fix: logout

.env

@@ -5,7 +5,7 @@ DEV_PORT=3010
 
 # Change to `true` if testing out oathkeeper otherwise just leave this false
 # for development of other parts of the shell
-REACT_APP_AUTH_ENABLED=false
+REACT_APP_AUTH_ENABLED=true
 
 # When locally testing leave these endpoints as is.
 # Webpack uses proxies found in `webpack.config.js` to proxy
@@ -14,10 +14,14 @@ REACT_APP_AUTH_ENABLED=false
 # You can also point the proxy to directly kratos to bypass oathkeeper for testing.
 # Oathkeeper endpoint
 REACT_APP_AUTH_API_BASE_URL=/kratos
+REACT_APP_LOGIN_URL=/kratos/self-service/login/browser
+REACT_APP_LOGOUT_URL=/kratos/self-service/logout/browser
+REACT_APP_AUTH_TOKEN_URL=/sessions/whoami
+REACT_APP_LOGIN_PROVIDER=keycloak
 
 # If you have `REACT_APP_AUTH_ENABLED` set to `true` and you need a mock
 # user to develop auth UI you can enable this.
-REACT_APP_AUTH_MOCK_API=true
+REACT_APP_AUTH_MOCK_API=false
 
 # This is a variable made in anticipation for a api that returns information
 # about where remote microfrontends live.

.nvmrc

@@ -0,0 +1 @@
+14.18.1

README.md

@@ -73,3 +73,30 @@ For more details read [configuring the tools](./docs/configuring-the-tools.md).
 - [Configuring the tools](./docs/configuring-the-tools.md)
 - [Environment variables](./docs/environment-variables.md)
 - [External API](./docs/external-api.md)
+
+## Local testing with Ory and Keycloak
+
+- Run dependencies with the following command
+```
+docker compose --profile ory up -d
+```
+- Wait for all the containers become healthy.
+- Set a host recording in `/etc/hosts` file for keycloak
+```
+127.0.0.1 keycloak
+```
+- Add a user in keycloak using admin console
+  - Open the URL http://127.0.0.1:8080/ (Administration Console)
+  - Login with `admin` and `admin`
+  - Select realm `test-realm` on top left
+  - Go to users and create a new user by entering the following details
+    - Username
+    - Email
+    - First name
+    - Last name
+    - Password in credentials
+- Run application using `yarn run start`
+- Open browser on `http://127.0.0.1:3010/` (Note: do not use localhost due to some issues with redirection and cookies)
+- It redirects to the keycloak login page
+- Login with the new user created
+- Then it should return back to the portal

docker-compose.yaml

@@ -3,6 +3,8 @@ version: '3.7'
 networks:
   mojaloop-net:
     name: mojaloop-net
+volumes:
+  kratos-sqlite:
 
