Closed eabili0 closed 4 years ago
@abilioesteves I found these warnings on hydra logs:
time="2019-11-21T19:02:46Z" level=warning msg="Configuration key OIDC_SUBJECT_TYPES_SUPPORTED is deprecated and will be removed in a future release. Use key oidc.subject_identifiers.enabled instead!"
time="2019-11-21T19:02:46Z" level=warning msg="Configuration key OIDC_SUBJECT_TYPE_PAIRWISE_SALT is deprecated and will be removed in a future release. Use key oidc.subject_identifiers.pairwise.salt instead!"
time="2019-11-21T19:02:46Z" level=warning msg="Configuration key OAUTH2_ISSUER_URL is deprecated and will be removed in a future release. Use key urls.self.issuer instead!"
time="2019-11-21T19:02:46Z" level=warning msg="Configuration key OAUTH2_SHARE_ERROR_DEBUG is deprecated and will be removed in a future release. Use key oauth2.expose_internal_errors instead!"
time="2019-11-21T19:02:49Z" level=warning msg="Configuration key SYSTEM_SECRET is deprecated and will be removed in a future release. Use key secrets.system instead!"
time="2019-11-21T19:02:53Z" level=warning msg="Configuration key CORS_ENABLED is deprecated and will be removed in a future release. Use key serve.public.cors.enabled instead!"
time="2019-11-21T19:02:57Z" level=warning msg="Configuration key CORS_ENABLED is deprecated and will be removed in a future release. Use key serve.admin.cors.enabled instead!"
time="2019-11-21T19:02:53Z" level=warning msg="Configuration key CORS_ALLOWED_METHODS is deprecated and will be removed in a future release. Use key serve.public.cors.allowed_methods instead!"
time="2019-11-21T19:02:57Z" level=warning msg="Configuration key CORS_ALLOWED_METHODS is deprecated and will be removed in a future release. Use key serve.admin.cors.allowed_methods instead!"
time="2019-11-21T19:03:21Z" level=warning msg="Configuration key OAUTH2_LOGIN_URL is deprecated and will be removed in a future release. Use key urls.login instead!"
time="2019-11-21T19:04:14Z" level=warning msg="Configuration key OAUTH2_CONSENT_URL is deprecated and will be removed in a future release. Use key urls.consent instead!"
time="2019-11-21T19:03:05Z" level=warning msg="A client requested the default error URL, environment variable OAUTH2_ERROR_URL is probably not set."
time="2019-11-21T19:02:53Z" level=warning msg="JSON Web Key Set \"hydra.https-tls\" does not exist yet, generating new key pair..."
time="2019-11-21T19:02:46Z" level=warning msg="JSON Web Key Set \"hydra.openid.id-token\" does not exist yet, generating new key pair..."
time="2019-11-21T19:02:49Z" level=warning msg="JSON Web Key Set \"hydra.jwt.access-token\" does not exist yet, generating new key pair..."
time="2019-11-21T19:02:57Z" level=warning msg="HTTPS disabled. Never do this in production."
Of those, only these are the deprecated:
time="2019-11-21T19:02:46Z" level=warning msg="Configuration key OIDC_SUBJECT_TYPES_SUPPORTED is deprecated and will be removed in a future release. Use key oidc.subject_identifiers.enabled instead!"
time="2019-11-21T19:02:46Z" level=warning msg="Configuration key OIDC_SUBJECT_TYPE_PAIRWISE_SALT is deprecated and will be removed in a future release. Use key oidc.subject_identifiers.pairwise.salt instead!"
time="2019-11-21T19:02:46Z" level=warning msg="Configuration key OAUTH2_ISSUER_URL is deprecated and will be removed in a future release. Use key urls.self.issuer instead!"
time="2019-11-21T19:02:46Z" level=warning msg="Configuration key OAUTH2_SHARE_ERROR_DEBUG is deprecated and will be removed in a future release. Use key oauth2.expose_internal_errors instead!"
