The Ory CLI.
License: Apache License 2.0
Ory is the next-gen auth* SaaS - global, data-driven, affordable, and backed by popular and proven open source. Raise issues or have discussions, ask questions and more. The documentation GitHub repository is located at github.com/ory/docs.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
The upstream issues got closed. It is referenced in:
This issue was created by the ORY Closed Reference Notifier GitHub action.
When updating the redirect URI(s) of an OAuth2 client using Ory CLI in the Ory Network, its client name (and possibly other values as well) get emptied.
The exact same thing happens when updating the client name without mentioning the redirect URI.
I don't recall reading this in the docs; whether documented or not, this feels like a bug
Commands tested:
ory --project $project_id update oauth2-client $oauth2_client_id --name="Tangible Passport"
OAuth2 client now no longer has Redirect URIs.
ory --project $project_id update oauth2-client $oauth2_client_id --redirect-uri="http://test-local.test,https://test.us.reclaim.cloud"
OAuth2 client now no longer has a Client Name.
Results verified both in shell and Ory Network / Ory Cloud.
Tested with Powershell and Mingw
No response
No response
v0.1.47
Windows
Ory Network
No response
The upstream pull got closed. It is referenced in:
This issue was created by the ORY Closed Reference Notifier GitHub action.
Is your feature request related to a problem? Please describe.
There are multiple things we do on release of any Ory project.
Some, e.g. rendering the version schema, create commits that will be pushed after the tag has been created.
It is however required for ory/keto#719 to include an automated commit in the release.
Describe the solution you'd like
Add the possibility to define hooks that ory dev release runs before any release.
Additional context
Similar to https://goreleaser.com/customization/hooks/
We want to use the CLI in automated workflows (e.g. in CI/CD and automated end-to-end tests) to manage test projects. To do so, we need a way to do non-interactive auth.
Option A
Command Line Arguments for username and password for "ory auth"
Option B
Environment Variables for username, password and project are detected and used automatically by the CLI
Option C
Similar to B), but using Environment Variables for Personal Access Token and project
N/A
Cloud
No response
Not all of the examples displayed in the CLI help are working:
Examples:
ory patch project ecaaa3cb-0730-4ee8-a6df-9553cdfeef89 \
--replace '/name="My new project name"' \
--add '/services/identity/config/courier/smtp={"from_name":"My new email name"}' \
--replace '/services/identity/config/selfservice/methods/password/enabled=false' \
--delete '/services/identity/config/selfservice/methods/totp/enabled'
the --replace and --add examples that have "quoted" strings in them lead to a parse error. the other examples work fine.
ory patch project 650fbb1c-a376-45a2-b56c-cdf1ec2d1c74 \
--add '/services/identity/config/courier/smtp={"from_name":"My new email name"}'
leads to
invalid argument "/services/identity/config/courier/smtp={\"from_name\":\"My new email name\"}" for "--add" flag: parse error on line 1, column 41: bare " in non-quoted-field
ory patch project 650fbb1c-a376-45a2-b56c-cdf1ec2d1c74 \
--add "/services/identity/config/courier/smtp={\"from_name\":\"My new email name\"}"
leads to
invalid argument "/services/identity/config/courier/smtp={\"from_name\":\"My new email name\"}" for "--add" flag: parse error on line 1, column 41: bare " in non-quoted-field
similar with the --replace flag
ory patch project 650fbb1c-a376-45a2-b56c-cdf1ec2d1c74 \
--replace '/name=NewName'
leads to
invalid argument "/name=\"NewName\"" for "--replace" flag: parse error on line 1, column 7: bare " in non-quoted-field
No response
No response
not sure if this makes sense here
Ory Cloud
Ory Cloud
No response
$ ory dev pop migration create -d=postgres ./persistence/sql/migrations/templates somename
Error: expected dialect to be one of [sqlite cockroach mysql postgres] but got: postgres
...
$ ory dev pop migration create -d=postgres ./persistence/sql/migrations/templates somename
Error: expected dialect to be one of [sqlite cockroach mysql postgres] but got: postgres
...
