search

canonical / identity-platform-login-ui

Login UI for the Canonical identity broker and identity provider solution
Apache License 2.0
9 stars 6 forks source link

Support for sign in with local credentials #229

Closed natalian98 closed 2 months ago

natalian98 commented 2 months ago

This PR adds support for signing in with local credentials (kratos password method). MFA, recovery and verification will be addressed in future PRs.

Testing

Set up docker env:

docker-compose -f docker-compose.dev.yml up --build --force-recreate --remove-orphans

docker exec <hydra-container> \
  hydra create client \
    --endpoint http://127.0.0.1:4445 \
    --name grafana \
    --grant-type authorization_code,refresh_token \
    --response-type code,id_token \
    --format json \
    --scope openid,offline_access,email \
    --redirect-uri http://localhost:2345/login/generic_oauth

docker run -d --name=grafana -p 2345:2345 --network idp-docker_intranet \
-e "GF_SERVER_HTTP_PORT=2345" \
-e "GF_AUTH_GENERIC_OAUTH_ENABLED=true" \
-e "GF_AUTH_GENERIC_OAUTH_AUTH_ALLOWED_DOMAINS=hydra,localhost" \
-e "GF_AUTH_GENERIC_OAUTH_NAME=Identity Platform" \
-e "GF_AUTH_GENERIC_OAUTH_CLIENT_ID=<client-id>" \
-e "GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=<client-secret>" \
-e "GF_AUTH_GENERIC_OAUTH_SCOPES=openid offline_access email" \
-e "GF_AUTH_GENERIC_OAUTH_AUTH_URL=http://localhost:4444/oauth2/auth" \
-e "GF_AUTH_GENERIC_OAUTH_TOKEN_URL=http://hydra:4444/oauth2/token" \
-e "GF_AUTH_GENERIC_OAUTH_API_URL=http://hydra:4444/userinfo" \
grafana/grafana

docker exec <kratos-container> kratos import identities /etc/config/kratos/identity.json --endpoint http://127.0.0.1:4434

Run login ui:

make npm-build build

export KRATOS_PUBLIC_URL="http://localhost:4433"
export HYDRA_ADMIN_URL="http://localhost:4445"
export BASE_URL="http://localhost:4455"
export PORT="4455"
export TRACING_ENABLED="false"
export LOG_LEVEL="debug"
export AUTHORIZATION_ENABLED="false"

go run . serve

Go to http://localhost:2345 and sign in with identity platform. It will redirect to login ui and display the option to sign in with local credentials: image

If incorrect credentials are typed, error will be shown: image

Logging in with the imported test user (test@example.com / mQ#v9fwHc0@8) logs the user to grafana: image

I also tested logging with external idp to make sure the changes don't break it.