 services:
   reporting-hub-bop-shell:
@@ -35,70 +37,49 @@ services:
       timeout: 20s
       retries: 30
       interval: 15s
-  psql:
-    profiles: ["ory"]
-    image: 'postgres:13.2'
-    restart: unless-stopped
-    environment:
-      POSTGRES_USER: ory-user
-      POSTGRES_PASSWORD: ory-pass
-      POSTGRES_DB: ory-data
-    ports:
-      - '5432:5432'
-    networks:
-      - mojaloop-net
+
   kratos-migrate:
     profiles: ["ory"]
-    depends_on:
-      - psql
-    image: 'oryd/kratos:v0.7.1-alpha.1'
+    image: oryd/kratos:v1.1.0
     restart: on-failure
-    command: migrate -c /etc/config/kratos/kratos.yml sql -e --yes
+    command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
     environment:
-      DSN: >-
-        postgres://ory-user:ory-pass@psql:5432/ory-data?sslmode=disable&max_conns=20&max_idle_conns=4
-      LOG_LEVEL: debug
+      - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc
     volumes:
+      - type: volume
+        source: kratos-sqlite
+        target: /var/lib/sqlite
+        read_only: false
       - type: bind
-        source: ./docker/kratos
+        source: ./docker/kratos/oidc
         target: /etc/config/kratos
     networks:
       - mojaloop-net
   kratos:
     profiles: ["ory"]
     depends_on:
       - kratos-migrate
-    image: 'oryd/kratos:v0.7.1-alpha.1'
+    image: oryd/kratos:v1.1.0
     restart: unless-stopped
-    command: serve -c /etc/config/kratos/kratos.yml --dev
+    command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier
     environment:
-      DSN: >-
-        postgres://ory-user:ory-pass@psql:5432/ory-data?sslmode=disable&max_conns=20&max_idle_conns=4
-      LOG_LEVEL: trace
-      SERVE_PUBLIC_BASE_URL: 'http://127.0.0.1:4455/.ory/kratos/public/'
+      - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true
+      - LOG_LEVEL=trace
+      # - SERVE_PUBLIC_BASE_URL='http://127.0.0.1:4455/.ory/kratos/public/'
     volumes:
+      - type: volume
+        source: kratos-sqlite
+        target: /var/lib/sqlite
+        read_only: false
       - type: bind
-        source: ./docker/kratos
+        source: ./docker/kratos/oidc
         target: /etc/config/kratos
     ports:
-      - '4433:4433'
-      - '4434:4434'
-    networks:
-      - mojaloop-net
-  kratos-selfservice-ui-node:
-    profiles: ["ory"]
-    depends_on:
-      - kratos
-    image: 'oryd/kratos-selfservice-ui-node:v0.7.1-alpha.1'
-    environment:
-      - 'JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json'
-      - 'KRATOS_PUBLIC_URL=http://kratos:4433/'
-      - 'KRATOS_ADMIN_URL=http://kratos:4434/'
-      - 'KRATOS_BROWSER_URL=http://127.0.0.1:4455/.ory/kratos/public'
-      - PORT=4435
-      - SECURITY_MODE=jwks
+      - '4433:4433' # public
+      - '4434:4434' # admin
     networks:
       - mojaloop-net
+
   mailslurper:
     profiles: ["ory"]
     image: 'oryd/mailslurper:latest-smtps'
@@ -107,35 +88,48 @@ services:
       - '4437:4437'
     networks:
       - mojaloop-net
-  oathkeeper:
-    profiles: ["ory"]
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:21.1.0
+    user: root
+    container_name: keycloak
+    command: ['start-dev --import-realm']
+    ports:
+      - "8080:8080"
     depends_on:
-      - psql
-    image: 'oryd/oathkeeper:v0.38.14-beta.1'
-    restart: unless-stopped
-    command: serve --config=/etc/config/oathkeeper/oathkeeper.yml
-    environment:
-      LOG_LEVEL: debug
-      LOG_LEAK_SENSITIVE_VALUES: 'true'
-      TRACING_PROVIDER: jaeger
-      TRACING_SERVICE_NAME: Oathkeeper
-      TRACING_PROVIDER_JAEGER_SAMPLING_SERVER_URL: 'http://jaeger:5778/sampling'
-      TRACING_PROVIDER_JAEGER_LOCAL_AGENT_ADDRESS: 'jaeger:6831'
-      TRACING_PROVIDER_JAEGER_SAMPLING_TYPE: const
-      TRACING_PROVIDER_JAEGER_SAMPLING_VALUE: 1
+      mysql-keycloak:
+        condition: service_healthy
     volumes:
-      - type: bind
-        source: ./docker/oathkeeper
-        target: /etc/config/oathkeeper
-    ports:
-      - '4455:4455'
-      - '4456:4456'
+       - ./docker/keycloak/realm-export.json:/opt/keycloak/data/import/realm.json
+    environment:
+      - KEYCLOAK_ADMIN=admin
+      - KEYCLOAK_ADMIN_PASSWORD=admin
+      - KC_DB=mysql
+      - KC_DB_URL_HOST=mysql-keycloak
+      - KC_DB_URL_DATABASE=keycloak
+      - KC_DB_USERNAME=keycloak
+      - KC_DB_PASSWORD=password
+      - KC_HEALTH_ENABLED=true
     networks:
       - mojaloop-net
-  jaeger:
-    profiles: ["ory"]
-    image: jaegertracing/all-in-one:1.22
+    healthcheck:
+      test: ["CMD-SHELL", "exec 3<>/dev/tcp/127.0.0.1/8080;echo -e \"GET /health/ready HTTP/1.1\r\nhost: http://localhost\r\nConnection: close\r\n\r\n\" >&3;grep \"HTTP/1.1 200 OK\" <&3"]
+      timeout: 20s
+      retries: 10
+      start_period: 40s
+      interval: 30s
+
+  mysql-keycloak:
+    image: mysql:8.3.0
+    container_name: mysql-keycloak
     ports:
-      - 16686:16686
+      - "3306:3306"
+    environment:
+      - MYSQL_DATABASE=keycloak
+      - MYSQL_USER=keycloak
+      - MYSQL_PASSWORD=password
+      - MYSQL_ROOT_PASSWORD=root_password
+    healthcheck:
+      test: "mysqladmin ping -u root -p$${MYSQL_ROOT_PASSWORD}"
     networks:
-      - mojaloop-net
+      - mojaloop-net