Skip to content

feat: support self-hosted ory envs#368

Merged
drankou merged 2 commits into
mainfrom
self-hosted-ory-vars
Jun 9, 2026
Merged

feat: support self-hosted ory envs#368
drankou merged 2 commits into
mainfrom
self-hosted-ory-vars

Conversation

@drankou

@drankou drankou commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

Today the dashboard's AUTH_PROVIDER=ory path assumes Ory Network: it requires ORY_PROJECT_API_TOKEN and points every admin call at ORY_SDK_URL (the unified SDK host). That makes local devenv and self-hosted deployments — where Kratos and Hydra are separate services on separate admin ports — impossible to configure.

This PR adds first-class support for self-hosted Ory by letting the IdentityApi and OAuth2Api clients each target an explicit admin base path, with the env check enforcing that one valid admin surface is configured per service.

Supported configurations

Deployment Required env
Ory Network ORY_PROJECT_API_TOKEN (covers both Kratos and Hydra admin via the unified SDK host)
Self-hosted ORY_KRATOS_ADMIN_URL and ORY_HYDRA_ADMIN_URL (each gated by network reachability)

@cla-bot cla-bot Bot added the cla-signed label Jun 9, 2026
@vercel

vercel Bot commented Jun 9, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
web Ready Ready Preview, Comment Jun 9, 2026 12:58pm
web-juliett Ready Ready Preview, Comment Jun 9, 2026 12:58pm

Request Review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 328b758c89

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread src/core/server/auth/ory/client.ts
@drankou drankou marked this pull request as draft June 9, 2026 11:01
@drankou drankou force-pushed the self-hosted-ory-vars branch from 328b758 to 3d6ba32 Compare June 9, 2026 11:07
@drankou drankou marked this pull request as ready for review June 9, 2026 11:23

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3d6ba32e49

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread scripts/check-app-env.ts Outdated
Identity and OAuth2 admin checks ran independently and each accepted
ORY_PROJECT_API_TOKEN, so a self-hosted env with a leftover PAT and only
ORY_KRATOS_ADMIN_URL passed validation. At runtime getOryOAuth2Api() then
fell back to the public ORY_SDK_URL, silently misrouting session
revocations away from the self-hosted Hydra admin port.

Replace both any-of checks with a single mode-coherence rule: any
self-hosted admin URL requires both, otherwise require the project token.

Addresses codex review on PR #368.
@drankou drankou changed the title feat: support self-hosted ory via kratos admin url feat: support self-hosted ory envs Jun 9, 2026
@drankou drankou merged commit 6af0e2a into main Jun 9, 2026
14 checks passed
@drankou drankou deleted the self-hosted-ory-vars branch June 9, 2026 13:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants