From 0d3f9330dab145c2484c782350bb91049706bbab Mon Sep 17 00:00:00 2001
From: Ivaylo Novakov <inovakov@gmail.com>
Date: Fri, 18 Dec 2020 13:12:37 +0100
Subject: [PATCH] Add instructions on configuring kratos and oathkeeper.

---
 README.md | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/README.md b/README.md
index fc8462e4..f4adde6f 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,51 @@ rs.initiate(
 )
 ```
 
+### Kratos & Oathkeeper Setup
+
+[Kratos](https://www.ory.sh/kratos) is our user management system of choice and 
+[Oathkeeper](https://www.ory.sh/oathkeeper) is the identity and access proxy.
+
+Most of the needed config is already under `docker/kratos`. The only two things
+that need to be changed are the config for Kratos that might contain you email 
+server password, and the JWKS Oathkeeper uses to sign its JWT tokens.
+
+To override the default `kratos.yml` you can create ` .kratos.yml` in the root 
+directory of the project, alongside the `.env` file.
+
+To override the JWKS you will need to directly edit 
+`docker/kratos/oathkeeper/id_token.jwks.json` and replace it with your generated
+key set. If you don't know how to generate a key set you can use this code:
+```go
+package main
+
+import (
+	"encoding/json"
+	"log"
+	"os"
+
+	"github.com/ory/hydra/jwk"
+)
+
+func main() {
+	gen := jwk.RS256Generator{
+		KeyLength: 2048,
+	}
+	jwks, err := gen.Generate("", "sig")
+	if err != nil {
+		log.Fatal(err)
+	}
+	jsonbuf, err := json.MarshalIndent(jwks, "", "  ")
+	if err != nil {
+		log.Fatal("failed to generate JSON: %s", err)
+	}
+	os.Stdout.Write(jsonbuf)
+}
+```
+While you can directly put the output of this programme into the file mentioned 
+above, you can also remove the public key from the set and change the `kid` of 
+the private key to not include the prefix `private:`.
+
 ## Contributing
 
 ### Testing Your Code