{"id":25944407,"url":"https://github.com/Chistousov/ORY-Hydra-OAuth2.0-Example","last_synced_at":"2025-03-04T08:01:37.718Z","repository":{"id":189011440,"uuid":"679867524","full_name":"Chistousov/ORY-Hydra-OAuth2.0-Example","owner":"Chistousov","description":"ORY Hydra + Spring Boot 2 + Angular + PostgreSQL","archived":false,"fork":false,"pushed_at":"2023-12-26T18:59:16.000Z","size":7043,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2023-12-26T20:51:52.507Z","etag":null,"topics":["angular","buildpack","buildpacks","docker","docker-compose","junit","junit5","karma","nginx","ory-hydra","paketo-buildpack","reactive-programming","spring-boot","spring-security","testcontainers","webflux","webflux-security"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Chistousov.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2023-08-17T19:51:58.000Z","updated_at":"2023-12-25T16:53:08.000Z","dependencies_parsed_at":"2023-12-26T20:58:06.306Z","dependency_job_id":null,"html_url":"https://github.com/Chistousov/ORY-Hydra-OAuth2.0-Example","commit_stats":null,"previous_names":["chistousov/ory-hydra-oauth2.0-example"],"tags_count":0,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chistousov%2FORY-Hydra-OAuth2.0-Example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chistousov%2FORY-Hydra-OAuth2.0-Example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chistousov%2FORY-Hydra-OAuth2.0-Example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chistousov%2FORY-Hydra-OAuth2.0-Example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Chistousov","download_url":"https://codeload.github.com/Chistousov/ORY-Hydra-OAuth2.0-Example/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241809603,"owners_count":20023786,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["angular","buildpack","buildpacks","docker","docker-compose","junit","junit5","karma","nginx","ory-hydra","paketo-buildpack","reactive-programming","spring-boot","spring-security","testcontainers","webflux","webflux-security"],"created_at":"2025-03-04T08:01:25.103Z","updated_at":"2025-03-04T08:01:37.676Z","avatar_url":"https://github.com/Chistousov.png","language":"Java","funding_links":[],"categories":["Examples"],"sub_categories":["Ory Hydra"],"readme":"# **ORY Hydra OAuth2 Example**\n\n[Русский язык](README_RUS.md)\n\n## Description\n\nExample implementation of [OAuth 2.0 Authorization Code with PKCE](https://www.ory.sh/docs/oauth2-oidc/authorization-code-flow) using [ORY Hydra](https://www.ory.sh/hydra/).\n\nLogin Flow and Consent Flow are implemented using Spring boot 2(Java 11, WebFlux), Angular 17, PostgreSQL 15.\n\nEverything has been tested: Karma, JUnit 5, Testcontainers.\n\n## How to build example Login Flow Wrapper, Consent Flow Wrapper,  OAuth 2.0 Client(s), OAuth 2.0 Resource Server\n\nLet's take Login Flow and Consent Flow Wrapper as an example.\n\n### Build Frontend\n\npath:\n\n```bash\ncd ory_hydra_oauth2_example_authorization_server/authorization/authorization-frontend/\n```\n\nIf you need to perform testing (Karma), then:\n\n```bash\ncd ory_hydra_oauth2_example_authorization_server/authorization/authorization-frontend/ \u0026\u0026 \\\nnpm i \u0026\u0026 \\\nbash test_and_report.bash\n```\n\nIf you need to find out the code coverage of tests, then you need to open the following through the