Ory#28
Open
philpotisk wants to merge 5 commits into
Open
Conversation
Two critical fixes for remote system deployment: 1. **Fixed superadmin creation endpoint URL** - Changed from org-scoped URL to base URL - Was using: https://org.domain.com/v1/superadmin/create-by-token (404) - Now uses: https://domain.com/v1/superadmin/create-by-token (works) - The superadmin endpoint is NOT organization-scoped 2. **Added self-signed certificate support** - Created walt-insecure.sh wrapper script - Sets NODE_TLS_REJECT_UNAUTHORIZED=0 - Added comprehensive documentation in README - Three solutions: wrapper script, env var, or install CA cert Changes: - cli/src/commands/system.ts: Use buildBaseUrl instead of buildOrgUrl - cli/walt-insecure.sh: New wrapper for self-signed cert systems - cli/README.md: Added "Self-Signed Certificates" section Usage for remote systems with self-signed certs: NODE_TLS_REJECT_UNAUTHORIZED=0 \ ADMIN_EMAIL=admin@example.com \ ADMIN_PASSWORD=*** \ BASE_URL=https://remote-system.example.com \ npx tsx walt.ts --setup-all Tested against feature-wal-1039.enterprise.test.waltid.cloud
Add a new CLI command to create the OIDC Bridge service for Ory Hydra integration. This command: - Creates the oidc-bridge service with proper DC API verification setup - Uses flow_type discriminator and NONE transform (fixes serialization errors) - Supports environment variables for client configuration: - OIDC_BRIDGE_CLIENT_ID (default: ory-login-consent-app) - OIDC_BRIDGE_CLIENT_SECRET (default: ory-login-consent-secret) - OIDC_BRIDGE_REDIRECT_URI (default: http://login-app.localhost:3001/login/oidc-callback) - Configures DC API with signed_request, encrypted_response, and expectedOrigins Usage: npx tsx walt.ts --setup-login npx tsx walt.ts --setup-create-oidc-bridge Related: Addresses issues documented in OIDC-BRIDGE-GUIDE.md
The ory branch config doesn't have iamBridgeIssuerUrl property. Use ctx.orgBaseUrl which is already properly constructed with protocol and port.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.