User center Kratos
Kratos is introduced
ORY Kratos is an API-first identity and user management system built according to cloud architecture best practices. It implements the core use cases that almost every software application needs to deal with:
- Self login and Registration: allow end users to use a username/email and password combination, social login (use
Google, makingLogon), password-free streams, etc. Create and log in accounts (we call themidents) - Multiple authentication (MFA/2FA): Support protocols, e.g
TOTP ([RFC 6238] and [IETF RFC 4226] (https://tools.ietf.org/html/rfc6238) (https://tools.ietf.org/html/rfc4226), better known as [Google Authenticator](https://en.wikipedia.org/wiki/Google_Authenticator)) - Account authentication: Verifies that an email address, phone number, or physical address actually belongs to this identity.
- Account recovery: Use the “forgotten password” stream, security code (if lost
MKFADevice) and other content to restore access. - Profile and account management: Use security processes to update passwords, personal details, email addresses, and linked social profiles.
- Admin API: Import, update, delete identity.
1 Code Download
Kratos source address to download
Unzip the instructions
Unzip the downloaded source code and place it locally%GOPATH%/srcdirectory
Note :GOPATH is the runtime workspace location of the project. GOPATH contains three subdirectories as follows
- The SRC directory contains the Go source files, which are organized into packages (one for each directory)
- The PKG directory contains package objects
- The bin directory contains executable commands
2 compile kratos
1 "win+R" is enabled. 2 Enter "CMD" and press Enter to enter the command prompt. 3 Go to the directory corresponding to Kratos (D:\go_project\ SRC \kratos). 4 Enter go build main.goCopy the code
3 Database Migration
3.1 Migrating the Configuration File
Find below the project root directory. / personal/SQL /. Soda. Yml modifying configuration files, to prepare for the database migration
dsn: Mysql: / / root: admin @ TCP (127.0.0.1:3306)/kratos? parseTime=true&multiStatements=true
Copy the code3.2 Migrating kratos project data to mysql
Note: From here, use the Goland compiler to operate the Kratos project, creating a database kratos with Navicat
3.3 Data migration of Kratos project
The project path executes the following command under %GOPATH%\ SRC \kratos
main.exe --config ./persistence/sql/.soda.yml migrate sql -e --yes
Copy the code
3.4 Checking whether the migration is successful in Navicat
4 Modify the project configuration file
Project configuration file in kratos/docs /. Kratos. Yaml, specific configuration instructions below
Click on the project profile
serve:
admin:
port: 1234
host: 127.0. 01.
public:
port: 1235
host: 127.0. 01.
Connect database to DSN
dsn: mysql://root:admin@tcp(localhost:3306)/kratos? parseTime=true&multiStatements=true
selfservice:
strategies:
password:
enabled: true # Enable user password authentication
logout:
redirect_to: http://127.0.0.1:3000/auth/login The url of the login address
login:
request_lifespan: 10m
after:
password:
-
job: session
-
job: redirect
config:
default_redirect_url: http://127.0.0.1:3000/
allow_user_defined_redirect: true
registration:
request_lifespan: 10m
after:
password:
-
job: session
-
job: redirect
config:
default_redirect_url: http://127.0.0.1:3000/auth/registration Register the front-end page URL of the jump
allow_user_defined_redirect: true
log:
level: debug
secrets:
session:
- PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
urls:
login_ui: http://127.0.0.1:3000/auth/login Log in to the front-end page URL of the jump
registration_ui: http://127.0.0.1:3000/auth/registration Register the front-end page URL of the jump
error_ui: http://127.0.0.1:3000/error Error redirect front-end page URL
profile_ui: http://127.0.0.1:3000/auth/profile # personal profile jump to the front page URL
These are undefined because they are not available in this demo
mfa_ui: http://127.0.0.1:3000/
verify_ui: http://127.0.0.1:3000/
self:
public: http://127.0.0.1:1235/ #KRATOS_BROWSER_URL
admin: http://127.0.0.1:1234/ #KRATOS_ADMIN_URL
default_return_to: http://127.0.0.1:3000/ The url of the page to jump to after the login is successful
whitelisted_return_to_domains: Whitelist returns field
- http://127.0.0.1:1235
hashers:
argon2:
parallelism: 1
memory: 131072
iterations: 2
salt_length: 16
key_length: 16
identity:
traits:
default_schema_url: http://127.0.0.1:3000/identity.traits.schema.json The user schema format for registering the identity
courier:
smtp:
connection_uri: smtp://test:test@mailhog:1025/ Configure the mailbox port address
Copy the code
5 start the Kratos project
Go to the %GOPATH%/ SRC /kratos directory in Goland and run the following command to start the project
main.exe serve --dev -c ./docs/.kratos.yaml
Copy the code
6 Bind front-end pages
Kratos front-end page address download
6.1 Front-end File Structure
6.2 Front-end Startup
If nodeJS is not installed, install it by yourself
//1 Download the front-end dependency package NPM I //2 Modify the configuration file kratos-selfservice-uI-node/SRC /config.ts // Change the corresponding back-end IP address. See Figure 6.1-3 starting the front-end service NPM run startCopy the code7 Background Database Description
