2-test_1          |       { message:
    
oauth2-test_1          |          'Client request error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80',
    
oauth2-test_1          |         statusCode: 502,
    
oauth2-test_1          |         error: 'Bad Gateway' },
    
oauth2-test_1          |      headers: {} },
    
oauth2-test_1          |   reformat: [Function] }


    Any help is appreciated!






    docker oauth-2.0







    share|improve this question



























      0












      0








      0








      I am trying to run a test OAuth2 client in the same Docker network as an OAuth2 server. The idea is to allow the testing of the entire application without having to run an external OAuth2 client.



      The issue I am having is that the OAuth2 server endpoint that is passed to the OAuth2 client is only available outside the Docker network on my local machine (I am using a simple nginx proxy in order to handle this, see below). So when the client attempts to get the token when the callback is called, it can't resolve the hostname (since "localhost" in the context of the client container refers to the local network of that container, but "localhost" on my browser refers to the Docker network itself). Ideally, I would like to keep using nginx as a proxy for nicer hostnames during development.



      To clarify, this is currently how the process works:




      1. User visits app.localhost in their browser

      2. User is redirected to auth.localhost to attempt a login

      3. User enters their credentials, the user is redirected to the callback

      4. The callback errors, since it cannot properly get the access token from auth.localhost


      Here is my docker-compose, with irrelevant parts removed for brevity:



      version: '3'
      
services:
      
  hydra:
      
    image: oryd/hydra:v1.0.0-beta.9
      
    depends_on:
      
      - hydra-migrate
      
    command:
      
      serve all --dangerous-force-http
      
    environment:
      
      - OAUTH2_ISSUER_URL=http://auth.localhost/
      
      - OAUTH2_CONSENT_URL=http://auth.localhost/consent
      
      - OAUTH2_LOGIN_URL=http://auth.localhost/auth/login
      
      - DATABASE_URL=postgres://hydra@postgres:5432/hydra?sslmode=disable
      
      - SYSTEM_SECRET=youReallyNeedToChangeThis
      
      - OAUTH2_SHARE_ERROR_DEBUG=1
      
      - OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise
      
      - OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis
      

      
  nginx:
      
    image: nginx
      
    ports:
      
      - "80:80"
      
    volumes:
      
      - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      
    depends_on:
      
      - hydra
      
      - oauth2-test
      

      
  oauth2-test:
      
    build: https://github.com/chatlogs/oauth2-simple-client.git
      
    environment:
      
      - APP_URL=http://app.localhost
      
      - OAUTH2_URL=http://auth.localhost
      
      - OAUTH2_CLIENT_ID=test
      
      - OAUTH2_CLIENT_SECRET=secret
      
    depends_on:
      
      - hydra-create-client


      And here is my nginx.conf:



      events {
      
  worker_connections  1024;
      
}
      

      
http {
      
  # Proxy ChatLogs Auth and Hydra OAuth server
      
  server {
      
    listen  80;
      
    server_name  auth.localhost;
      

      
    location ^~ / {
      
      proxy_pass  http://chatlogs-auth:3000;
      
    }
      

      
    location ^~ /oauth2 {
      
      proxy_pass  http://hydra:4444/oauth2;
      
    }
      
  }
      

      
  server {
      
    listen  80;
      
    server_name  app.localhost;
      

      
    location / {
      
      proxy_pass http://oauth2-test:3000;
      
    }
      
  }
      
}


      This is the error that oauth2-test shows:



      oauth2-test_1          | { Error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80
      
oauth2-test_1          |     at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:57:26)
      
oauth2-test_1          |   errno: 'ENOTFOUND',
      
oauth2-test_1          |   code: 'ENOTFOUND',
      
oauth2-test_1          |   syscall: 'getaddrinfo',
      
oauth2-test_1          |   hostname: 'auth.localhost',
      
oauth2-test_1          |   host: 'auth.localhost',
      
oauth2-test_1          |   port: 80,
      
oauth2-test_1          |   trace:
      
oauth2-test_1          |    [ { method: 'POST', url: 'http://auth.localhost/oauth2/token' } ],
      