Error: expected dialect to be one of [sqlite cockroach mysql postgres] but got: postgresNo response
0.1.0
macOS
Other
I'm pretty sure if stringslice.Has(supportedDialects, d) should be if !stringslice.Has(supportedDialects, d)
Describe the bug
Using an Ory Access Token that is invalid I would expect to see an error message that tells me so. Instead, I see:
$ export ORY_ACCESS_TOKEN=invalid
$ ory identities list
Could not retrieve project slug: Could not retrieve slug from requested url
I love the Ory CLI but it doesn't allow me to get my project's SDK URL in an easy way. The fastest way now is to sign in to the Ory Console UI and get it there.
I'd like to sign in to my account with ory auth and then run a command like ory sdk to get the project's SDK URL right in my terminal.
Get the URL from the Ory Console
0.1.27
No response
Describe the bug
go.mod references an unknown revision of the github.com/gobuffalo/fizz package, specifically: github.com/gobuffalo/[email protected]. The latest seem to be v1.13.0.
To Reproduce
Expected behavior
A successful built without any dependency errors.
Environment
go version go1.15.6 linux/amd64
We can import identities with
https://www.ory.sh/docs/kratos/cli/kratos-identities-import
but no credentials.
We can also import credentials through the CLI.
Use the Rest API:
https://www.ory.sh/docs/kratos/reference/api#operation/adminCreateIdentity
latest
No response
On any flow that requires a browser redirect the browser will ask to open an application instead of doing the redirect.
For example:
A login flow
A registration flow
On logout we have the same problem
Flows not affected
I have also tested this on SPA applications which have no redirects on login, registration etc. However on logout we redirect to Kratos which opens the dialog.
localhost:4000localhost:3000localhost:3000No response
No response
v0.1.43
Linux
Ory Cloud
No response
Cannot Purge projects using the Ory CLI. The only option is to delete identities:
➜ ~ ory delete
Delete resources
Usage:
ory delete [command]
Available Commands:
identity Delete one or more identities by their ID(s)
Flags:
-c, --config string Path to the Ory Cloud configuration file.
--format string Set the output format. One of default, json, yaml, and json-pretty. (default "default")
-h, --help help for delete
-q, --quiet Be quiet with output printing.
-y, --yes Confirm all dialogs with yes.
Use "ory delete [command] --help" for more information about a command.Add the projects to the delete resources command
Currently it is possible to delete projects, but only through an obscure API call since you need to copy over the cookies you obtained from the Ory Cloud console into a cURL command.
curl -X DELETE https://api.console.ory.sh/projects/<project-id> -H "Accept: application/json" --cookie "<your cookies>"v0.1.36
https://ory-community.slack.com/archives/C02MR4DEEGH/p1660659578640199
Describe the bug
$ ory proxy
panic: runtime error: index out of range [0] with length 0
goroutine 1 [running]:
github.com/ory/cli/cmd/cloud/proxy.NewProxyCmd.func1(0xc000d98000, 0x63b5760, 0x0, 0x0, 0x0, 0x0)
/Users/foobar/workspace/go/src/github.com/ory/cli/cmd/cloud/proxy/proxy.go:105 +0xbb6
github.com/spf13/cobra.(*Command).execute(0xc000d98000, 0x63b5760, 0x0, 0x0, 0xc000d98000, 0x63b5760)
/Users/foobar/workspace/go/pkg/mod/github.com/spf13/[email protected]/command.go:852 +0x472
github.com/spf13/cobra.(*Command).ExecuteC(0xc000d73b80, 0xc0007a1920, 0x52ce5e0, 0x57ba390)
/Users/foobar/workspace/go/pkg/mod/github.com/spf13/[email protected]/command.go:960 +0x375
github.com/spf13/cobra.(*Command).Execute(...)
/Users/foobar/workspace/go/pkg/mod/github.com/spf13/[email protected]/command.go:897
github.com/spf13/cobra.(*Command).ExecuteContext(...)
