forked from mystiq/dex
*: add more comments to the example config
This commit is contained in:
Eric Chiang
parent
7288e49c19
commit
dc13f09fb7
5 changed files with 30 additions and 60 deletions
|
|
@ -58,10 +58,8 @@ Then to interact with dex, like any other OAuth2 provider, you must first visit
|
|||
a client app, then be prompted to login through dex. This can be achieved using
|
||||
the following steps:
|
||||
|
||||
NOTE: The UIs are extremely bare bones at the moment.
|
||||
|
||||
1. Navigate to http://localhost:5555/ in your browser.
|
||||
2. Hit "login" on the example app to be redirected to dex.
|
||||
3. Choose the "mock" option to login as a predefined user.
|
||||
3. Choose the "Login with Email" and enter "admin@example.com" and "password"
|
||||
4. Approve the example app's request.
|
||||
5. See the resulting token the example app claims from dex.
|
||||
|
|
|
|||
|
|
@ -156,7 +156,7 @@ func cmd() *cobra.Command {
|
|||
c.Flags().StringVar(&a.clientID, "client-id", "example-app", "OAuth2 client ID of this application.")
|
||||
c.Flags().StringVar(&a.clientSecret, "client-secret", "ZXhhbXBsZS1hcHAtc2VjcmV0", "OAuth2 client secret of this application.")
|
||||
c.Flags().StringVar(&a.redirectURI, "redirect-uri", "http://127.0.0.1:5555/callback", "Callback URL for OAuth2 responses.")
|
||||
c.Flags().StringVar(&issuerURL, "issuer", "http://127.0.0.1:5556", "URL of the OpenID Connect issuer.")
|
||||
c.Flags().StringVar(&issuerURL, "issuer", "http://127.0.0.1:5556/dex", "URL of the OpenID Connect issuer.")
|
||||
c.Flags().StringVar(&listen, "listen", "http://127.0.0.1:5555", "HTTP(S) address to listen at.")
|
||||
c.Flags().StringVar(&tlsCert, "tls-cert", "", "X509 cert file to present when serving HTTPS.")
|
||||
c.Flags().StringVar(&tlsKey, "tls-key", "", "Private key for the HTTPS cert.")
|
||||
|
|
|
|||
|
|
@ -1,18 +1,31 @@
|
|||
issuer: http://127.0.0.1:5556
|
||||
# The base path of dex and the external name of the OpenID Connect service.
|
||||
# Clients use this value to do discovery.
|
||||
issuer: http://127.0.0.1:5556/dex
|
||||
|
||||
# The storage configuration determines where dex stores its state. Supported
|
||||
# options include SQL flavors and Kubernetes third party resources.
|
||||
storage:
|
||||
type: sqlite3
|
||||
config:
|
||||
file: examples/dex.db
|
||||
|
||||
# Configuration for the
|
||||
web:
|
||||
http: 127.0.0.1:5556
|
||||
# HTTPS options are also supported:
|
||||
# https: 127.0.0.1:5554
|
||||
# tlsCert: /etc/dex/tls.crt
|
||||
# tlsKey: /etc/dex/tls.key
|
||||
|
||||
connectors:
|
||||
- type: mockCallback
|
||||
id: mock-callback
|
||||
name: Mock
|
||||
# Uncomment this block to enable the gRPC API.
|
||||
# grpc:
|
||||
# addr: 127.0.0.1:5557
|
||||
# tlsCert: /etc/dex/grpc.crt
|
||||
# tlsKey: /etc/dex/grpc.key
|
||||
|
||||
# Instead of reading from an external storage, use this list of clients.
|
||||
#
|
||||
# If this option isn't choosen clients may be added through the gRPC API.
|
||||
staticClients:
|
||||
- id: example-app
|
||||
redirectURIs:
|
||||
|
|
@ -20,14 +33,22 @@ staticClients:
|
|||
name: 'Example App'
|
||||
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
|
||||
|
||||
# Let dex keep a list of passwords which can be used to login the user.
|
||||
connectors:
|
||||
- type: mockCallback
|
||||
id: mock
|
||||
name: Example
|
||||
|
||||
# Let dex keep a list of passwords which can be used to login the user
|
||||
enablePasswordDB: true
|
||||
|
||||
# A static list of passwords to login the end user. By identifying here, dex
|
||||
# won't look in its undlying storage for passwords.
|
||||
# won't look in its underlying storage for passwords.
|
||||
#
|
||||
# If this option isn't choosen users may be added through the gRPC API.
|
||||
staticPasswords:
|
||||
- email: "admin@example.com"
|
||||
# bcrypt hash of the string "password"
|
||||
hash: "JDJhJDE0JDh4TnlVZ3pzSmVuQm4ySlRPT2QvbmVGcUlnQzF4TEFVRFA3VlpTVzhDNWlkLnFPcmNlYUJX"
|
||||
username: "admin"
|
||||
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
|
||||
|
||||
|
|
|
|||
|
|
@ -1,29 +0,0 @@
|
|||
issuer: http://127.0.0.1:5556
|
||||
storage:
|
||||
type: sqlite3
|
||||
config:
|
||||
file: examples/dex.db
|
||||
|
||||
web:
|
||||
http: 127.0.0.1:5556
|
||||
|
||||
grpc:
|
||||
addr: 127.0.0.1:5557
|
||||
|
||||
connectors:
|
||||
- type: mockCallback
|
||||
id: mock-callback
|
||||
name: Mock
|
||||
- type: mockPassword
|
||||
id: mock-password
|
||||
name: Password
|
||||
config:
|
||||
username: "admin"
|
||||
password: "PASSWORD"
|
||||
|
||||
staticClients:
|
||||
- id: example-app
|
||||
redirectURIs:
|
||||
- 'http://127.0.0.1:5555/callback'
|
||||
name: 'Example App'
|
||||
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
issuer: http://127.0.0.1:5556
|
||||
storage:
|
||||
type: kubernetes
|
||||
|
||||
web:
|
||||
http: 127.0.0.1:5556
|
||||
|
||||
connectors:
|
||||
- type: mock
|
||||
id: mock
|
||||
name: Mock
|
||||
|
||||
- type: github
|
||||
id: github
|
||||
name: GitHub
|
||||
config:
|
||||
clientID: "$GITHUB_CLIENT_ID"
|
||||
clientSecret: "$GITHUB_CLIENT_SECRET"
|
||||
redirectURI: http://127.0.0.1:5556/callback/github
|
||||
org: kubernetes
|
||||
Loading…
Reference in a new issue