oauth2-test_1          |   isBoom: true,
      
oauth2-test_1          |   isServer: true,
      
oauth2-test_1          |   data: null,
      
oauth2-test_1          |   output:
      
oauth2-test_1          |    { statusCode: 502,
      
oauth2-test_1          |      payload:
      
oauth2-test_1          |       { message:
      
oauth2-test_1          |          'Client request error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80',
      
oauth2-test_1          |         statusCode: 502,
      
oauth2-test_1          |         error: 'Bad Gateway' },
      
oauth2-test_1          |      headers: {} },
      
oauth2-test_1          |   reformat: [Function] }


      Any help is appreciated!






      docker oauth-2.0







      share|improve this question
















      I am trying to run a test OAuth2 client in the same Docker network as an OAuth2 server. The idea is to allow the testing of the entire application without having to run an external OAuth2 client.



      The issue I am having is that the OAuth2 server endpoint that is passed to the OAuth2 client is only available outside the Docker network on my local machine (I am using a simple nginx proxy in order to handle this, see below). So when the client attempts to get the token when the callback is called, it can't resolve the hostname (since "localhost" in the context of the client container refers to the local network of that container, but "localhost" on my browser refers to the Docker network itself). Ideally, I would like to keep using nginx as a proxy for nicer hostnames during development.



      To clarify, this is currently how the process works:




      1. User visits app.localhost in their browser

      2. User is redirected to auth.localhost to attempt a login

      3. User enters their credentials, the user is redirected to the callback

      4. The callback errors, since it cannot properly get the access token from auth.localhost


      Here is my docker-compose, with irrelevant parts removed for brevity:



      version: '3'
      
services:
      
  hydra:
      
    image: oryd/hydra:v1.0.0-beta.9
      
    depends_on:
      
      - hydra-migrate
      
    command:
      
      serve all --dangerous-force-http
      
    environment:
      
      - OAUTH2_ISSUER_URL=http://auth.localhost/
      
      - OAUTH2_CONSENT_URL=http://auth.localhost/consent
      
      - OAUTH2_LOGIN_URL=http://auth.localhost/auth/login
      
      - DATABASE_URL=postgres://hydra@postgres:5432/hydra?sslmode=disable
      
      - SYSTEM_SECRET=youReallyNeedToChangeThis
      
      - OAUTH2_SHARE_ERROR_DEBUG=1
      
      - OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise
      
      - OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis
      

      
  nginx:
      
    image: nginx
      
    ports:
      
      - "80:80"
      
    volumes:
      
      - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      
    depends_on:
      
      - hydra
      
      - oauth2-test
      

      
  oauth2-test:
      
    build: https://github.com/chatlogs/oauth2-simple-client.git
      
    environment:
      
      - APP_URL=http://app.localhost
      
      - OAUTH2_URL=http://auth.localhost
      
      - OAUTH2_CLIENT_ID=test
      
      - OAUTH2_CLIENT_SECRET=secret
      
    depends_on:
      
      - hydra-create-client


      And here is my nginx.conf:



      events {
      
  worker_connections  1024;
      
}
      

      
http {
      
  # Proxy ChatLogs Auth and Hydra OAuth server
      
  server {
      
    listen  80;
      
    server_name  auth.localhost;
      

      
    location ^~ / {
      
      proxy_pass  http://chatlogs-auth:3000;
      
    }
      

      
    location ^~ /oauth2 {
      
      proxy_pass  http://hydra:4444/oauth2;
      
    }
      
  }
      

      
  server {
      
    listen  80;
      
    server_name  app.localhost;
      

      
    location / {
      
      proxy_pass http://oauth2-test:3000;
      
