fix: add init-rp to staging compose to register OIDC clients

2026-03-18 16:45:19 +09:00
parent 406eef240d
commit f59206e589
1 changed files with 59 additions and 0 deletions
--- a/docker/staging_pull_compose.template.yaml
+++ b/docker/staging_pull_compose.template.yaml
@@ -244,6 +244,65 @@ services:
    networks:
      - ory-net

+  ory_stack_check:
+    image: alpine:latest
+    container_name: ory_stack_check
+    command: >
+      /bin/sh -c "
+        apk add --no-cache curl;
+        echo 'Wait for services...';
+        until curl -s http://kratos:4433/health/ready; do sleep 1; done;
+        until curl -s http://hydra:4444/health/ready; do sleep 1; done;
+        until curl -s http://keto:4466/health/ready; do sleep 1; done;
+        echo 'Ory Stack is fully operational!';"
+    depends_on:
+      - kratos
+      - hydra
+      - keto
+    networks:
+      - ory-net
+
+  init-rp:
+    image: oryd/hydra:${HYDRA_VERSION:-v25.4.0}
+    entrypoint: ["/bin/sh"]
+    command:
+      - -ec
+      - |
+        hydra delete oauth2-client --endpoint http://hydra:4445 adminfront >/dev/null 2>&1 || true
+        hydra delete oauth2-client --endpoint http://hydra:4445 devfront >/dev/null 2>&1 || true
+        hydra delete oauth2-client --endpoint http://hydra:4445 $${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect} >/dev/null 2>&1 || true
+
+        hydra create oauth2-client \
+          --endpoint http://hydra:4445 \
+          --id adminfront \
+          --grant-type authorization_code,refresh_token \
+          --response-type code \
+          --scope openid,offline_access,profile,email \
+          --token-endpoint-auth-method none \
+          --redirect-uri $${ADMINFRONT_CALLBACK_URLS:-http://localhost:5173/auth/callback}
+
+        hydra create oauth2-client \
+          --endpoint http://hydra:4445 \
+          --id devfront \
+          --grant-type authorization_code,refresh_token \
+          --response-type code \
+          --scope openid,offline_access,profile,email \
+          --token-endpoint-auth-method none \
+          --redirect-uri $${DEVFRONT_CALLBACK_URLS:-http://localhost:5174/auth/callback}
+
+        hydra create oauth2-client \
+          --endpoint http://hydra:4445 \
+          --id $${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect} \
+          --secret $${OATHKEEPER_INTROSPECT_CLIENT_SECRET:-oathkeeper-secret} \
+          --grant-type client_credentials \
+          --response-type token \
+          --scope openid,offline_access,profile,email
+    depends_on:
+      ory_stack_check:
+        condition: service_completed_successfully
+    networks:
+      - hydranet
+
  backend:
    build:
      context: ./backend