browser:\n\n```text\nory_hydra_oauth2_example_authorization_server/authorization/authorization-frontend/coverage/authorization-frontend/index.html\n```\n\nTo build a docker image, do the following (ATTENTION! You must install pack. The instructions are inside build_image.bash):\n\n```bash\n\n# install pack\n# https://buildpacks.io/docs/tools/pack/#linux-script-install\n# (curl -sSL \"https://github.com/buildpacks/pack/releases/download/v0.29.0/pack-v0.29.0-linux.tgz\" | sudo tar -C /usr/local/bin/ --no-same-owner -xzv pack)\n\ncd ory_hydra_oauth2_example_authorization_server/authorization/authorization-frontend/ \u0026\u0026 \\\nbash build_image.bash\n```\n\n### Build Backend\n\npath:\n\n```bash\ncd ory_hydra_oauth2_example_authorization_server/authorization/authorization-backend/\n```\n\nIf you need to perform testing (JUnit 5), then (**ATTENTION!** Since Testcontainers is used for testing, you must have rights to run docker (sudo usermod -aG docker \\[user\\])):\n\n```bash\ncd ory_hydra_oauth2_example_authorization_server/authorization/authorization-backend/ \u0026\u0026 \\\n./gradlew -v \u0026\u0026 \\\nbash test_and_report.bash\n```\n\nIf you need to find out the code coverage of tests (JaCoCo), then you need to open the following in the browser:\n\n```text\nory_hydra_oauth2_example_authorization_server/authorization/authorization-backend/build/reports/jacoco/test/html/index.html\n```\n\nTo build a docker image, do the following:\n\n```bash\ncd ory_hydra_oauth2_example_authorization_server/authorization/authorization-backend/ \u0026\u0026 \\\nbash build_image.bash\n```\n\n### Proxy\n\n#### Docker (Debian)\n\n```bash\nmkdir -p /etc/systemd/system/docker.service.d\n\n# set proxy\ncat \u003e /etc/systemd/system/docker.service.d/http-proxy.conf \u003c\u003c-EOF\n[Service]\nEnvironment=\"HTTP_PROXY=http://proxyuser:proxypass@192.168.20.4:8822/\"\nEnvironment=\"HTTPS_PROXY=http://proxyuser:proxypass@192.168.20.4:8822/\"\nEnvironment=\"NO_PROXY=localhost,127.0.0.1\"\nEOF\n\n# restart docker\nsudo systemctl daemon-reload\nsudo systemctl restart docker\n\n# check\nsystemctl show --property=Environment docker\n\n```\n\n#### APT (Docker image)\n\nIf you need to specify a proxy server (see ory_hydra_oauth2_example_authorization_server/authorization/authorization-frontend/build_image.bash or ory_hydra_oauth2_example_authorization_server/authorization/authorization-backend/build_image.bash), then uncomment HTTP_PROXY (HTTPS_PROXY or/and NO_PROXY) and edit HTTP_PROXY ( HTTPS_PROXY or/and NO_PROXY)\n\n```bash\n #!/bin/bash\n\nexport HTTP_PROXY=\"http://proxyuser:proxypass@192.168.20.4:8822/\"\nexport HTTPS_PROXY=\"http://proxyuser:proxypass@192.168.20.4:8822/\"\nexport NO_PROXY=\"localhost,127.0.0.1\"\n\nREPO_IMAGE=\"chistousov\"\n...\n\n```\n\n## Example\n\n![ory-hydra-oauth2-example](ory-hydra-oauth2-example.png)\n\n4 Debian:\n| Type                                           | DNS, Hostname             | IP            |\n| -------------                                  | -------------             | ------------- |\n| OAuth 2.0 Authorization Server                 | authorization-server.com  | 192.168.0.101 |\n| OAuth 2.0 Client (Readonly)                    | client-readonly.com       | 192.168.0.102 |\n| OAuth 2.0 Client (Write and read)              | client-write-and-read.com | 192.168.0.103 |\n| OAuth 2.0 Resource Server                      | resource-server.com       | 192.168.0.104 |\n\nRequires openssl, jq (apt install jq), htpasswd (apt install apache2-utils), envsubst to run start.bash.