/Users/foobar/workspace/go/pkg/mod/github.com/spf13/[email protected]/command.go:890
github.com/ory/cli/cmd.Execute()
/Users/foobar/workspace/go/src/github.com/ory/cli/cmd/root.go:45 +0x106
main.main()
/Users/foobar/workspace/go/src/github.com/ory/cli/main.go:8 +0x25
Expected behavior
No panic
Environment
The Long description as written in the current CLI ("you can also ...") only makes sense if the reader read the Short description first. But Cobra doesn't do that. It shows the Short description in the overview of all commands and the Long description when showing help for a specific command. I therefore suggest to copy the short description into the long one:
Short: "Get an Ory Cloud project's OAuth2 configuration",
Long: "Get an Ory Cloud project's OAuth2 configuration. You can use this command to render Ory OAuth2 Configuration as well.",
Originally posted by @kevgo in #197 (comment)
I can't get ory identity delete to work. When I run ory identity --help, the help text says:
...
Usage:
ory delete identity id-0 [id-1] [id-2] [id-n] [flags]
I run ory ls identities and get a list of the identities in my project. Identity IDs have this format: fef2df71-f06a-45ab-b52d-8bdc8e991e49
I try to use that ID and remove the identity:
ory delete identity id-fef2df71-f06a-45ab-b52d-8bdc8e991e49 --project MY_PROJECT_ID
(or w/o the id -> ory delete identity fef2df71-f06a-45ab-b52d-8bdc8e991e49 --project MY_PROJECT_ID )
The response I get is:
Unable to locate the resource
id-fef2df71-f06a-45ab-b52d-8bdc8e991e49: this error should never be printed
I thought that maybe the help text with id-0 / id-1 tells you to select identities like list items where id-0 points to the first identity printed in the list you get from ory ls identities but this doesn't work either.
➜ ~ ory delete identity id-0 --project MY_PROJECT_ID
You are authenticated as: [email protected]
You are authenticated as: [email protected]
Unable to locate the resource
id-0: this error should never be printed
➜ ~ ory delete identity id-1 --project MY_PROJECT_ID
You are authenticated as: [email protected]
You are authenticated as: [email protected]
Unable to locate the resource
id-1: this error should never be printed
ory delete identity id-IDENTITY_ID --project PROJECT_ID
or
ory delete identity IDENTITY_ID --project PROJECT_ID
or
ory delete identity id-0 / id-1 --project PROJECT_ID
No response
No response
v0.1.29
Ory Cloud
Ory Cloud
No response
Is your feature request related to a problem? Please describe.
See: ory/network#10
The upstream issues got closed. It is referenced in:
When developing locally, some services might fall outside of the local environment, however, the cookie retrieved from Ory Cloud will be scoped to the Ory domain or CNAME domain which are translated to localhost with the ory tunnel. When we now communicate with external services we would need to pass along the cookie from the local environment and transform it back to the receiving domain to an external service, e.g Azure API Manager.
Be able to set more upstream URLs to mirror and not just Ory Cloud.
These upstream URLs should also translate the cookie from localhost to the original domain.
None
v0.1.36
https://ory-community.slack.com/archives/C02MR4DEEGH/p1660033017459529
As discussed on huddle :)
We should show a message indicating that a new version of Ory CLI is available and how to upgrade. Examples:
[STDERR]
A new version of Ory CLI is available (v123.123.123). Use the following command to upgrade:
> Some command which upgrades the CLI for brew, bash, curl, scoop, ...
Automatically download and execute the update (preferred). A quick google search found some repos and blog posts (I have not vetted them):
master
No response
Hello,
First off, thanks for the great package, I've loved my past experience with Ory OSS.
I'm having an issue in my project using the ory proxy. I'm using a react application to talk to the ory proxy and I have a third party client library that is trying to request CORS headers: Authorization (note capital 'A') and X-Request-Id with an OPTIONS pre-flight, which the ory proxy dis-allows as these are non-standard headers.
I haven't wrote a lick of Go really, but it looks like this is the suspect line:
Line 254 in e5582fd
Make an OPTIONS request to the ory proxy for a non-standard Cors header.