time="2019-11-21T19:02:49Z" level=warning msg="Configuration key SYSTEM_SECRET is deprecated and will be removed in a future release. Use key secrets.system instead!"
time="2019-11-21T19:02:53Z" level=warning msg="Configuration key CORS_ENABLED is deprecated and will be removed in a future release. Use key serve.public.cors.enabled instead!"
time="2019-11-21T19:02:57Z" level=warning msg="Configuration key CORS_ENABLED is deprecated and will be removed in a future release. Use key serve.admin.cors.enabled instead!"
time="2019-11-21T19:02:53Z" level=warning msg="Configuration key CORS_ALLOWED_METHODS is deprecated and will be removed in a future release. Use key serve.public.cors.allowed_methods instead!"
time="2019-11-21T19:02:57Z" level=warning msg="Configuration key CORS_ALLOWED_METHODS is deprecated and will be removed in a future release. Use key serve.admin.cors.allowed_methods instead!"
time="2019-11-21T19:03:21Z" level=warning msg="Configuration key OAUTH2_LOGIN_URL is deprecated and will be removed in a future release. Use key urls.login instead!"
time="2019-11-21T19:04:14Z" level=warning msg="Configuration key OAUTH2_CONSENT_URL is deprecated and will be removed in a future release. Use key urls.consent instead!"
Reducing the message we get:
OIDC_SUBJECT_TYPES_SUPPORTED -> oidc.subject_identifiers.enabled
OIDC_SUBJECT_TYPE_PAIRWISE_SALT -> oidc.subject_identifiers.pairwise.salt
OAUTH2_ISSUER_URL -> urls.self.issuer
OAUTH2_SHARE_ERROR_DEBUG -> oauth2.expose_internal_errors
SYSTEM_SECRET -> secrets.system
CORS_ENABLED -> serve.public.cors.enabled
CORS_ENABLED -> serve.admin.cors.enabled
CORS_ALLOWED_METHODS -> serve.public.cors.allowed_methods
CORS_ALLOWED_METHODS -> serve.admin.cors.allowed_methods
OAUTH2_LOGIN_URL -> urls.login
OAUTH2_CONSENT_URL -> urls.consent
And transforming the way defined on the ORY Documentation - Configuration that says:
# Assuming the following configuration layout:
#
# serve:
# public:
# port: 4444
# something_else: foobar
#
# Key `something_else` can be set as an environment variable by uppercasing it's path:
# `serve.public.port.somethihng_else` -> `SERVE.PUBLIC.PORT.SOMETHING_ELSE`
# and replacing `.` with `_`:
# `serve.public.port.somethihng_else` -> `SERVE_PUBLIC_PORT_SOMETHING_ELSE`
We get:
OIDC_SUBJECT_TYPES_SUPPORTED -> OIDC_SUBJECT_IDENTIFIERS_ENABLED
OIDC_SUBJECT_TYPE_PAIRWISE_SALT -> OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT
OAUTH2_ISSUER_URL -> URLS_SELF_ISSUER
OAUTH2_SHARE_ERROR_DEBUG -> OAUTH2_EXPOSE_INTERNAL_ERRORS
SYSTEM_SECRET -> SECRETS_SYSTEM
CORS_ENABLED -> SERVE_PUBLIC_CORS_ENABLED
CORS_ENABLED -> SERVE_ADMIN_CORS_ENABLED
CORS_ALLOWED_METHODS -> SERVE_PUBLIC_CORS_ALLOWED_METHODS
CORS_ALLOWED_METHODS -> SERVE_ADMIN_CORS_ALLOWED_METHODS
OAUTH2_LOGIN_URL -> URLS_LOGIN
OAUTH2_CONSENT_URL -> URLS_CONSENT
Which are the changes proposed on the following PR togheter with some refactoring. All the deprecation warnings are now gone in logs.
We are using deprecated envs for Hydra. We should update them to the newest configuration format. See https://www.ory.sh/docs/hydra/configuration