\n\nRequired on remote servers: Docker, Docker Compose (V3)\n\nWe organize ssh and coordinate the settings with the .env file\n```bash\n# ------------------!!!EDIT!!!----------------\n\nIP_AUTHORIZATION_SERVER=192.168.0.101\nIP_RESOURCE_SERVER=192.168.0.104\nIP_CLIENT_READONLY=192.168.0.102\nIP_CLIENT_WRITE_AND_READ=192.168.0.103\n\nDNS_AUTHORIZATION_SERVER=authorization-server.com\nDNS_RESOURCE_SERVER=resource-server.com\nDNS_CLIENT_READONLY=client-readonly.com\nDNS_CLIENT_WRITE_AND_READ=client-write-and-read.com\n\nUSER_AUTHORIZATION_SERVER=someuser\nUSER_RESOURCE_SERVER=someuser\nUSER_CLIENT_READONLY=someuser\nUSER_CLIENT_WRITE_AND_READ=someuser\n\nUSER_DATA_POSTGRESQL_PASSWORD=cklGS7BNMT6Io9Yd8FKzg4ZmWLXjQnA24JbXNHbG\n\nHYDRA_POSTGRESQL_PASSWORD=7pj3gK8arVwk6A1BbUD2XysfIYmKdEk0DL8BMRNx\n\nHYDRA_SECRETS_COOKIE=OT9Z8I2NcBp01rP4FwQG7JEt6nuXeJ0BDpf4Bjwc\nHYDRA_SECRETS_SYSTEM=cIsKS4VzJCDpXlwm2PNTb7v60GHh1iEYZPiiPpRS\n    \nHYDRA_INTROSPECT_USER=user_introspect\nHYDRA_INTROSPECT_PASSWORD=hUq7Mw3fr4lFjnHQtoJucgDdAV58NbAOvuGN2OfB\n\n# ------------------------------------------\n\n```\n\nTo find out the IP address you can run ***ip a***.\n\n**WARNING!** Users USER_AUTHORIZATION_SERVER, USER_RESOURCE_SERVER, USER_CLIENT_READONLY and USER_CLIENT_WRITE_AND_READ must be allowed to run docker compose (V3) (sudo usermod -aG docker \\[user\\]).\n\nWe run the script to configure four servers:\n```bash\nbash start.bash\n```\n\n### Checking\n\nOn the Resource Owner computer, DESCRIBE IP ADDRESSES IN THE FILE /etc/hosts (Linux).\n\n```bash\n# Let's say\n#DNS_AUTHORIZATION_SERVER=authorization-server.com\n#DNS_RESOURCE_SERVER=resource-server.com\n#DNS_CLIENT_READONLY=client-readonly.com\n#DNS_CLIENT_WRITE_AND_READ=client-write-and-read.com\n\necho '192.168.0.101 authorization-server.com' \u003e\u003e /etc/hosts\necho '192.168.0.102 client-readonly.com' \u003e\u003e /etc/hosts\necho '192.168.0.103 client-write-and-read.com' \u003e\u003e /etc/hosts\necho '192.168.0.104 resource-server.com' \u003e\u003e /etc/hosts\n# check\nping authorization-server.com\nping client-readonly.com\nping client-write-and-read.com\nping resource-server.com\n```\n\n0. Register Resource Owner \u003chttps://authorization-server.com/registration\u003e.\n1. Go to \u003chttps://client-readonly.com\u003e.\n2. Since the user is not logged in, the user is redirected to \u003chttps://authorization-server.com/login\u003e (Login Flow, authentication), then to \u003chttps://authorization-server.com/consent\u003e (Consent Flow, authorization).\n3. Next, the user is taken back to \u003chttps://client-readonly.com\u003e.\n4. To receive data, OAuth 2.0 Client (Readonly) contacts \u003chttps://resource-server.com\u003e with an access token.\n\n\n### Stop\n\nStopping containers that save data (volume).\n\n```bash\nbash stop.bash\n```\n\n### Stop and clean\n\nWe stop the containers and delete all data (volume).\n\n```bash\nbash stop_and_clean.bash\n```\n\n\n## Creators\n\nNikita Konstantinovich Chistousov\n\n\u003cchistousov.nik@yandex.ru\u003e\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FChistousov%2FORY-Hydra-OAuth2.0-Example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FChistousov%2FORY-Hydra-OAuth2.0-Example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FChistousov%2FORY-Hydra-OAuth2.0-Example/lists"}