Hello everyone 
I’m trying to setup hydra for a simple Identity Provider application.
I read the documentation and I’m not sure to understand everything
I have setup hydra with docker compose:
version: '3'
services:
oauth2:
image: oryd/hydra:v0.9.10-http
ports:
- "4444:4444"
environment:
- DATABASE_URL=memory
- ISSUER=https://localhost:4444/
- CONSENT_URL=http://localhost:8080/consent
- SYSTEM_SECRET=jf89-jgklAS9gk3rkAF90dfsk
- FORCE_ROOT_CLIENT_CREDENTIALS=admin:abcdefghijklmnopqrstuvwxyz
Once the container is set up, as explained in the “Secure Consent App”, I use the command line client to create a client and a policy:
{
"id": "consent_app",
"client_secret": "some_super_secret_key",
"client_name": "consent",
"redirect_uris": ["http://localhost:8080/callback"],
"grant_types": [
"client_credentials"
],
"response_types": [
"token"
],
"scope": "hydra.keys.get"
}
And for the policy:
{
"actions": [
"get"
] ,
"conditions": {},
"description": "Allow consent app to access hydra's keys" ,
"effect": "allow" ,
"id": "consent_keys" ,
"resources": [
"rn:hydra:keys:hydra.consent.challenge:public",
"rn:hydra:keys:hydra.consent.response:private"
] ,
"subjects": [
"consent_app"
]
}
Then I trigger a request to create a challenge: http://localhost:4444/oauth2/auth?response_type=code&client_id=consent_app&redirect_uri=http://localhost:8080/callback&scope=read&state=1234567890
I’m called back on my server to try to solve the challenge
I need to retrieve the key to check the signature of the token
As explained in the documentation, I should find this information here: http://localhost:4444/keys/hydra.openid.id-token/public
But Impossible to retrieve something as Hydra is crashing:
" request=&{rn:hydra:keys:hydra.openid.id-token:public get map[]}
oauth2_1 | time="2017-06-29T18:51:25Z" level=info msg="Access denied" error="Request was denied by default: The request is not allowed" reason="The policy decision point denied the request" request=&{rn:hydra:keys:hydra.openid.id-token:public get map[]} subject=
oauth2_1 | time="2017-06-29T18:51:25Z" level=error msg="An error occurred while handling a request" code=500 details=[] error="Request was denied by default: The request is not allowed" reason= request-id= status= trace="Stack trace:
oauth2_1 | github.com/ory/hydra/warden.(*LocalWarden).isAllowed
oauth2_1 | /go/src/github.com/ory/hydra/warden/warden_local.go:127
oauth2_1 | github.com/ory/hydra/warden.(*LocalWarden).IsAllowed
oauth2_1 | /go/src/github.com/ory/hydra/warden/warden_local.go:37
oauth2_1 | github.com/ory/hydra/jwk.(*Handler).GetKey
oauth2_1 | /go/src/github.com/ory/hydra/jwk/handler.go:172
oauth2_1 | github.com/ory/hydra/jwk.(*Handler).GetKey-fm
oauth2_1 | /go/src/github.com/ory/hydra/jwk/handler.go:42
oauth2_1 | github.com/ory/hydra/vendor/github.com/julienschmidt/httprouter.(*Router).ServeHTTP
oauth2_1 | /go/src/github.com/ory/hydra/vendor/github.com/julienschmidt/httprouter/router.go:299
oauth2_1 | github.com/ory/hydra/vendor/github.com/urfave/negroni.Wrap.func1
oauth2_1 | /go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:41
oauth2_1 | github.com/ory/hydra/vendor/github.com/urfave/negroni.HandlerFunc.ServeHTTP
oauth2_1 | /go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:24
oauth2_1 | github.com/ory/hydra/vendor/github.com/urfave/negroni.middleware.ServeHTTP
oauth2_1 | /go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:33
oauth2_1 | github.com/ory/hydra/vendor/github.com/urfave/negroni.(middleware).ServeHTTP-fm
oauth2_1 | /go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:33
oauth2_1 | net/http.HandlerFunc.ServeHTTP
oauth2_1 | /usr/local/go/src/net/http/server.go:1942
oauth2_1 | github.com/ory/hydra/cmd/server.(*Handler).rejectInsecureRequests
oauth2_1 | /go/src/github.com/ory/hydra/cmd/server/handler.go:167
oauth2_1 | github.com/ory/hydra/cmd/server.(*Handler).(github.com/ory/hydra/cmd/server.rejectInsecureRequests)-fm
oauth2_1 | /go/src/github.com/ory/hydra/cmd/server/handler.go:81
oauth2_1 | github.com/ory/hydra/vendor/github.com/urfave/negroni.HandlerFunc.ServeHTTP
oauth2_1 | /go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:24
oauth2_1 | github.com/ory/hydra/vendor/github.com/urfave/negroni.middleware.ServeHTTP
oauth2_1 | /go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:33
oauth2_1 | github.com/ory/hydra/vendor/github.com/urfave/negroni.(middleware).ServeHTTP-fm
oauth2_1 | /go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:33
oauth2_1 | github.com/ory/hydra/vendor/github.com/meatballhat/negroni-logrus.(*Middleware).ServeHTTP
oauth2_1 | /go/src/github.com/ory/hydra/vendor/github.com/meatballhat/negroni-logrus/middleware.go:135
oauth2_1 | github.com/ory/hydra/vendor/github.com/urfave/negroni.middleware.ServeHTTP
oauth2_1 | /go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:33
oauth2_1 | github.com/ory/hydra/vendor/github.com/urfave/negroni.(middleware).ServeHTTP-fm
oauth2_1 | /go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:33
oauth2_1 | github.com/ory/hydra/metrics.(*MetricsManager).ServeHTTP
oauth2_1 | /go/src/github.com/ory/hydra/metrics/middleware.go:133
oauth2_1 | github.com/ory/hydra/vendor/github.com/urfave/negroni.middleware.ServeHTTP
oauth2_1 | /go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:33
oauth2_1 | github.com/ory/hydra/vendor/github.com/urfave/negroni.(*Negroni).ServeHTTP
oauth2_1 | /go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:73
oauth2_1 | github.com/ory/hydra/vendor/github.com/gorilla/context.ClearHandler.func1
oauth2_1 | /go/src/gith
Is this crash normal ? What do I miss to access the key ? Do I need to provide the challenge of the token to access the public key ?