example-oauth
OAuth 2 / JWT example (Hanami 1.7.x) — OAUTH-enabled deployment
Starting with 1.7.x all environment-specific secrets live in one file:
/opt/hanami-ext/config/customer-env.ymlKeepcustomer.yml,customer-iam.yml, andcustomer-workflow.ymlunchanged unless you need custom workflow or RBAC mapping.
1. Skeleton customer-env.yml
env:
hanami:
elasticsearch:
url: "https://<elastic hostname>:<port>"
username: "<elastic username>"
password: "<elastic password>"
triplestore:
url: "http://<triplestore hostname>:<port>/<sparql path>"
username: "<triplestore user>"
password: "<triplestore password>"
catalogue:
url: "http://<catalogue application host>:<catalogue application port>"
security:
iam: true # ← switch to external IdP
issuer-uri: "https://login.microsoftonline.com/<tenantID>/v2.0"
client-id: "<client-id>"
client-secret: "<client-secret>"
Save as
/opt/hanami-ext/config/customer-env.yml
and delete customer-env.yml.example.
2. Where do the old placeholders go?
| Placeholder from pre-1.7.x guide | New location (customer-env.yml) |
|---|---|
<elastic hostname>, <elastic username>, <elastic password> | env.hanami.elasticsearch.* |
<triplestore …> values | env.hanami.triplestore.* |
<catalogue application host>, <port> | env.hanami.catalogue.url |
<resourceserver issuer-uri> & <client issuer-uri> | env.hanami.security.issuer-uri |
<client-id> | env.hanami.security.client-id |
<client-secret> | env.hanami.security.client-secret |
(Everything else—index-template prefixes, feature toggles, JWT claim mapping—remains in the shipped defaults.)
✅ Hanami now authenticates via your OAuth 2 / OIDC provider and picks up all environment secrets from one YAML file.