Ex. Access-Control-Request-Headers: authorization,x-request-id
[cors] 2022/11/07 20:23:51 Handler: Preflight request
[cors] 2022/11/07 20:23:51 Preflight aborted: headers '[Authorization X-Request-Id]' not allowedA slight tangent. I tried using the -c flag to set a config file, but I get a json parse error for the .yaml, like it's not expecting yaml for some reason, but json, when all the docs show .yaml config files?
I'm also not sure if the proxy respects any of those config values.
I also hoped that maybe setting the env variable SERVE_WRITE_CORS_ALLOWED_HEADERS='["content-type", "authorization", "Authorization", "X-Request-Id"]' would do it, but to no avail.
"@ory/cli": "^0.1.47",
Linux
No response
I'm not an expert on CORS or the ory proxy so I may be missing something obvious to forward the OPTIONS call to my down-stream server?
Or potentially a way for ory proxy to just ignore OPTIONS and forward to the down-stream server?
Issue:
The most popular ruby gem for JWTs expects for incoming tokens to include a header with the key: "kid" and the value is the key ID of the signing JWK. Without that header key I'm unable to use the decode method successfully.
I'm hoping supporting this is as simple as creating a custom signer that adds the header.
var signerOpts = jose.SignerOptions{}
signerOpts.WithHeader("kid", someID)Current signer: https://github.com/ory/cli/blob/master/cmd/cloud/proxy/common.go#L186
The ruby lib in question doesn't appear to give me any way of specifying the key ID and is instead parsing the JWT head for it. I've been unable to find a workaround.
v0.1.22
Version: v0.1.22
Git Hash: 93b27f5
Build Time: 2022-01-21T13:51:59Z
I have already bodged several releases using the ORY CLI because I accidentally pressed a different key than the y key. In that case, the CLI just aborts the process instead of retrying to get an answer. This can bodge a release mid-process and is very annoying to fix manually.
Do a release (ory dev release publish patch), press f instead of n, see what happens (larry).
No response
No response
master
No response
No response
Alternative would be to not ask for confirmation after the release has been kicked off? or ask for confirmation BEFORE pushing?
Describe the bug
Cannot download dependencies because of checksum mismatch.
To Reproduce
~/ory > git clone [email protected]:ory/cli.git
~/ory/cli > cd cli
~/ory/cli > go list -m -json all
verifying github.com/oleiade/[email protected]/go.mod: checksum mismatch
downloaded: h1:rdFxbxq4QXVZWj0F+e9jqjDkc7dbp97vkRixKo2JR60=
go.sum: h1:RbATFBbKYkVdqmSFtx13Bb/tVhR0lgOBXunWTZKeL4w=
SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.
For more information, see 'go help module-auth'.
Expected behavior
Dependencies should be downloaded and integrated.
Environment
Is your feature request related to a problem? Please describe.
Right now, the Ory Proxy has three main functions:
For the first two use cases we use Ory Oathkeeper'esque method of converting the Ory Kratos Session Cookie / Token to a JWT which contains the session information. Right now, this can be disabled with --no-jwt.
Additionally, there is an option which removes the HTTP Cookie Domain from the cookie. However, it is currently not possible to override the HTTP Cookie Domain!
Lastly we need to override:
return_to - which should point to the application.Describe the solution you'd like
Currently, the set up is a bit messy. It probably makes sense to split the proxy into two:
A possible proposal could thus look as such:
$ ory proxy <upstream/downstream>
$ ory bridge
The Ory Proxy could be very simplistic. Any incoming request is proxied to the upstream application and depending wether a session is included or not we set a JWT or not. Possible configuration options could be:
As such, this can be very simple:
$ ory proxy http://localhost:1234/
$ JWKS_URL=http|base64|https|file://... ory proxy http://localhost:1234/
The purpose of this command is to build a bridge between one's own env and Ory. This is necessary because we need to set up cookies to make it all work and fit together. There are three application types that could be addressed by this:
As the last one (native) does not need any cookies, the Ory Bridge will only target SPA and Server-Side apps.
The Ory CLI provides a command to manage fizz migrations. However, in most projects, we moved away from fizz migrations and are now writing plain SQL files containing the migration SQL commands.
This design doc aims to describe a set of commands to manage these SQL migrations in Ory projects.
