forked from mystiq/dex
Merge pull request #161 from philips/dex-more-docs-fixes
Minor, non-content, formatting fixes. LGTM.
This commit is contained in:
commit
b29f76b6f7
2 changed files with 6 additions and 4 deletions
|
@ -88,7 +88,8 @@ Note: the issuer URL MUST have an `https` scheme in production to meet spec comp
|
||||||
|
|
||||||
The worker and overlord are up and running, but we need to tell dex what connectors we want to use to authenticate. For this case we'll set up a local connector, where dex manages credentials and provides a UI for authentication, and a Google OIDC connector.
|
The worker and overlord are up and running, but we need to tell dex what connectors we want to use to authenticate. For this case we'll set up a local connector, where dex manages credentials and provides a UI for authentication, and a Google OIDC connector.
|
||||||
|
|
||||||
If you prefer to use the Google OIDC Identity Provider (IdP), just omit the second entry in the JSON connector list. Note that you must replace DEX_GOOGLE_CLIENT_{ID,SECRET} with the client ID and client Secret you got when you registered your project with the Google developer console.
|
If you prefer to use the Google OIDC Identity Provider (IdP), just omit the second entry in the JSON connector list. Note that you must replace `DEX_GOOGLE_CLIENT_SECRET` and `DEX_GOOGLE_CLIENT_ID` with the client secret and client ID you got when you registered your project with the Google developer console.
|
||||||
|
|
||||||
```
|
```
|
||||||
cat << EOF > /tmp/dex_connectors.json
|
cat << EOF > /tmp/dex_connectors.json
|
||||||
[
|
[
|
||||||
|
@ -116,6 +117,7 @@ One thing to note here that's a bit confusing here is that in the case of the Go
|
||||||
Like all OAuth2/OIDC IdPs, clients must be registered with the IdP (dex), along with their valid redirect URLS.
|
Like all OAuth2/OIDC IdPs, clients must be registered with the IdP (dex), along with their valid redirect URLS.
|
||||||
|
|
||||||
New clients can be registered with the dexctl CLI tool:
|
New clients can be registered with the dexctl CLI tool:
|
||||||
|
|
||||||
```
|
```
|
||||||
eval "$(./bin/dexctl -db-url=$DEX_DB_URL new-client http://127.0.0.1:5555/callback)"
|
eval "$(./bin/dexctl -db-url=$DEX_DB_URL new-client http://127.0.0.1:5555/callback)"
|
||||||
```
|
```
|
||||||
|
|
|
@ -13,13 +13,13 @@ We named the project 'dex' because it is a central index of users that other pie
|
||||||
dex consists of multiple components:
|
dex consists of multiple components:
|
||||||
|
|
||||||
- **dex-worker** is the primary server component of dex
|
- **dex-worker** is the primary server component of dex
|
||||||
- host a user-facing API that drives the OIDC protocol
|
- host a user-facing API that drives the OIDC protocol
|
||||||
- proxy to remote identity providers via "connectors"
|
- proxy to remote identity providers via "connectors"
|
||||||
- provides an API for administrators to manage users.
|
- provides an API for administrators to manage users.
|
||||||
- **dex-overlord** is an auxiliary process responsible for various administrative tasks:
|
- **dex-overlord** is an auxiliary process responsible for various administrative tasks:
|
||||||
- rotation of keys used by the workers to sign identity tokens
|
- rotation of keys used by the workers to sign identity tokens
|
||||||
- garbage collection of stale data in the database
|
- garbage collection of stale data in the database
|
||||||
- provides an API for bootstrapping the system.
|
- provides an API for bootstrapping the system.
|
||||||
- **dexctl** is a CLI tool used to manage a dex deployment
|
- **dexctl** is a CLI tool used to manage a dex deployment
|
||||||
- configure identity provider connectors
|
- configure identity provider connectors
|
||||||
- administer OIDC client identities
|
- administer OIDC client identities
|
||||||
|
|
Loading…
Reference in a new issue