Unsupported protocol scheme "" with introspect


#1

I’m trying to require an access token for accessing the site. When I request the the proxy i get following error

{
    "error": {
        "code": 500,
        "message": "Post http://hydra:4444/oauth2/introspect: Post : unsupported protocol scheme \"\""
    }
}

my docker file

version: "2"
services:
  demioo:
    build:
      context: .
    ports:
      - "8080:8080"
    volumes:
      - ${PWD}:/usr/src/

  sql:
    image: postgres:9.6
    volumes:
      - oathkeeper-sql-data:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: oathkeeper
      POSTGRES_PASSWORD: secret
      POSTGRES_DB: oathkeeper
    ports:
      - 5432:5432

  oathkeeper-api:
    image: oryd/oathkeeper:v1.0.0-beta.7
    ports:
      - 4456:4456
    environment:
      DATABASE_URL: postgres://oathkeeper:[email protected]:5432/oathkeeper?sslmode=disable
      PORT: 4456
      CREDENTIALS_ISSUER_ID_TOKEN_HS256_SECRET: changemechangemechangemechangemedo
    command: serve api
    depends_on:
      - oathkeeper-migrate

  oathkeeper-proxy:
    image: oryd/oathkeeper:v1.0.0-beta.7
    ports:
      - 4455:4455
    environment:
      - LOG_LEVEL=debug
      - OATHKEEPER_API_URL=http://oathkeeper-api:4456/
      - PORT=4455
      - CREDENTIALS_ISSUER_ID_TOKEN_HS256_SECRET=changemechangemechangemechangeme
      - AUTHENTICATOR_OAUTH2_CLIENT_CREDENTIALS_TOKEN_URL=http://hydra:4444/oauth2/token
      - AUTHENTICATOR_OAUTH2_INTROSPECTION_INTROSPECT_URL=http://hydra:4444/oauth2/introspect
      - AUTHENTICATOR_OAUTH2_INTROSPECTION_CLIENT_ID=oathkeeper-client
      - AUTHENTICATOR_OAUTH2_INTROSPECTION_CLIENT_SECRET=something-secure
    command: serve proxy
    depends_on:
      - oathkeeper-migrate
      - oathkeeper-api


  oathkeeper-migrate:
    image: oryd/oathkeeper:v1.0.0-beta.5
    command: migrate sql postgres://oathkeeper:[email protected]:5432/oathkeeper?sslmode=disable







  hydra-migrate:
    image: oryd/hydra:v1.0.0-beta.7
    links:
      - postgresd:postgresd
    environment:
#      - LOG_LEVEL=debug
      - DATABASE_URL=postgres://hydra:[email protected]:5432/hydra?sslmode=disable
    command:
      migrate sql -e
    restart: on-failure

  hydra:
    image: oryd/hydra:v1.0.0-beta.7
    links:
      - postgresd:postgresd
#     Uncomment the following line to use mysql instead.
#      - mysqld:mysqld
    depends_on:
      - hydra-migrate
    ports:
      - "4444:4444"
      - "4445:4445"
    volumes:
      - ./client.json:/shared-data/client.json
    command:
      serve --dangerous-force-http
    environment:
#      - LOG_LEVEL=debug
      - OAUTH2_ISSUER_URL=http://localhost:4444
      - OAUTH2_CONSENT_URL=http://localhost:3000/consent
      - OAUTH2_LOGIN_URL=http://localhost:3000/login
      - DATABASE_URL=postgres://hydra:[email protected]:5432/hydra?sslmode=disable
#     Uncomment the following line to use mysql instead.
#      - DATABASE_URL=mysql://root:[email protected](mysqld:3306)/mysql?parseTime=true
      - SYSTEM_SECRET=youReallyNeedToChangeThis
      - OAUTH2_SHARE_ERROR_DEBUG=1
    restart: unless-stopped

  consent:
    environment:
      - HYDRA_URL=https://hydra:4444
    image: oryd/hydra-login-consent-node:v1.0.0-beta.1
    links:
      - hydra
    ports:
      - "3000:3000"
    restart: unless-stopped

  postgresd:
    image: postgres:9.6
    ports:
      - "5433:5432"
    environment:
      - POSTGRES_USER=hydra
      - POSTGRES_PASSWORD=secret
      - POSTGRES_DB=hydra

volumes:
  oathkeeper-sql-data:

