# Full-stack auth E2E — token timeout + silent re-mint ("stay signed in", §4). The Ory-free # visual suite (compose.e2e.yml) covers the design system; this is its full-stack counterpart: # real Postgres + Kratos + Keto + bootstrap + web, with a SHORT tokenizer TTL (ory/kratos/e2e.yml) # and zero clock skew, so the JWT lapses and re-mints within seconds instead of ~10m. # docker compose -f compose.yml -f compose.e2e-auth.yml run --build --rm e2e # docker compose -f compose.yml -f compose.e2e-auth.yml down -v # tear down after services: web: # This suite exercises only the Kratos session → JWT re-mint; it needs Kratos + Keto + bootstrap, # not Hydra. Drop the base web→hydra dep so the leaner stack doesn't boot Hydra (which the e2e # overlays don't run with --dev, so it would refuse its http issuer and never become healthy). depends_on: !override bootstrap: condition: service_completed_successfully kratos: condition: service_healthy keto: condition: service_healthy # Dev throwaways are fine for the test stack; the runner hits web over http; treat the JWT as # expired the instant its TTL lapses (no 60s leeway) so the re-mint fires promptly. environment: CACHE_TEMPLATES: "true" JWT_CLOCK_SKEW_SEC: "0" REQUIRE_SECURE_SECRETS: "false" SECURE_COOKIES: "false" healthcheck: test: ["CMD", "wget", "-q", "-O", "-", "http://localhost:3000/"] interval: 2s timeout: 4s retries: 30 # Shorten the session→JWT TTL and expose a network-resolvable base_url (ory/kratos/e2e.yml), # merged after the base config. kratos: command: serve -c /etc/config/kratos/kratos.yml -c /etc/config/kratos/e2e.yml --watch-courier e2e: build: context: . dockerfile: Dockerfile.e2e depends_on: web: condition: service_healthy environment: BASE_URL: http://web:3000 KRATOS_ADMIN_URL: http://kratos:4434 KRATOS_PUBLIC_URL: http://kratos:4433 command: ["npx", "playwright", "test", "auth-refresh.spec.ts"] volumes: - ./e2e/artifacts:/e2e/artifacts