search

ory / cli

Create bulk action scripts, automate your tasks, manage your projects, and seamlessly interact with the Ory Network using the Ory command line interface (CLI).
https://www.ory.sh/cli?utm_source=github&utm_medium=banner&utm_campaign=cli
Apache License 2.0
43 stars 22 forks source link

Authenticating with api keys in CLI v1 does not work #367

Closed decline closed 1 month ago

decline commented 1 month ago

Preflight checklist

Ory Network Project

https://suspicious-wozniak-by8qc6gqla.projects.oryapis.com

Describe the bug

See this Slack discussion from the ory-network channel, too: https://ory-community.slack.com/archives/C02MR4DEEGH/p1721916091754949

I just switched to the new v1.0.0-alpha.0 of the Ory CLI (the Docker image: oryd/ory). According to the migration guide I should set API keys if I don't want to authenticate via browser (which is what I need, when running on CI). I created a workspace API key as well as a project API key, but I does not seem to work. The CLI will always prompt me with the browser URL that I should visit.

It's interesting to note, that no matter which value I use for the ORY_PROJECT_API_KEY, a wrong one or the correct api key, it will never complain (but always show the browser login URL). Whereas for the ORY_WORKSPACE_API_KEY, it will actually complain if it's wrong. But still, when using the correct key, I'm not authenticated and I will receive the browser URL (side note: it's also required for me to pass in the workspace ID. Using the workspace name, it will tell me that it can't be found).

Setting both environment variables or one or the other does not make a difference, I will never get authenticated. I also tried adding the --quiet flag, but this will get me: 

please authenticate the CLI or remove the --quiet flag

Reproducing the bug

This is an example of how I pass in the api keys:

docker run --rm -p 62100:62100 -e ORY_PROJECT_API_KEY=ory_pat_xxx -e ORY_WORKSPACE_API_KEY=ory_wak_xxx oryd/ory tunnel --port 62100 --project suspicious-wozniak-by8qc6gqla --workspace xxx-workspace-id http://localhost:42100

Relevant log output

A browser should have opened for you to complete your login to Ory Network.
If no browser opened, visit the below page to continue:

                https://project.console.ory.sh/oauth2/auth?audience=https%3A%2F%2Fapi.console.ory.sh&client_id=ory-cli&code_challenge=xxx&code_challenge_method=S256&prompt=login+consent&redirect_uri=http%3A%2F%2Flocalhost%3A19834%2Fcallback&response_type=code&scope=offline_access+email+profile&state=xxx

Relevant configuration

No response

Version

v1.0.0-alpha.0

On which operating system are you observing this issue?

Ory Network

In which environment are you deploying?

Docker

Additional Context

No response

zepatrik commented 1 month ago

It looks like we forgot to change the project API environment key at one point. Therefore, you can use the old one as a workaround short-term.