Oathkeeper rule

{
    "id": "ffc371c6-104e-4737-a0a1-7c11edbe0046",
    "description": "",
    "match": {
        "methods": [
            "GET"
        ],
        "url": "http://localhost:4455/<.*>"
    },
    "authenticators": [
        {
            "handler": "oauth2_introspection",
            "config": null
        }
    ],
    "authorizer": {
        "handler": "allow",
        "config": null
    },
    "credentials_issuer": {
        "handler": "noop",
        "config": null
    },
    "upstream": {
        "preserve_host": true,
        "strip_path": "",
        "url": "http://demioo:8080"
    }
}

the log

oathkeeper-proxy_1    | time="2018-08-10T10:12:47Z" level=info msg="started handling request" method=GET remote="192.168.224.1:34582" request=/
oathkeeper-proxy_1    | time="2018-08-10T10:12:47Z" level=warning msg="The authentication handler encountered an error" access_url="http://localhost:4455/" authentication_handler=oauth2_introspection error="Post http://hydra:4444/oauth2/introspect: Post : unsupported protocol scheme \"\"" granted=false reason_id=authentication_handler_error
oathkeeper-proxy_1    | time="2018-08-10T10:12:47Z" level=warning msg="Access request denied" access_url="http://localhost:4455/" error="Post http://hydra:4444/oauth2/introspect: Post : unsupported protocol scheme \"\"" granted=false
oathkeeper-proxy_1    | time="2018-08-10T10:12:47Z" level=error msg="An error occurred while handling a request" code=500 details="map[]" error="Post http://hydra:4444/oauth2/introspect: Post : unsupported protocol scheme \"\"" reason= request-id= status= trace="Stack trace: \ngithub.com/ory/oathkeeper/vendor/github.com/ory/keto/authentication.(*OAuth2IntrospectionAuthentication).Introspect\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/ory/keto/authentication/oauth2_introspection.go:163\ngithub.com/ory/oathkeeper/proxy.(*AuthenticatorOAuth2Introspection).Authenticate\n\t/go/src/github.com/ory/oathkeeper/proxy/authenticator_oauth2_introspection.go:68\ngithub.com/ory/oathkeeper/proxy.(*RequestHandler).HandleRequest\n\t/go/src/github.com/ory/oathkeeper/proxy/request_handler.go:99\ngithub.com/ory/oathkeeper/proxy.(*Proxy).Director\n\t/go/src/github.com/ory/oathkeeper/proxy/proxy.go:121\ngithub.com/ory/oathkeeper/proxy.(*Proxy).Director-fm\n\t/go/src/github.com/ory/oathkeeper/cmd/serve_proxy.go:184\nnet/http/httputil.(*ReverseProxy).ServeHTTP\n\t/usr/local/go/src/net/http/httputil/reverseproxy.go:169\ngithub.com/ory/oathkeeper/vendor/github.com/urfave/negroni.Wrap.func1\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/urfave/negroni/negroni.go:46\ngithub.com/ory/oathkeeper/vendor/github.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/urfave/negroni/negroni.go:29\ngithub.com/ory/oathkeeper/vendor/github.com/urfave/negroni.middleware.ServeHTTP\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/urfave/negroni/negroni.go:38\ngithub.com/ory/oathkeeper/vendor/github.com/urfave/negroni.(middleware).ServeHTTP-fm\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/urfave/negroni/negroni.go:38\ngithub.com/ory/oathkeeper/vendor/github.com/ory/metrics-middleware.(*MetricsManager).ServeHTTP\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/ory/metrics-middleware/middleware.go:160\ngithub.com/ory/oathkeeper/vendor/github.com/urfave/negroni.middleware.ServeHTTP\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/urfave/negroni/negroni.go:38\ngithub.com/ory/oathkeeper/vendor/github.com/urfave/negroni.(middleware).ServeHTTP-fm\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/urfave/negroni/negroni.go:38\ngithub.com/ory/oathkeeper/vendor/github.com/meatballhat/negroni-logrus.(*Middleware).ServeHTTP\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/meatballhat/negroni-logrus/middleware.go:136\ngithub.com/ory/oathkeeper/vendor/github.com/urfave/negroni.middleware.ServeHTTP\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/urfave/negroni/negroni.go:38\ngithub.com/ory/oathkeeper/vendor/github.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/urfave/negroni/negroni.go:96\ngithub.com/ory/oathkeeper/vendor/github.com/rs/cors.(*Cors).Handler.func1\n\t/go/src/github.com/ory/oathkeeper/vendor/github.com/rs/cors/cors.go:200\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:1947\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2694\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1830\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:2361" writer=JSON
oathkeeper-proxy_1    | time="2018-08-10T10:12:47Z" level=info msg="completed handling request" measure#oathkeeper-proxy.latency=964966 method=GET remote="192.168.224.1:34582" request=/ status=500 text_status="Internal Server Error" took="964.966µs"