The names of SQL migration files in Ory projects typically follow a set schema. These names contain information about the time of the creation of the migration, as well as some context about the content of the migration. The schema is YYYYMMDDHHmmSS000000_<name>.[engine.]up|down.sql
For example:
The migration 20220926173820000000_recovery_code.up.sql would be a migration created on the 26th, September 2022 at 17:38:20 (5:38:20 pm) and it contains SQL to create the table for recovery codes.
Additionally, the up part after the "name" of the migration indicates that the files contains the statements to execute the migration.
Each migration also consists of another down version that should contain the statements to "undo" the migration (where possible). This is needed in case the change needs to be reverted and the state before the change needs to be restored.
Optionally, in most Ory projects, migrations can also be written to target a specific database engine. This is done by adding its identifier (e.g. mysql, postgres, sqlite3 or cockroach) between the "name" of the migration, and it's "type" (up or down). So 20220926173820000000_recovery_code.mysql.up.sql would only target MySQL databases.
Goals:
Non-Goals:
Working with SQL migrations can be tedious and repetitive, so the SQL command should provide a set of commands to work with these migrations:
No response
No response
No response
No response
No response
Describe the bug
Trying to import modules, it fails when trying to get github.com/gobuffalo/pop. (This after I've changed the import of oleiade/reflections to use latest version.)
To Reproduce
~/ory/cli > go list -m -json all
verifying github.com/oleiade/[email protected]/go.mod: checksum mismatch
downloaded: h1:rdFxbxq4QXVZWj0F+e9jqjDkc7dbp97vkRixKo2JR60=
go.sum: h1:RbATFBbKYkVdqmSFtx13Bb/tVhR0lgOBXunWTZKeL4w=
~/ory/cli > grep -n 'github.com/oleiade/reflections' go.sum
1076:github.com/oleiade/reflections v1.0.0/go.mod h1:RbATFBbKYkVdqmSFtx13Bb/tVhR0lgOBXunWTZKeL4w=
~/ory/cli > sed -i '' '1076d' go.sum
~/ory/cli > go list -m -json all
go: github.com/ory/[email protected] requires
github.com/ory/[email protected] requires
github.com/gobuffalo/pop/[email protected]: invalid version: unknown revision e397a61c1704
Expected behavior
Dependencies should be downloaded and integrated.
Environment
Many Ory CLI commands take a --project flag, e.g. ory update relation-tuples --project <id>. Usually, I need to do ory list projects first to get the project id, then invoke the command that takes the project. This is cumbersome.
If I don't specify the project via the --project flag, instead of an error message I want a dropdown / select screen that helps me choose the project and then continues with the command.
Example:
$ ory update relation-tuples
> Someproject (slug: foo-bar-123)
Someotherproject (slug: bar-baz-456)
↑/↓ to navigate, ⏎ to select
Leave as is.
master/HEAD
--non-interactive flag and NON_INTERACTIVE environment variable that disables the interactive features.In the Ory CLI, it's currently not possible to use / set a default project. Instead you always need to specify the project:
ory get project <id>
It would be great if we could support (please make a proposal for naming this):
ory set use-project <id>
ory create project --use-project <id>
which then allow us to omit the project:
ory get project
ID: default id ...
We already have a field in the config that could save this
https://github.com/ory/x/blob/3272309dd24a3093e83fb6130429ace4b5b75359/cloudx/handler.go#L57
but it's not used yet.
No workarounds
No response
Apparently ls identities does not work with --project <slug> while other commands do.
% ory ls identities --project very-cool-slug
No project selected! Please use the flag --project to specify one.
No response
No response
master
No response
No response
Ory proxy seems to handle this correctly!
Right now it is only possible to address projects using the project ID. However, we would like to also make it possible to fetch the project by the project slug!
ory patch project my-awesome-slug ...
ory patch project 1234-1234-1234-1234 ...
It should be possible to do this with the slugs. One option is to list all the projects and store their IDs and slugs in the config and then use that for look up of slug -> id. This is the preferred option IMO.
Alternatively we can also add an API in the Ory Cloud APIs.
