Strip /identity (#2961)

* Strip /identity * Updated MS secret --------- Co-authored-by: Carlos Cano <carlos@alkem.io>
alkem-io · Jul 3, 2023 · 65d4a1c · 65d4a1c
1 parent 73fcce5
commit 65d4a1c
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 25 deletions.
diff --git a/.build/ory/kratos/kratos.yml b/.build/ory/kratos/kratos.yml
@@ -4,7 +4,7 @@ dsn: memory
 
 serve:
   public:
-    base_url: http://localhost:3000/identity/ory/kratos/public
+    base_url: http://localhost:3000/ory/kratos/public
     cors:
       enabled: true
   admin:
@@ -36,7 +36,7 @@ selfservice:
           - id: microsoft # this is `<provider-id>` in the Authorization callback URL. DO NOT CHANGE IT ONCE SET!
             provider: microsoft
             client_id: 1045418f-c674-44d5-808c-060922be5a4a # This is the the Application (client) ID from the App Registration
-            client_secret: yKv8Q~m6jFjd8jD.pmkdySek7tvbvmk9msr-CdxX # This is the generated Secret value from the App Registration
+            client_secret: OPH8Q~PV8~N1y-21idQq2hIKU5q0aOcnME1cRcg~ # This is the generated Secret value from the App Registration
             microsoft_tenant: d7cd650f-6063-4276-8982-07e68da3c582 # This allows you to select the tenant.
             mapper_url: file:///etc/config/kratos/oidc/oidc.microsoft.jsonnet
             # Alternatively, use an URL:
@@ -47,45 +47,45 @@ selfservice:
 
   flows:
     error:
-      ui_url: http://localhost:3000/identity/error
+      ui_url: http://localhost:3000/error
 
     settings:
-      ui_url: http://localhost:3000/identity/settings
+      ui_url: http://localhost:3000/settings
       privileged_session_max_age: 15m
       after:
         default_browser_return_url: http://localhost:3000/profile
 
     recovery:
       enabled: true
-      ui_url: http://localhost:3000/identity/recovery
+      ui_url: http://localhost:3000/recovery
       after:
         default_browser_return_url: http://localhost:3000/profile
 
     verification:
       enabled: true
-      ui_url: http://localhost:3000/identity/verify
+      ui_url: http://localhost:3000/verify
       after:
-        default_browser_return_url: http://localhost:3000/identity/verify/success
+        default_browser_return_url: http://localhost:3000/verify/success
 
     logout:
       after:
         default_browser_return_url: http://localhost:3000
 
     login:
-      ui_url: http://localhost:3000/identity/login
+      ui_url: http://localhost:3000/login
       lifespan: 10m
       after:
-        default_browser_return_url: http://localhost:3000/identity/login/success
+        default_browser_return_url: http://localhost:3000/login/success
         password:
           hooks:
             - hook: require_verified_address
 
     registration:
       lifespan: 10m
-      ui_url: http://localhost:3000/identity/registration
+      ui_url: http://localhost:3000/registration
       after:
         password:
-          default_browser_return_url: http://localhost:3000/identity/registration/success
+          default_browser_return_url: http://localhost:3000/registration/success
         oidc:
           hooks:
             - hook: session

diff --git a/.build/ory/oathkeeper/access-rules.yml b/.build/ory/oathkeeper/access-rules.yml
@@ -17,7 +17,7 @@
   errors:
     - handler: redirect
       config:
-        to: http://localhost:3000/identity/login
+        to: http://localhost:3000/login
         when:
           - error:
               - unauthorized

diff --git a/.build/ory/oathkeeper/oathkeeper.yml b/.build/ory/oathkeeper/oathkeeper.yml
@@ -31,7 +31,7 @@ errors:
     redirect:
       enabled: true
       config:
-        to: http://localhost:3000/identity/login
+        to: http://localhost:3000/login
         when:
           - error:
               - unauthorized

diff --git a/.build/traefik/http.yml b/.build/traefik/http.yml
@@ -87,13 +87,13 @@ http:
     strip-kratos-prefix:
       stripPrefix:
         prefixes:
-          - /identity/ory/kratos
+          - /ory/kratos
         forceSlash: false
 
