I’m trying to require an access token for accessing the site. When I request the the proxy i get following error
{
"error": {
"code": 500,
"message": "Post http://hydra:4444/oauth2/introspect: Post : unsupported protocol scheme \"\""
}
}
my docker file
version: "2"
services:
demioo:
build:
context: .
ports:
- "8080:8080"
volumes:
- ${PWD}:/usr/src/
sql:
image: postgres:9.6
volumes:
- oathkeeper-sql-data:/var/lib/postgresql/data
environment:
POSTGRES_USER: oathkeeper
POSTGRES_PASSWORD: secret
POSTGRES_DB: oathkeeper
ports:
- 5432:5432
oathkeeper-api:
image: oryd/oathkeeper:v1.0.0-beta.7
ports:
- 4456:4456
environment:
DATABASE_URL: postgres://oathkeeper:secret@sql:5432/oathkeeper?sslmode=disable
PORT: 4456
CREDENTIALS_ISSUER_ID_TOKEN_HS256_SECRET: changemechangemechangemechangemedo
command: serve api
depends_on:
- oathkeeper-migrate
oathkeeper-proxy:
image: oryd/oathkeeper:v1.0.0-beta.7
ports:
- 4455:4455
environment:
- LOG_LEVEL=debug
- OATHKEEPER_API_URL=http://oathkeeper-api:4456/
- PORT=4455
- CREDENTIALS_ISSUER_ID_TOKEN_HS256_SECRET=changemechangemechangemechangeme
- AUTHENTICATOR_OAUTH2_CLIENT_CREDENTIALS_TOKEN_URL=http://hydra:4444/oauth2/token
- AUTHENTICATOR_OAUTH2_INTROSPECTION_INTROSPECT_URL=http://hydra:4444/oauth2/introspect
- AUTHENTICATOR_OAUTH2_INTROSPECTION_CLIENT_ID=oathkeeper-client
- AUTHENTICATOR_OAUTH2_INTROSPECTION_CLIENT_SECRET=something-secure
command: serve proxy
depends_on:
- oathkeeper-migrate
- oathkeeper-api
oathkeeper-migrate:
image: oryd/oathkeeper:v1.0.0-beta.5
command: migrate sql postgres://oathkeeper:secret@sql:5432/oathkeeper?sslmode=disable
hydra-migrate:
image: oryd/hydra:v1.0.0-beta.7
links:
- postgresd:postgresd
environment:
# - LOG_LEVEL=debug
- DATABASE_URL=postgres://hydra:secret@postgresd:5432/hydra?sslmode=disable
command:
migrate sql -e
restart: on-failure
hydra:
image: oryd/hydra:v1.0.0-beta.7
links:
- postgresd:postgresd
# Uncomment the following line to use mysql instead.
# - mysqld:mysqld
depends_on:
- hydra-migrate
ports:
- "4444:4444"
- "4445:4445"
volumes:
- ./client.json:/shared-data/client.json
command:
serve --dangerous-force-http
environment:
