From f59206e5895eeeb9981ff11fe375bc7285cb6496 Mon Sep 17 00:00:00 2001
From: chan <b24028@hanmaceng.co.kr>
Date: Wed, 18 Mar 2026 16:45:19 +0900
Subject: [PATCH] fix: add init-rp to staging compose to register OIDC clients

---
 docker/staging_pull_compose.template.yaml | 59 +++++++++++++++++++++++
 1 file changed, 59 insertions(+)

diff --git a/docker/staging_pull_compose.template.yaml b/docker/staging_pull_compose.template.yaml
index 8c2e5268..537c694a 100644
--- a/docker/staging_pull_compose.template.yaml
+++ b/docker/staging_pull_compose.template.yaml
@@ -244,6 +244,65 @@ services:
     networks:
       - ory-net
 
+  ory_stack_check:
+    image: alpine:latest
+    container_name: ory_stack_check
+    command: >
+      /bin/sh -c "
+        apk add --no-cache curl;
+        echo 'Wait for services...';
+        until curl -s http://kratos:4433/health/ready; do sleep 1; done;
+        until curl -s http://hydra:4444/health/ready; do sleep 1; done;
+        until curl -s http://keto:4466/health/ready; do sleep 1; done;
+        echo 'Ory Stack is fully operational!';"
+    depends_on:
+      - kratos
+      - hydra
+      - keto
+    networks:
+      - ory-net
+
+  init-rp:
+    image: oryd/hydra:${HYDRA_VERSION:-v25.4.0}
+    entrypoint: ["/bin/sh"]
+    command:
+      - -ec
+      - |
+        hydra delete oauth2-client --endpoint http://hydra:4445 adminfront >/dev/null 2>&1 || true
+        hydra delete oauth2-client --endpoint http://hydra:4445 devfront >/dev/null 2>&1 || true
+        hydra delete oauth2-client --endpoint http://hydra:4445 $${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect} >/dev/null 2>&1 || true
+
+        hydra create oauth2-client \
+          --endpoint http://hydra:4445 \
+          --id adminfront \
+          --grant-type authorization_code,refresh_token \
+          --response-type code \
+          --scope openid,offline_access,profile,email \
+          --token-endpoint-auth-method none \
+          --redirect-uri $${ADMINFRONT_CALLBACK_URLS:-http://localhost:5173/auth/callback}
+
+        hydra create oauth2-client \
+          --endpoint http://hydra:4445 \
+          --id devfront \
+          --grant-type authorization_code,refresh_token \
+          --response-type code \
+          --scope openid,offline_access,profile,email \
+          --token-endpoint-auth-method none \
+          --redirect-uri $${DEVFRONT_CALLBACK_URLS:-http://localhost:5174/auth/callback}
+
+        hydra create oauth2-client \
+          --endpoint http://hydra:4445 \
+          --id $${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect} \
+          --secret $${OATHKEEPER_INTROSPECT_CLIENT_SECRET:-oathkeeper-secret} \
+          --grant-type client_credentials \
+          --response-type token \
+          --scope openid,offline_access,profile,email
+    depends_on:
+      ory_stack_check:
+        condition: service_completed_successfully
+    networks:
+      - hydranet
+
   backend:
     build:
       context: ./backend