     strip-kratos-public-prefix:
       stripPrefix:
         prefixes:
-          - /identity/ory/kratos/public
+          - /ory/kratos/public
         forceSlash: false
 
     strip-oathkeeper-jwks-prefix:
@@ -158,15 +158,15 @@ http:
         - 'web'
 
     kratos-public:
-      rule: 'PathPrefix(`/identity/ory/kratos/public`)'
+      rule: 'PathPrefix(`/ory/kratos/public`)'
       service: 'kratos-public'
       middlewares:
         - strip-kratos-public-prefix
       entryPoints:
         - 'web'
 
     kratos-admin:
-      rule: 'PathPrefix(`/identity/ory/kratos/admin`)'
+      rule: 'PathPrefix(`/ory/kratos/admin`)'
       service: 'kratos-admin'
       middlewares:
         - strip-kratos-prefix

diff --git a/alkemio.yml b/alkemio.yml
@@ -165,15 +165,15 @@ identity:
         jwks_uri: ${AUTH_ORY_KRATOS_JWKS_URI}:http://localhost:3000/jwks/.well-known/jwks.json
 
         # Ory Kratos Base Public URL. It is used as prefix for all Kratos flows.
-        # Locally, Kratos Public API works on http://localhost:3000/identity/ory/kratos/public and by default in k8s it works on https://[HOST]/identity/ory/kratos/public
+        # Locally, Kratos Public API works on http://localhost:3000/ory/kratos/public and by default in k8s it works on https://[HOST]/ory/kratos/public
         # NB: The default kratos.yml config defines the selfservice endpoints with base address http://localhost:3000/identity.
         # That is used as there is a reverse proxy in front of the Alkemio Web Client that forwards the calls to the Kratos Public URL.
-        # You can check the currently logged in user at http://localhost:3000/identity/ory/kratos/public/sessions/whoami.
-        kratos_public_base_url: ${AUTH_ORY_KRATOS_PUBLIC_BASE_URL}:http://localhost:3000/identity/ory/kratos/public
+        # You can check the currently logged in user at http://localhost:3000/ory/kratos/public/sessions/whoami.
+        kratos_public_base_url: ${AUTH_ORY_KRATOS_PUBLIC_BASE_URL}:http://localhost:3000/ory/kratos/public
 
         # Ory Kratos URL for usage by the Alkemio server when inside a cluster.
-        kratos_public_base_url_server: ${AUTH_ORY_KRATOS_PUBLIC_BASE_URL_SERVER}:http://localhost:3000/identity/ory/kratos/public
-        kratos_admin_base_url_server: ${AUTH_ORY_KRATOS_ADMIN_BASE_URL_SERVER}:http://localhost:3000/identity/ory/kratos
+        kratos_public_base_url_server: ${AUTH_ORY_KRATOS_PUBLIC_BASE_URL_SERVER}:http://localhost:3000/ory/kratos/public
+        kratos_admin_base_url_server: ${AUTH_ORY_KRATOS_ADMIN_BASE_URL_SERVER}:http://localhost:3000/ory/kratos
 
         # session can't be extended until *earliest_possible_extend* **hours** before it expires
         # default is 24

diff --git a/docs/Developing.md b/docs/Developing.md
@@ -62,7 +62,7 @@ Login with demo auth provider and extract the access token:
 ```bash
 actionUrl=$(\
     curl -s -X GET -H "Accept: application/json" \
-    "http://localhost:3000/identity/ory/kratos/public/self-service/login/api" \
+    "http://localhost:3000/ory/kratos/public/self-service/login/api" \
     | jq -r '.ui.action'\
     )
 sessionToken=$(\
@@ -72,8 +72,6 @@ curl -s -X POST -H  "Accept: application/json" -H "Content-Type: application/jso
     )
 ```
 
-
-
 You can test (assuming default endpoint configuration) creating a file and then uploading it with the following CURL request:
 
 ```bash