version: "3"
services:   
    hydra-client: 
        image: oryd/hydra:v2.2.0
        container_name: hydra-client
        environment:
            HYDRA_ADMIN_URL: http://hydra:4445
            ORY_SDK_URL: http://hydra:4445
        command:
            - create
            - oauth2-client
            - --skip-tls-verify
            - --name
            - test-client
            - --secret
            - oc-auth-got-secret
            - --response-type
            - id_token,token,code
            - --grant-type
            - implicit,refresh_token,authorization_code,client_credentials
            - --scope
            - openid,profile,email,roles
            - --token-endpoint-auth-method
            - client_secret_post
            - --redirect-uri
            - http://localhost:3000

        networks:
            - hydra-net
            - catalog
        deploy:
            restart_policy:
                condition: none
        depends_on:
            - hydra
        healthcheck:
            test: ["CMD", "curl", "-f", "http://hydra:4445"]
            interval: 10s
            timeout: 10s
            retries: 10
    hydra:
        container_name: hydra
        image: oryd/hydra:v2.2.0
        environment:
            SECRETS_SYSTEM: oc-auth-got-secret
            LOG_LEAK_SENSITIVE_VALUES: true
            # OAUTH2_TOKEN_HOOK_URL: http://oc-auth:8080/oc/claims
            URLS_SELF_ISSUER: http://hydra:4444
            URLS_SELF_PUBLIC: http://hydra:4444
            WEBFINGER_OIDC_DISCOVERY_SUPPORTED_SCOPES: profile,email,phone,roles
            WEBFINGER_OIDC_DISCOVERY_SUPPORTED_CLAIMS: name,family_name,given_name,nickname,email,phone_number
            DSN: memory
        command: serve all --dev
        networks:
            - hydra-net
            - catalog
        ports:
            - "4444:4444"
            - "4445:4445"
        deploy:
            restart_policy:
                condition: on-failure
    ldap:
        image: pgarrett/ldap-alpine
        container_name: ldap
        volumes:  
            - "./ldap.ldif:/ldif/ldap.ldif"
        networks:
            - hydra-net
            - catalog
        ports:
            - "390:389"
        deploy:
            restart_policy:
                condition: on-failure
networks:    
    hydra-net:
    catalog:
        external: true