None
No response
To support the documentation, we need commands which open pages in the ory account experience:
ory open account-experience signup <optional-project-id>
ory open account-experience login <optional-project-id>
ory open account-experience settings <optional-project-id>
ory open account-experience recovery <optional-project-id>
ory open account-experience verification <optional-project-id>
See above
None
master
No response
The fork github.com/zepatrik/pop does not seem to contain revision ce05da9328cd.
git clone [email protected]:ory/cli.gitmake testexpected behavior: it installs some stuff and then runs the tests
actual behavior: the task aborts with this error message:
go test -p 1 -tags sqlite -count=1 -failfast ./...
go: downloading github.com/zepatrik/pop/v6 v6.0.0-20220519141323-ce05da9328cd
../../go/pkg/mod/github.com/ory/[email protected]/driver/registry_default.go:17:2: github.com/zepatrik/pop/[email protected]: invalid version: unknown revision ce05da9328cd
../../go/pkg/mod/github.com/ory/[email protected]/persistence/sql/persister.go:13:2: github.com/zepatrik/pop/[email protected]: invalid version: unknown revision ce05da9328cd
../../go/pkg/mod/github.com/ory/[email protected]/logrusx/helper.go:12:2: github.com/zepatrik/pop/[email protected]: invalid version: unknown revision ce05da9328cd
make: *** [Makefile:50: test] Error 1
No response
No response
master @ 9e593ae
Linux
No response
I verified that the commit is referenced here and doesn't exist in the clone. Strange that CI doesn't catch this.
Is your feature request related to a problem? Please describe.
The ory proxy commands require passing a valid ORY_ACCESS_TOKEN command. In the current state of the project, tokens have broad administrative rights and require handling as security-sensitive secrets.
Looking at the proxy code, this token is only used to retrieve the Ory Cloud project slug, which is not sensitive information (it is displayed in the email validation and password recovery emails you send).
Describe the solution you'd like
Similar to the React Native integration, the proxy should allow users to pass the project slug instead of a token. Either:
--project CLI flag, that will the used by proxy.getEndpointURL in lieu of calling remote.GetProjectSlug--api-endpoint flag to allow passing a full endpoint URL. This would also allow to remove the context-based hack introduced for the unit testsDescribe alternatives you've considered
If a token will be necessary for planned proxy features, an alternative would be to allow creating an unprivileged token class, that does not have administrative access to the identity database.
See above
No response
No response
master
No response
No response
No response
Similar to the Ory Proxy, we want to support an Ory Tunnel command which reverse-proxies Ory's APIs (similar to ory proxy) but does not proxy the application the users use themselves.
This is partially implemented already but needs tests:
https://github.com/ory/x/blob/53f15fc3a3124f9d28fe767e3abd954d46c2bb57/cloudx/cmd_tunnel.go
It also needs to be added to this CLI.
None
master
No response
Ory CLI responds with flag accessed but not defined: quiet when trying to ory update an OAuth client.
ory update client <client-id> --client-uri=<uri>. Actually it does not make sense which property you want to update, the bug will appear anyway.flag accessed but not defined: quiet❯ ory version
Version: v0.1.42
Git Hash: 7f518ee40b3131922497c9a211a34b2b64b41512
Build Time: 2022-09-30T14:17:47ZNo response
v0.1.42
Linux
Ory Cloud
No response
The ory proxy cannot set any CORS headers
Add flags / environment variables that could be used to set CORS or even setup standard CORS headers so that the user would only need to provide the origins. We already have support for this feature in ory/x and would only need to add the cli flags.
none
v0.1.28
No response
On Windows, it seems the proxy does not store the Kratos session correctly. This only happens on Windows and is not reproducible on Unix.
See this discussion on Slack:
https://ory-community.slack.com/archives/C02MR4DEEGH/p1638541123026800
/protected pageNo response
No response
v0.1.0
Windows
No response
No response
Running the given NPM, Brew or Docker install commands error out on my machine, m1 MacBook with macOS Monterey.