7.1 Mail Message Table Courier_Messages
| The field names | The field type | Parameters that |
|---|---|---|
| id | char(36) | The primary key id |
| type | int(11) | Email type |
| status | int(11) | The mail status |
| body | varchar(255) | Email Body content |
| subject | varchar(255) | Email subject |
| recipient | varchar(255) | Recipient Information |
| created_at | datetime | Creation time |
| updated_at | datetime | Modify the time |
7.2 Identity Table
| The field names | The field type | Parameters that |
|---|---|---|
| id | char(36) | The primary key id |
| traits_schema_id | varchar(2048) | Id of the identity signature mode |
| traits | json | Personality traits |
| created_at | datetime | Creation time |
| updated_at | datetime | Modify the time |
7.3 Identity Identifiers
Identity identifier data table identity_credential_identifiers
| The field names | The field type | Parameters that |
|---|---|---|
| id | char(36) | The primary key id |
| identifier | varchar(255) | Status description |
| identity_credential_id | char(36) | Identity_credentials primary key id |
| created_at | datetime | Creation time |
| updated_at | datetime | Modify the time |
| ### 7.4 Identity type | ||
Id card type data tableidentity_credential_types |
||
| The field names | The field type | Parameters that |
| : — — — — — – | : — — — — — — — — — — — — — — — | : — — — — — — — — — — — — — — — — — |
| id | char(36) | The primary key id |
| name | varchar(32) | The identity name |
| Id card data sheet | ||
Id Card data sheetidentity_credentials |
||
| The field names | The field type | Parameters that |
| : — — — — — – | : — — — — — — — — — — — — — — — | : — — — — — — — — — — — — — — — — — |
| id | char(36) | The primary key id |
| config | json | Identity Encryption Configuration |
| identity_credential_type_id | char(36) | Identity_credential_type primary key id |
| identity_id | char(36) | Identities of foreign keys |
| created_at | datetime | Creation time |
| updated_at | datetime | Modify the time |
| Migration record table | ||
Migration record sheetschema_migration |
||
| The field names | The field type | Parameters that |
| : — — — — — – | : — — — — — — — — — — — — — — — | : — — — — — — — — — — — — — — — — — |
| version | varchar(14) | Migration version number |
7.7 Self-service Error list
Self-service error table selfService_errors
| The field names | The field type | Parameters that |
|---|---|---|
| id | char(36) | The primary key id |
| errors | json | The error message |
| seen_at | datetime | Check the time |
| was_seen | tinyint(1) | Check whether information is displayed. 0 No. 1 Yes |
| created_at | datetime | Creation time |
| updated_at | datetime | Modify the time |
| csrf_token | varchar(255) | The token data |
7.8 Log in request Method record table
Self service login request method record table selfService_login_request_methods
| The field names | The field type | Parameters that |
|---|---|---|
| id | char(36) | The primary key id |
| method | varchar(32) | Request method |
| selfservice_login_request_id | char(36) | Selfservice_login_requests Primary key ID of the table |
| config | json | Request method configuration information |
| created_at | datetime | Creation time |
| updated_at | datetime | Modify the time |
| ### 7.9 Login request record table | ||
Self-service login request record formselfservice_login_requests |
||
| The field names | The field type | Parameters that |
| : — — — — — – | : — — — — — — — — — — — — — — — | : — — — — — — — — — — — — — — — — — |
| id | char(36) | The primary key id |
| request_url | varchar(2048) | The requested httpUrl |
| issued_at | datetime | Trigger request time |
| expires_at | datetime | Expiration time |
| active_method | varchar(32) | Active methods |
| csrf_token | varchar(255) | CSRF token |
| created_at | datetime | Creation time |
| updated_at | datetime | Modify the time |
7.10 Configuring Management Requests
Self-service CONFIGURATION management request data table selfService_profile_management_requests
| The field names | The field type | Parameters that |
|---|---|---|
| id | char(36) | The primary key id |
| request_url | varchar(2048) | The requested httpUrl |
| issued_at | datetime | Trigger request time |
| expires_at | datetime | Expiration time |
| form | json | Form data |
| update_successful | tinyint(1) | Update successful |
| identity_id | char(36) | Identities primary key id |
| created_at | datetime | Creation time |
| updated_at | datetime | Modify the time |
7.11 Registration Request Method Record form
Selfservice_registration_request_methods Record table selfService_registration_request_methods
| The field names | The field type | Parameters that |
|---|---|---|
| id | char(36) | The primary key id |
| method | varchar(32) | Request method |
| selfservice_registration_request_id | char(36) | Selfservice_registration_requests Primary key ID of the table |
| config | json | Request method configuration information |
| created_at | datetime | Creation time |
| updated_at | datetime | Modify the time |
| Registration Request Record Form | ||
Self-service registration request record formselfservice_registration_requests |
||
| The field names | The field type | Parameters that |
| : — — — — — – | : — — — — — — — — — — — — — — — | : — — — — — — — — — — — — — — — — — |
