ory stack 설정 검사 추가. make 명령으로 실행 필요.

2026-02-19 16:09:06 +09:00
parent 65c45c7571
commit 3025be52d5
5 changed files with 156 additions and 53 deletions
--- a/compose.ory.yaml
+++ b/compose.ory.yaml
@@ -198,40 +198,40 @@ services:

    # 기본 RP (Admin Front 등) 자동 등록 컨테이너
    init-rp:
-        image: oryd/hydra:${HYDRA_VERSION:-v25.4.0}
-        environment:
-            - HYDRA_ADMIN_URL=http://hydra:4445
-            - OATHKEEPER_INTROSPECT_CLIENT_ID=${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect}
-            - OATHKEEPER_INTROSPECT_CLIENT_SECRET=${OATHKEEPER_INTROSPECT_CLIENT_SECRET:-oathkeeper-secret}
-            - ADMINFRONT_CALLBACK_URLS=${ADMINFRONT_CALLBACK_URLS:-http://localhost:5173/auth/callback}
-            - DEVFRONT_CALLBACK_URLS=${DEVFRONT_CALLBACK_URLS:-http://localhost:5174/callback}
-        command: |
-            hydra clients create \
-              --endpoint http://hydra:4445 \
-              --id adminfront \
-              --secret admin-secret \
-              --grant-types authorization_code,refresh_token \
-              --response-types code \
-              --scope openid,offline_access,profile,email \
-              --callbacks "$ADMINFRONT_CALLBACK_URLS";
+        image: oryd/hydra:v25.4.0
+        entrypoint: ["/bin/sh"]
+        command:
+            - -ec
+            - |
+              hydra delete oauth2-client --endpoint http://hydra:4445 adminfront >/dev/null 2>&1 || true
+              hydra delete oauth2-client --endpoint http://hydra:4445 devfront >/dev/null 2>&1 || true
+              hydra delete oauth2-client --endpoint http://hydra:4445 ${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect} >/dev/null 2>&1 || true

-            hydra clients create \
-              --endpoint http://hydra:4445 \
-              --id devfront \
-              --grant-types authorization_code,refresh_token \
-              --response-types code \
+              hydra create oauth2-client \
+                --endpoint http://hydra:4445 \
+                --id adminfront \
+                --secret admin-secret \
+                --grant-type authorization_code,refresh_token \
+                --response-type code \
+                --scope openid,offline_access,profile,email \
+                --redirect-uri ${ADMINFRONT_CALLBACK_URLS:-http://localhost:5173/auth/callback}
+
+              hydra create oauth2-client \
+                --endpoint http://hydra:4445 \
+                --id devfront \
+              --grant-type authorization_code,refresh_token \
+              --response-type code \
              --scope openid,offline_access,profile,email \
              --token-endpoint-auth-method none \
-              --response-types code \
-              --callbacks "$DEVFRONT_CALLBACK_URLS";
+              --redirect-uri ${DEVFRONT_CALLBACK_URLS:-http://localhost:5174/callback}

-            hydra clients create \
-              --endpoint http://hydra:4445 \
-              --id "$OATHKEEPER_INTROSPECT_CLIENT_ID" \
-              --secret "$OATHKEEPER_INTROSPECT_CLIENT_SECRET" \
-              --grant-types client_credentials \
-              --response-types token \
-              --scope openid,offline_access,profile,email;
+              hydra create oauth2-client \
+                --endpoint http://hydra:4445 \
+                --id ${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect} \
+                --secret ${OATHKEEPER_INTROSPECT_CLIENT_SECRET:-oathkeeper-secret} \
+                --grant-type client_credentials \
+                --response-type token \
+                --scope openid,offline_access,profile,email
        depends_on:
            ory_stack_check:
                condition: service_completed_successfully