However the below Linux(?) script does work:
bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -b . ory
Run:
npm i --save @ory/cli
brew install ory/tap/cli
docker pull oryd/orynpm i --save @ory/cli
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm ERR! code 1
npm ERR! path /Users/jknlsn/node_modules/@ory/cli
npm ERR! command failed
npm ERR! command sh -c binwrap-install
npm ERR! ERR Error: Not Found: https://github.com/ory/cli/releases/download/v0.0.86/ory_0.0.86_macOS_64-bit.tar.gz
npm ERR! at Request._callback (/Users/jknlsn/node_modules/binwrap/binstall.js:60:18)
npm ERR! at Request.self.callback (/Users/jknlsn/node_modules/request/request.js:185:22)
npm ERR! at Request.emit (events.js:376:20)
npm ERR! at Request.<anonymous> (/Users/jknlsn/node_modules/request/request.js:1154:10)
npm ERR! at Request.emit (events.js:388:22)
npm ERR! at IncomingMessage.<anonymous> (/Users/jknlsn/node_modules/request/request.js:1076:12)
npm ERR! at Object.onceWrapper (events.js:482:28)
npm ERR! at IncomingMessage.emit (events.js:388:22)
npm ERR! at endReadableNT (internal/streams/readable.js:1336:12)
npm ERR! at processTicksAndRejections (internal/process/task_queues.js:82:21)
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/jknlsn/.npm/_logs/2021-12-09T12_26_53_437Z-debug.log
brew install ory/tap/cli
Running `brew update --preinstall`...
==> Auto-updated Homebrew!
Updated 4 taps (homebrew/cask-versions, homebrew/core, homebrew/cask and homebrew/services).
==> New Formulae
mist
==> Updated Formulae
Updated 40 formulae.
==> Updated Casks
Updated 39 casks.
==> Tapping ory/tap
Cloning into '/opt/homebrew/Library/Taps/ory/homebrew-tap'...
remote: Enumerating objects: 65, done.
remote: Counting objects: 100% (65/65), done.
remote: Compressing objects: 100% (65/65), done.
remote: Total 65 (delta 37), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (65/65), 15.93 KiB | 286.00 KiB/s, done.
Resolving deltas: 100% (37/37), done.
Error: Invalid formula: /opt/homebrew/Library/Taps/ory/homebrew-tap/hydra.rb
formulae require at least a URL
Error: Cannot tap ory/tap: invalid syntax in tap!
docker pull oryd/ory
Using default tag: latest
latest: Pulling from oryd/ory
no matching manifest for linux/arm64/v8 in the manifest list entriesNo response
0.1.0
macOS
Ory Cloud
Trying to download 0.1.0 and connect to deployed Ory Cloud environment
Is your feature request related to a problem? Please describe.
Initiating the logout flow is non-trivial as we need to redirect the user to a URL with a unique token to start the flow. Doing so is not described in the Cloud documentation, but from the Kratos documentation, it looks like one needs to request a logout token from Kratos, then build the logout URL from this token.
Describe the solution you'd like
Mirroring the other init endpoints, the proxy should provide a /.ory/init/logout endpoint that does the Kratos call and performs the http redirect to the right URL. This will make logout as easy as login (a simple static link).
Describe alternatives you've considered
N/A
Additional context
N/A
The Ory tunnel will now prompt the user about using the social sign in option like so:
ory tunnel http://localhost:3000 --project <slug> --dev
To support complex flows such as Social Sign In, the Ory CLI can configure your project automatically. To do so, you need to be signed in. Do you want to sign in? [y/n]:When using the flag --yes or -y on the command it doesn't confirm it and continue.
Run ory tunnel for the first time and the prompt will appear. Try skip it by adding the --yes flag:
ory tunnel http://localhost:3000 --project optimistic-turing-6cxufsm48m --dev --yes
To support complex flows such as Social Sign In, the Ory CLI can configure your project automatically. To do so, you need to be signed in. Do you want to sign in? [y/n]:No response
No response
v0.1.41
Linux
Ory Cloud
Reported on slack:
https://ory-community.slack.com/archives/C010F7Z4XM1/p1663858573933829
Right now a workaround could be for the user to pipe in the confirmation themselves:
sh -c "yes | ory tunnel http://localhost:3000/ --project <project-slug> --dev"I want to manage my Ory infrastructure as code, so I have a .jsonnet file that I use to update my project. However, the Ory update CLI doesn't natively offer using the output of another program (i.e. jsonnet) as its input.