# - LOG_LEVEL=debug
- OAUTH2_ISSUER_URL=http://localhost:4444
- OAUTH2_CONSENT_URL=http://localhost:3000/consent
- OAUTH2_LOGIN_URL=http://localhost:3000/login
- DATABASE_URL=postgres://hydra:secret@postgresd:5432/hydra?sslmode=disable
# Uncomment the following line to use mysql instead.
# - DATABASE_URL=mysql://root:secret@tcp(mysqld:3306)/mysql?parseTime=true
- SYSTEM_SECRET=youReallyNeedToChangeThis
- OAUTH2_SHARE_ERROR_DEBUG=1
restart: unless-stopped
consent:
environment:
- HYDRA_URL=https://hydra:4444
image: oryd/hydra-login-consent-node:v1.0.0-beta.1
links:
- hydra
ports:
- "3000:3000"
restart: unless-stopped
postgresd:
image: postgres:9.6
ports:
- "5433:5432"
environment:
- POSTGRES_USER=hydra
- POSTGRES_PASSWORD=secret
- POSTGRES_DB=hydra
volumes:
oathkeeper-sql-data:
Oathkeeper rule
{
"id": "ffc371c6-104e-4737-a0a1-7c11edbe0046",
"description": "",
"match": {
"methods": [
"GET"
],
"url": "http://localhost:4455/<.*>"
},
"authenticators": [
{
"handler": "oauth2_introspection",
"config": null
}
],
"authorizer": {
"handler": "allow",
"config": null
},
"credentials_issuer": {
"handler": "noop",
"config": null
},
"upstream": {
"preserve_host": true,
"strip_path": "",
"url": "http://demioo:8080"
}
}
the log
oathkeeper-proxy_1 | time="2018-08-10T10:12:47Z" level=info msg="started handling request" method=GET remote="192.168.224.1:34582" request=/
oathkeeper-proxy_1 | time="2018-08-10T10:12:47Z" level=warning msg="The authentication handler encountered an error" access_url="http://localhost:4455/" authentication_handler=oauth2_introspection error="Post http://hydra:4444/oauth2/introspect: Post : unsupported protocol scheme \"\"" granted=false reason_id=authentication_handler_error
oathkeeper-proxy_1 | time="2018-08-10T10:12:47Z" level=warning msg="Access request denied" access_url="http://localhost:4455/" error="Post http://hydra:4444/oauth2/introspect: Post : unsupported protocol scheme \"\"" granted=false
oathkeeper-proxy_1 | time="2018-08-10T10:12:47Z" level=error msg="An error occurred while handling a request" code=500 details="map[]" error="Post http://hydra:4444/oauth2/introspect: Post : unsupported protocol scheme \"\"" reason= request-id= status= trace="Stack trace: \ngithub.com/ory/oathkeeper/vendor/github.com/ory/keto/authentication.(*OAuth2IntrospectionAuthentication).Introspect\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/ory/keto/authentication/oauth2_introspection.go:163\ngithub.com/ory/oathkeeper/proxy.(*AuthenticatorOAuth2Introspection).Authenticate\n\t/go/src/github.com/ory/oathkeeper/proxy/authenticator_oauth2_introspection.go:68\ngithub.com/ory/oathkeeper/proxy.(*RequestHandler).HandleRequest\n\t/go/src/github.com/ory/oathkeeper/proxy/request_handler.go:99\ngithub.com/ory/oathkeeper/proxy.(*Proxy).Director\n\t/go/src/github.com/ory/oathkeeper/proxy/proxy.go:121\ngithub.com/ory/oathkeeper/proxy.(*Proxy).Director-fm\n\t/go/src/github.com/ory/oathkeeper/cmd/serve_proxy.go:184\nnet/http/httputil.(*ReverseProxy).ServeHTTP\n\t/usr/local/go/src/net/http/httputil/reverseproxy.go:169\ngithub.com/ory/oathkeeper/vendor/github.com/urfave/negroni.Wrap.func1\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/urfave/negroni/negroni.go:46\ngithub.com/ory/oathkeeper/vendor/github.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/urfave/negroni/negroni.go:29\ngithub.com/ory/oathkeeper/vendor/github.com/urfave/negroni.middleware.ServeHTTP\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/urfave/negroni/negroni.go:38\ngithub.com/ory/oathkeeper/vendor/github.com/urfave/negroni.(middleware).ServeHTTP-fm\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/urfave/negroni/negroni.go:38\ngithub.com/ory/oathkeeper/vendor/github.com/ory/metrics-middleware.(*MetricsManager).ServeHTTP\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/ory/metrics-middleware/middleware.go:160\ngithub.com/ory/oathkeeper/vendor/github.com/urfave/negroni.middleware.ServeHTTP\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/urfave/negroni/negroni.go:38\ngithub.com/ory/oathkeeper/vendor/github.com/urfave/negroni.(middleware).ServeHTTP-fm\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/urfave/negroni/negroni.go:38\ngithub.com/ory/oathkeeper/vendor/github.com/meatballhat/negroni-logrus.(*Middleware).ServeHTTP\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/meatballhat/negroni-logrus/middleware.go:136\ngithub.com/ory/oathkeeper/vendor/github.com/urfave/negroni.middleware.ServeHTTP\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/urfave/negroni/negroni.go:38\ngithub.com/ory/oathkeeper/vendor/github.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/urfave/negroni/negroni.go:96\ngithub.com/ory/oathkeeper/vendor/github.com/rs/cors.(*Cors).Handler.func1\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/rs/cors/cors.go:200\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:1947\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2694\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1830\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:2361" writer=JSON
oathkeeper-proxy_1 | time="2018-08-10T10:12:47Z" level=info msg="completed handling request" measure#oathkeeper-proxy.latency=964966 method=GET remote="192.168.224.1:34582" request=/ status=500 text_status="Internal Server Error" took="964.966µs"