*: add more comments to the example config

This commit is contained in:
Eric Chiang 2016-10-14 08:58:57 -07:00
parent 7288e49c19
commit dc13f09fb7
5 changed files with 30 additions and 60 deletions

View file

@ -58,10 +58,8 @@ Then to interact with dex, like any other OAuth2 provider, you must first visit
a client app, then be prompted to login through dex. This can be achieved using a client app, then be prompted to login through dex. This can be achieved using
the following steps: the following steps:
NOTE: The UIs are extremely bare bones at the moment.
1. Navigate to http://localhost:5555/ in your browser. 1. Navigate to http://localhost:5555/ in your browser.
2. Hit "login" on the example app to be redirected to dex. 2. Hit "login" on the example app to be redirected to dex.
3. Choose the "mock" option to login as a predefined user. 3. Choose the "Login with Email" and enter "admin@example.com" and "password"
4. Approve the example app's request. 4. Approve the example app's request.
5. See the resulting token the example app claims from dex. 5. See the resulting token the example app claims from dex.

View file

@ -156,7 +156,7 @@ func cmd() *cobra.Command {
c.Flags().StringVar(&a.clientID, "client-id", "example-app", "OAuth2 client ID of this application.") c.Flags().StringVar(&a.clientID, "client-id", "example-app", "OAuth2 client ID of this application.")
c.Flags().StringVar(&a.clientSecret, "client-secret", "ZXhhbXBsZS1hcHAtc2VjcmV0", "OAuth2 client secret of this application.") c.Flags().StringVar(&a.clientSecret, "client-secret", "ZXhhbXBsZS1hcHAtc2VjcmV0", "OAuth2 client secret of this application.")
c.Flags().StringVar(&a.redirectURI, "redirect-uri", "http://127.0.0.1:5555/callback", "Callback URL for OAuth2 responses.") c.Flags().StringVar(&a.redirectURI, "redirect-uri", "http://127.0.0.1:5555/callback", "Callback URL for OAuth2 responses.")
c.Flags().StringVar(&issuerURL, "issuer", "http://127.0.0.1:5556", "URL of the OpenID Connect issuer.") c.Flags().StringVar(&issuerURL, "issuer", "http://127.0.0.1:5556/dex", "URL of the OpenID Connect issuer.")
c.Flags().StringVar(&listen, "listen", "http://127.0.0.1:5555", "HTTP(S) address to listen at.") c.Flags().StringVar(&listen, "listen", "http://127.0.0.1:5555", "HTTP(S) address to listen at.")
c.Flags().StringVar(&tlsCert, "tls-cert", "", "X509 cert file to present when serving HTTPS.") c.Flags().StringVar(&tlsCert, "tls-cert", "", "X509 cert file to present when serving HTTPS.")
c.Flags().StringVar(&tlsKey, "tls-key", "", "Private key for the HTTPS cert.") c.Flags().StringVar(&tlsKey, "tls-key", "", "Private key for the HTTPS cert.")

View file

@ -1,18 +1,31 @@
issuer: http://127.0.0.1:5556 # The base path of dex and the external name of the OpenID Connect service.
# Clients use this value to do discovery.
issuer: http://127.0.0.1:5556/dex
# The storage configuration determines where dex stores its state. Supported
# options include SQL flavors and Kubernetes third party resources.
storage: storage:
type: sqlite3 type: sqlite3
config: config:
file: examples/dex.db file: examples/dex.db
# Configuration for the
web: web:
http: 127.0.0.1:5556 http: 127.0.0.1:5556
# HTTPS options are also supported:
# https: 127.0.0.1:5554
# tlsCert: /etc/dex/tls.crt
# tlsKey: /etc/dex/tls.key
connectors: # Uncomment this block to enable the gRPC API.
- type: mockCallback # grpc:
id: mock-callback # addr: 127.0.0.1:5557
name: Mock # tlsCert: /etc/dex/grpc.crt
# tlsKey: /etc/dex/grpc.key
# Instead of reading from an external storage, use this list of clients. # Instead of reading from an external storage, use this list of clients.
#
# If this option isn't choosen clients may be added through the gRPC API.
staticClients: staticClients:
- id: example-app - id: example-app
redirectURIs: redirectURIs:
@ -20,14 +33,22 @@ staticClients:
name: 'Example App' name: 'Example App'
secret: ZXhhbXBsZS1hcHAtc2VjcmV0 secret: ZXhhbXBsZS1hcHAtc2VjcmV0
# Let dex keep a list of passwords which can be used to login the user. connectors:
- type: mockCallback
id: mock
name: Example
# Let dex keep a list of passwords which can be used to login the user
enablePasswordDB: true enablePasswordDB: true
# A static list of passwords to login the end user. By identifying here, dex # A static list of passwords to login the end user. By identifying here, dex
# won't look in its undlying storage for passwords. # won't look in its underlying storage for passwords.
#
# If this option isn't choosen users may be added through the gRPC API.
staticPasswords: staticPasswords:
- email: "admin@example.com" - email: "admin@example.com"
# bcrypt hash of the string "password" # bcrypt hash of the string "password"
hash: "JDJhJDE0JDh4TnlVZ3pzSmVuQm4ySlRPT2QvbmVGcUlnQzF4TEFVRFA3VlpTVzhDNWlkLnFPcmNlYUJX" hash: "JDJhJDE0JDh4TnlVZ3pzSmVuQm4ySlRPT2QvbmVGcUlnQzF4TEFVRFA3VlpTVzhDNWlkLnFPcmNlYUJX"
username: "admin" username: "admin"
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466" userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"

View file

@ -1,29 +0,0 @@
issuer: http://127.0.0.1:5556
storage:
type: sqlite3
config:
file: examples/dex.db
web:
http: 127.0.0.1:5556
grpc:
addr: 127.0.0.1:5557
connectors:
- type: mockCallback
id: mock-callback
name: Mock
- type: mockPassword
id: mock-password
name: Password
config:
username: "admin"
password: "PASSWORD"
staticClients:
- id: example-app
redirectURIs:
- 'http://127.0.0.1:5555/callback'
name: 'Example App'
secret: ZXhhbXBsZS1hcHAtc2VjcmV0

View file

@ -1,20 +0,0 @@
issuer: http://127.0.0.1:5556
storage:
type: kubernetes
web:
http: 127.0.0.1:5556
connectors:
- type: mock
id: mock
name: Mock
- type: github
id: github
name: GitHub
config:
clientID: "$GITHUB_CLIENT_ID"
clientSecret: "$GITHUB_CLIENT_SECRET"
redirectURI: http://127.0.0.1:5556/callback/github
org: kubernetes