    }
      
  }
      
}


      This is the error that oauth2-test shows:



      oauth2-test_1          | { Error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80
      
oauth2-test_1          |     at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:57:26)
      
oauth2-test_1          |   errno: 'ENOTFOUND',
      
oauth2-test_1          |   code: 'ENOTFOUND',
      
oauth2-test_1          |   syscall: 'getaddrinfo',
      
oauth2-test_1          |   hostname: 'auth.localhost',
      
oauth2-test_1          |   host: 'auth.localhost',
      
oauth2-test_1          |   port: 80,
      
oauth2-test_1          |   trace:
      
oauth2-test_1          |    [ { method: 'POST', url: 'http://auth.localhost/oauth2/token' } ],
      
oauth2-test_1          |   isBoom: true,
      
oauth2-test_1          |   isServer: true,
      
oauth2-test_1          |   data: null,
      
oauth2-test_1          |   output:
      
oauth2-test_1          |    { statusCode: 502,
      
oauth2-test_1          |      payload:
      
oauth2-test_1          |       { message:
      
oauth2-test_1          |          'Client request error: getaddrinfo ENOTFOUND auth.localhost auth.localhost:80',
      
oauth2-test_1          |         statusCode: 502,
      
oauth2-test_1          |         error: 'Bad Gateway' },
      
oauth2-test_1          |      headers: {} },
      
oauth2-test_1          |   reformat: [Function] }


      Any help is appreciated!






      docker oauth-2.0




      docker oauth-2.0






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 3 at 9:24







      mattrick

















      asked Jan 3 at 9:17









      mattrickmattrick

      86011428




      86011428
























          0






          active

          oldest

          votes












          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54019308%2foauth2-server-and-client-in-same-docker-network%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54019308%2foauth2-server-and-client-in-same-docker-network%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Can a sorcerer learn a 5th-level spell early by creating spell slots using the Font of Magic feature?

          Image
          28 6 $begingroup$ Per the Font of Magic feature, sorcerer can use Flexible Casting to create 5th-level spell slots at level 7, even though they are not typically available until level 9. You can transform unexpended sorcery points into one spell slot as a bonus action on your turn. The Creating Spell Slots table shows the cost of creating a spell slot of [5th level is 7] If such a sorcerer levels up while still having this 5th-level spell slot, can they choose a 5th-level spell as the spell they gain upon levelling up? The Spellcasting feature states: Additionally, when you gain a level in this class, you can choose one of the sorcerer spells you know and replace it with another spell from the sorcerer spell list, which also must be of a level for which you have spell slots.
          Read more

          Does disintegrating a polymorphed enemy still kill it after the 2018 errata?

          Image
          up vote 13 down vote favorite 1 After the 2018 errata, the disintegrate spell description now reads: A creature targeted by this spell must make a Dexterity saving throw. On a failed save, the target takes 10d6 + 40 force damage. The target is disintegrated if this damage leaves it with 0 hit points. If you were to polymorph an enemy into a rat and then disintegrate it, would the enemy be disintegrated or would it just return to its original form? I know that for Druids, it’s not an instant kill anymore, but is this the case for polymorph as well? dnd-5e spells polymorph errata share | improve this question edited 18 hours ago
          Read more

          A Topological Invariant for $pi_3(U(n))$

          Image
          3 3 $begingroup$ Recently, I saw a construction of topological invariant for $pi_3(U(n))$ with $ngeq 2$ : $$ N=frac{1}{24pi^2}int_{S^3} d^3x epsilon^{ijk} Tr[(U^{-1}partial_{x_i}U)(U^{-1}partial_{x_j}U)(U^{-1}partial_{x_k}U)] , $$ where $Uin U(n)$ depends on $boldsymbol{x}=(x_1,x_2,x_3)in S^3$ , $epsilon^{ijk}$ is the Levi-Civita symbol, $i,j,k=1,2,3$ , and the duplicated indexes are summed over. It is claimed that $N$ is an integer, but why? Update 02/02/2019 I think I got an argument for $n=2$ . In this case, $U=e^{i varphi} q$ with $qin SU(2)$ . Due to the trace and the Levi-Civita symbol in $N$ , $varphi$ does not contribute to $N$ . As $Tr[q^{dagger}partial_i q]=0$ and $(q^{dagger}partial_i q)^{dagger}=-q^{dagger}partial_i q$ , $q^{dagger}partial_i q$ in geneeral has the form $q^{dagger}partia
          Read more