| id | char(36) | The primary key id |
| request_url | varchar(2048) | The requested httpUrl |
| issued_at | datetime | Trigger request time |
| expires_at | datetime | Expiration time |
| active_method | varchar(32) | Active methods |
| csrf_token | varchar(255) | CSRF token |
| created_at | datetime | Creation time |
| updated_at | datetime | Modify the time |
7.13 sessions
| The field names | The field type | Parameters that |
|---|---|---|
| id | char(36) | The primary key id |
| issued_at | datetime | Trigger request time |
| expires_at | datetime | Expiration time |
| authenticated_at | datetime | Authorized time |
| identity_id | char(36) | Identities primary key id |
| created_at | datetime | Creation time |
| updated_at | datetime | Modify the time |
8 Kratos project Swagger details
Swagger installation tutorial
8.1 List of project request apis
Click to see a list of all request apis for the project
1Common Common interface1.1Note: When accessing this endpoint through ORY Kratos' Public API, ensure that cookies are set for CSRF to run properly. Interface: / self - service/browser/flows/requests/login? request=1234
1.2Note: When accessing this endpoint through ORY Kratos' Public API, make sure cookies are set, as they are required to check the authentication session. Interface: self - service/browser/flows/requests/profile1.3Note: When accessing this endpoint through ORY Kratos' Public API, make sure cookies are set for CSRF to run properly. Interface: self - service/browser/flows/requests/registration1.4This endpoint returns an error related to a user-facing self-service error. Request mode :GET Interface :/self-service/errors2 public
2.1This endpoint initializes the browser-based user login process. Request: GET interface: / self - service/browser/flows/login details: the endpoint initializing browser-based user login process. After initialization, the browser redirects to urls.login_ui requesting the browser whose ID is set as the query parameter. If a valid user session already exists, the browser redirects to urls.default_redirect_URL.2.2Initialization based on the browser's cancellation request user flow way: GET interface: / self - service/browser/flows/logout2.3Initialize the browser-based configuration file management process request: GET interface: / self - service/browser/flows/profile2.4To complete the browser-based configuration file management process request: POST interface: / self - service/browser/flows/profile/update2.5Initialization based on the browser's registered users flow request: GET interface: / self - service/browser/flows/registration2.6Retrieve based on the browser login user flow request context: GET interface: / self - service/browser/flows/requests/login2.7Access the browser-based configuration file management flow request context: GET interface: / self - service/browser/flows/requests/profile2.8Access based on the browser's request context of registered user flow way: GET interface: / self - service/browser/flows/requests/registration2.9This endpoint returns the error request type associated with user-facing self-service errors :GET interface :/self-service/errors2.10Check who the current HTTP session belongs to. Request :GET Interface :/sessions/whoami3 admin
3.1This section lists all identity requests in the system. GET interface :/identities3.2Create identity request mode :POST Interface :/identities3.3Obtain the corresponding identity request mode :GET Interface :/identities/{id}3.4Modify the corresponding identity request mode :PUT Interface :/identities/{ID}3.5DELETE corresponding identity request mode :DELETE Interface :/identities/{ID}3.6Retrieve based on the browser login user flow request context: GET interface: / self - service/browser/flows/requests/login3.7Access the browser-based configuration file management flow request context: GET interface: / self - service/browser/flows/requests/profile3.8Access based on the browser's request context of registered user flow way: GET interface: / self - service/browser/flows/requests/registration3.9Method for obtaining self-service error requests for users :GET Interface :/self-service/errors4 health
4.1Check the active status. Request mode :GET Interface :/health/alive4.2Check the readiness. Request mode :GET Interface :/health/ready5Obtaining the service version Request method :GET Interface :/versionCopy the code9 Test Service
9.1 Going to the Login page
If the configuration file in this document is used, the following is an example of the redirect. Note: The login page for accessing the background server and redirecting the front-end login page is displayed
http://127.0.0.1:1235/self-service/browser/flows/login
Copy the code
9.2 Registering an Identity Account
Click the register account button on the login page to jump to the register page
http://127.0.0.1:1235/self-service/browser/flows/registration
Copy the code
9.3 Logging In to the Homepage
Enter the registered account and password on the login page to go to the default home page
10 More resources
Kratos source
http://127.0.0.1:1235/self-service/browser/flows/registration
Copy the code
9.3 Logging In to the Homepage
Enter the registered account and password on the login page to go to the default home page
10 More resources
Kratos source
Kratos official website documentation