sample application using Ory open source projects
- docker and docker-compose
- docker and docker-compose
docker-compose build
- start services:
- user-management
- db-user-management
docker-compose up
2 - start services hydra oauthkeeper and keto
docker-compose -f docker-compose-hydra.yaml build
docker-compose -f docker-compose-hydra.yaml up
3 - create client hydra
docker-compose -f docker-compose-hydra.yaml exec hydra \
hydra clients create \
--endpoint http://127.0.0.1:4445 \
--id auth-code-client \
--secret secret \
--grant-types client_credentials,authorization_code,refresh_token \
--response-types code,id_token \
--scope openid,offline \
--callbacks http://localhost:9090/api-user-management/auth-callback
4 - register user
admin
curl --location --request POST 'http://localhost:9090/api-user-management/register' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "admin",
"email": "admin@admin.com",
"password": "123"
}'
user
curl --location --request POST 'http://localhost:9090/api-user-management/register' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "user",
"email": "user@user.com",
"password": "123"
}'
5 - create policies
admin
curl --location --request POST 'http://localhost:9090/api-user-management/keto/policies' \
--header 'Content-Type: application/json' \
--data-raw '{
"description": "policy admin",
"subjects": ["admin"],
"effect": "allow",
"resources": [
"user-management:user"
],
"actions": ["get", "post", "put", "delete"],
"conditions": null
}'
user
curl --location --request POST 'http://localhost:9090/api-user-management/keto/policies' \
--header 'Content-Type: application/json' \
--data-raw '{
"description": "policy user",
"subjects": ["user"],
"effect": "allow",
"resources": [
"user-management:user"
],
"actions": ["get"],
"conditions": null
}'
6 - create role
admin
curl --location --request POST 'http://localhost:9090/api-user-management/keto/roles' \
--header 'Content-Type: application/json' \
--data-raw '{
"id":"admin",
"members": [
"admin@admin.com"
]
}'
user
curl --location --request POST 'http://localhost:9090/api-user-management/keto/roles' \
--header 'Content-Type: application/json' \
--data-raw '{
"id":"user",
"members": [
"user@user.com"
]
}'
- login
http://localhost:9090/api-user-management/authorize
email: admin@admin.com
email: user@user.com
password: 123
curl --location --request GET 'http://localhost:4455/api-user-management/users' \
--header 'Authorization: Bearer {token}' \