Check this reference hydra 5min-tutorial, to install hydra, take the Docker way as example. Fix the quickstart.yml file as follows in environment part, the URL values is just step2 corresponding url, pay attention the leading blank characters, it is yml file.
- URLS_CONSENT=http://localhost:8086/consent
- URLS_LOGIN=http://localhost:8086/login
- URLS_LOGOUT=http://localhost:8086/logout
execute this command to start the hydra server:
docker-compose -f quickstart.yml \
-f quickstart-postgres.yml \
-f quickstart-tracing.yml \
up --build
Try to get response from this public url http://127.0.0.1:4444/.well-known/openid-configuration in order to confirm that hydra server is up and running.
The hydra server corresponding url example:
oauth2.admin_url=http://127.0.0.1:4445
oauth2.public_url=http://127.0.0.1:4444
The props should contain the follow settings:
## if login_with_hydra set to true, all other props must not be empty
login_with_hydra=true
# hydra server urls
hydra_public_url=http://127.0.0.1:4444
hydra_admin_url=http://127.0.0.1:4445
# Consent names
hydra_consents=ReadAccountsBasic,ReadAccountsDetail,ReadBalances,ReadTransactionsBasic,ReadTransactionsDebits,ReadTransactionsDetail
## check the oauth2.jwk_set.url props, it must contains jwks.json that locate in ${hydra_public_url}/.well-known/jwks.json
##oauth2.jwk_set.url=http://localhost:4444/.well-known/jwks.json,https://www.googleapis.com/oauth2/v3/certs
## whether create hydra client when create consumer, default is false
mirror_consumer_in_hydra=true
The obp-api server url example: http://localhost:8080
Login obp-api portal, create one consumer for project OBP-Hydra-Identity-Provider
The consumer_key example: yp5tgl0thzjj1jk0sobqljpxyo514dsjvxoe1ngy
execute command: mvn clean package
generate jar file in target folder: hydra-identity-provider-xxx.jar
Create application.properties file, and content as follows:
# server port number
server.port=8086
# rename the JSESSIONID cookie name, avoid local deploy other springboot instance that cause instances share the same JSESSIONID
server.servlet.session.cookie.name=IDENTITY_PROVIDER_SESSION
logging.level.com.openbankproject=DEBUG
spring.thymeleaf.encoding=UTF-8
spring.thymeleaf.servlet.content-type=text/html;
# obp-api server url
obp.base_url=http://localhost:8080
## obp endpoint path prefix
endpoint.path.prefix=${obp.base_url}/mx-open-finance/v0.0.1
# hydra server admin urls
oauth2.admin_url=http://127.0.0.1:4445
# when verify consentId and bankId, need an authenticated user, it can be any available user
identity_provider.user.username=Cliente_uno
identity_provider.user.password=publicuserslongpass
# set consumer_key that generate in 1 step
consumer_key=yp5tgl0thzjj1jk0sobqljpxyo514dsjvxoe1ngy
# MTLS related, config keystore and truststore
## keystore and truststore files can be local files or web resources, as example:
mtls.keyStore.path=file:///Users/<some path>/cert/user.jks
#mtls.keyStore.path=http://<some domain>/user.jks
mtls.keyStore.password=<keystore password>
mtls.trustStore.path=file:///Users/<some path>/cert/ofpilot.jks
#mtls.trustStore.path=http://<some domain>/ofpilot.jks
mtls.trustStore.password=<truststore password>
make the application.properties file in the same folder with hydra-identity-provider-xxx.jar
execute command to start this project: java -jar hydra-identity-provider-xxx.jar
So the project running on http://localhost:8086
4. Deploy demo project obp-hydra-auth2: OBP-Hydra-OAuth2
execute command: mvn clean package
generate jar file in target folder: obp-hydra-auth2-xxx.jar
create file application.properties, and the content as follows:
# server port number
server.port=8081
logging.level.com.openbankproject=DEBUG
# hydra server public urls
oauth2.public_url=http://127.0.0.1:4444
# obp-api server url
obp.base_url=http://localhost:8080
## obp endpoint path prefix
endpoint.path.prefix=${obp.base_url}/mx-open-finance/v0.0.1
# MTLS related, config keystore and truststore
## keystore and truststore files can be local files or web resources, as example:
mtls.keyStore.path=file:///Users/<some path>/cert/user.jks
#mtls.keyStore.path=http://<some domain>/user.jks
mtls.keyStore.password=<keystore password>
mtls.trustStore.path=file:///Users/<some path>/cert/ofpilot.jks
#mtls.trustStore.path=http://<some domain>/ofpilot.jks
mtls.trustStore.password=<truststore password>
# create one consumer, and copy OAuth2 information past here:
oauth2.client_id=z3xh2jrf4y2t3h0th0jbs0fs54zg1wqffoupexwy
oauth2.client_secret=1qxhj0uz3b5kvypi1lstqvfwysiyezuusdidxxih
oauth2.redirect_uri=http://127.0.0.1:8081/main.html
oauth2.client_scope=ReadAccountsBasic,\
ReadAccountsDetail,\
ReadBalances,\
ReadTransactionsBasic,\
ReadTransactionsDebits,\
ReadTransactionsDetail
make the application.properties file in the same folder obp-hydra-auth2-xxx.jar
execute command to start this project: java -jar obp-hydra-auth2-xxx.jar
So the project running on http://localhost:8081