I have installed Hydra following the instructions here in a remote VM (say XYZ).
It seems while installing hydra server the issuer URL always has to be ‘Https’ but the consent URL always has to be ‘Http’.
My consent URL is http://XYZ:9020/consent
After completing all the installations and trying the sample OAuth2 flow I find that the redirect or callback URL has to be Https again. If I get Http, I get error while trying out the flow. With Https, I can complete the flow but the final step when the token is forwarded to the hyder server from consent fails in the browser saying that “Https not supported”.
Here is the command, I am using to for the token flow:
hydra token user --skip-tls-verify --auth-url https://XYZ:9000/oauth2/auth --token-url https://hydra:4444/oauth2/token --id some-consumer-new --secret consumer-secret --scopes openid,offline,hydra.clients --redirect https://XYZ:9010/callback
In the above command, auth URL has to be https and the redirect URL also to be https, otherwise I get error. But when the flow complete and the redirect URL is invoked to send the access token, it doesn’t work with https. If I manually change the Https to http it works.
Any help appreciated…