Coder Social home page Coder Social logo

tangit86 / kratos-selfservice-ui-node Goto Github PK

View Code? Open in Web Editor NEW

This project forked from ory/kratos-selfservice-ui-node

0.0 0.0 0.0 1.65 MB

License: Apache License 2.0

Shell 0.56% JavaScript 0.28% TypeScript 82.72% CSS 5.59% Makefile 2.18% Handlebars 8.02% Dockerfile 0.66%

kratos-selfservice-ui-node's Introduction

Ory Kratos NodeJS / ExpressJS User Interface Reference Implementation

tests

This repository contains a reference implementation for Ory Kratos' in NodeJS / ExpressJS / Handlebars / NextJS. It implements all Ory Kratos flows (login, registration, account settings, account recovery, account verification).

If you only want to add authentication to your app, and not customize the login, registration, account recovery, ... screens, please check out the Ory Kratos Quickstart.

Configuration

Below is a list of environment variables required by the Express.js service to function properly.

In a local development run of the service using npm run start, some of these values will be set by nodemon and is configured by the nodemon.json file.

When using this UI with an Ory Network project, you can use ORY_SDK_URL instead of KRATOS_PUBLIC_URL and HYDRA_ADMIN_URL.

Ory Identities requires the following variables to be set:

  • ORY_SDK_URL or KRATOS_PUBLIC_URL (required): The URL where ORY Kratos's Public API is located at. If this app and ORY Kratos are running in the same private network, this should be the private network address (e.g. kratos-public.svc.cluster.local).
  • KRATOS_BROWSER_URL (optional) The browser accessible URL where ORY Kratos's public API is located, only needed if it differs from KRATOS_PUBLIC_URL

Ory OAuth2 requires more setup to get CSRF cookies on the /consent endpoint.

  • ORY_SDK_URL or HYDRA_ADMIN_URL (optional): The URL where Ory Hydra's Public API is located at. If this app and Ory Hydra are running in the same private network, this should be the private network address (e.g. hydra-admin.svc.cluster.local)
  • COOKIE_SECRET (required): Required for signing cookies. Must be a string with at least 8 alphanumerical characters.
  • CSRF_COOKIE_NAME (required): Change the cookie name to match your domain using the __HOST-example.com-x-csrf-token format.
  • CSRF_COOKIE_SECRET (optional): Required for the Consent route to set a CSRF cookie with a hashed value. The value must be a string with at least 8 alphanumerical characters.
  • REMEMBER_CONSENT_SESSION_FOR_SECONDS (optional): Sets the remember_for value of the accept consent request in seconds. The default is 3600 seconds.
  • ORY_ADMIN_API_TOKEN (optional): When using with an Ory Network project, you should add the ORY_ADMIN_API_TOKEN for OAuth2 Consent flows.
  • DANGEROUSLY_DISABLE_SECURE_CSRF_COOKIES (optional) This environment variables should only be used in local development when you do not have HTTPS setup. This sets the CSRF cookies to secure: false, required for running locally. When using this setting, you must also set CSRF_COOKIE_NAME to a name without the __Host- prefix.
  • TRUSTED_CLIENT_IDS (optional): A list of trusted client ids. They can be set to skip the consent screen.

Getting TLS working:

  • TLS_CERT_PATH (optional): Path to certificate file. Should be set up together with TLS_KEY_PATH to enable HTTPS.
  • TLS_KEY_PATH (optional): Path to key file Should be set up together with TLS_CERT_PATH to enable HTTPS.

This is the easiest mode as it requires no additional set up. This app runs on port :4455 and ORY Kratos KRATOS_PUBLIC_URL URL.

This mode relies on the browser's ability to send cookies regardless of the port. Cookies set for 127.0.0.1:4433 will thus also be sent when requesting 127.0.0.1:4455. For environments where applications run on separate subdomains, check out Multi-Domain Cookies

To authenticate incoming requests, this app uses ORY Kratos' whoami API to check whether the session is valid or not.

Base Path

There are two ways of serving this application under a base path:

  1. Let Express.js handle the routing by setting the BASE_PATH environment variable to the sub-path, e.g. /myapp.
  2. Use a reverse proxy or API gateway to strip the path prefix.

The second approach is not always possible, especially when running the application on a serverless environment. In this case, the first approach is recommended.

Development

To run this app with dummy data and no real connection to ORY Kratos, use:

NODE_ENV=stub npm start

If you would like to also generate fake data for the id_token, please set the environment varialbe export CONFORMITY_FAKE_CLAIMS=1

Test with ORY Kratos

The easiest way to test this app with a local installation of ORY Kratos is to have the ORY Kratos Quickstart running. This is what that would look like:

# start the quickstart using docker compose as explained in the tutorial: https://www.ory.sh/kratos/docs/quickstart/
export KRATOS_PUBLIC_URL=http://127.0.0.1:4433/
export PORT=4455

# In ORY Kratos run the quickstart:
#
#   make quickstart-dev
#
# Next you need to kill the docker container that runs this app in order to free the ports:
#
#   docker kill kratos_kratos-selfservice-ui-node_1

npm start

Update TypeScript SDK

If you've made changes to the ORY Kratos API you may want to manually generate the TypeScript SDK in order for URLs and payloads to work as expected. It is expected that you start this guide from this project's root, wherever you checked it out. You also need to have the openapi-generator installed.

# Set path to kratos:
export KRATOS_DIR=/path/to/kratos
make build-sdk

Building the Docker Image

# Set path to kratos:
export KRATOS_DIR=/path/to/kratos
make build-sdk-docker

Clean up

make clean-sdk

kratos-selfservice-ui-node's People

Contributors

aeneasr avatar benehiko avatar zepatrik avatar kevgo avatar dependabot[bot] avatar jonas-jonas avatar afreakk avatar mszekiel avatar hperl avatar jorgagu avatar grantzvolsky avatar programmador avatar harnash avatar kmherrmann avatar jerryc05 avatar guillett avatar sbussard avatar spg avatar vkiller avatar santicolu avatar supercairos avatar nickufer avatar archived-m avatar joshuakfarrar avatar jfcurran avatar davyjohnes avatar nipsufn avatar enricovogt avatar christian-roggia avatar alnr avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.