Default to stdin if no file is given
$ jsonnet identity-config.jsonnet | ory update ic 12345678-abcdef
Alternatively, allow specifying it explicitly
$ jsonnet identity-config.jsonnet | ory update ic 12345678-abcdef -f -
This is what I'm currently doing, but it only works with ZSH
local TMPSUFFIX=.json
ory update ic 12345678-abcdef -f =(jsonnet identity-config.jsonnet)v0.1.41
No response
When I tried to update the Identity Service config with an unsupported value, I got an error message that was 960 lines long.
ory get identity-config XXXXX --format yaml > identity-config.yamlrequired_aal to aal2.ory update identity-config XXXXXXX --file identity-config.yamlThe request was malformed or contained invalid parameters
Unable to validate config: I[#] S[#/oneOf] oneOf failed
I[#] S[#/oneOf/0] validation failed
I[#] S[#/oneOf/0/allOf/0] allOf failed
I[#] S[#/oneOf/0/allOf/0/required] missing properties: "version"
I[#] S[#/oneOf/0/allOf/1] allOf failed
I[#] S[#/oneOf/0/allOf/1/$ref] doesn't validate with "static://ory.cloud.schema.json#"
I[#/session/whoami/required_aal] S[#/properties/session/properties/whoami/properties/required_aal/$ref] doesn't validate with "#/definitions/featureRequiredAal"
I[#/session/whoami/required_aal] S[#/definitions/featureRequiredAal/enum] value must be one of "aal1", "highest_available"
I[#] S[#/oneOf/1] validation failed
I[#] S[#/oneOf/1/allOf/0] allOf failed
I[#] S[#/oneOf/1/allOf/0/required] missing properties: "version"
and so on...No response
0.1.27
Ory Cloud
Ory Cloud
No response
The ory proxy can only host the application and ory on a singular domain. We need to proxy to also support sub domains and multiple of it. An example is we want to have an auth frontend that only handles the auth flows on auth.foobar.com but we also have another application running on app.foobar.com which actually does the business logic and would also need to communicate with Ory APIs.
For this to then work we would need to run multiple ory proxies in front of each application that will use Ory apis.
The ability to add multiple applications each on their own domain with one proxy instance.
None
v0.1.28
No response
Commands listing identities in a project got removed in 2ad0459. We should re-add it.
Install the CLI and try run ory identities list. The command will not exist.
No response
No response
latest
No response
No response
No response
Originally posted by Rodeoclash October 1, 2022
I might have missed a configuration option somewhere, but when performing an OIDC flow (in this case, a custom OIDC provider which is Xero) the callback path to the browser seems to be missing the .ory prefix.
Starting login flow
Selecting Xero
Auth success, but notice the URL is missing the .ory prefix
Manually updated the URL, everything works
Is this an edge case of local development, the ory proxy and social sign in? I can fix by setting up an automatic redirect in my code but was curious to know if I had misconfigured something.
ory patch permission-config e834d575-2f37-4482-903d-d6e789e91c8a \
--add '/namespaces/-={"id": 0, "name": "resources"}' \
--add '/namespaces/-={"id": 1, "name": "groups"}'
You are authenticated as: [email protected]
map[limit:map[] namespaces:[map[id:0 name:resources] map[id:1 name:groups]]]
Warnings were found.
- Configuration key `serve.*` can not be set and will be ignored.
- Configuration key `cookies.path` can not be set and will be ignored.
- Configuration key `cookies.domain` can not be set and will be ignored.
- Configuration key `session.cookie.domain` can not be set and will be ignored.
- Configuration key `session.cookie.name` can not be set and will be ignored.
- Configuration key `session.cookie.path` can not be set and will be ignored.
It is save to ignore these warnings unless your intention was to set these keys.produces unrelated warnings.
see above
No response
No response
v0.1.34
No response
No response
No response
No response
No response
master
No response
No response
No response
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.