forked from mystiq/dex
*: add more comments to the example config
This commit is contained in:
parent
7288e49c19
commit
dc13f09fb7
5 changed files with 30 additions and 60 deletions
|
@ -58,10 +58,8 @@ Then to interact with dex, like any other OAuth2 provider, you must first visit
|
||||||
a client app, then be prompted to login through dex. This can be achieved using
|
a client app, then be prompted to login through dex. This can be achieved using
|
||||||
the following steps:
|
the following steps:
|
||||||
|
|
||||||
NOTE: The UIs are extremely bare bones at the moment.
|
|
||||||
|
|
||||||
1. Navigate to http://localhost:5555/ in your browser.
|
1. Navigate to http://localhost:5555/ in your browser.
|
||||||
2. Hit "login" on the example app to be redirected to dex.
|
2. Hit "login" on the example app to be redirected to dex.
|
||||||
3. Choose the "mock" option to login as a predefined user.
|
3. Choose the "Login with Email" and enter "admin@example.com" and "password"
|
||||||
4. Approve the example app's request.
|
4. Approve the example app's request.
|
||||||
5. See the resulting token the example app claims from dex.
|
5. See the resulting token the example app claims from dex.
|
||||||
|
|
|
@ -156,7 +156,7 @@ func cmd() *cobra.Command {
|
||||||
c.Flags().StringVar(&a.clientID, "client-id", "example-app", "OAuth2 client ID of this application.")
|
c.Flags().StringVar(&a.clientID, "client-id", "example-app", "OAuth2 client ID of this application.")
|
||||||
c.Flags().StringVar(&a.clientSecret, "client-secret", "ZXhhbXBsZS1hcHAtc2VjcmV0", "OAuth2 client secret of this application.")
|
c.Flags().StringVar(&a.clientSecret, "client-secret", "ZXhhbXBsZS1hcHAtc2VjcmV0", "OAuth2 client secret of this application.")
|
||||||
c.Flags().StringVar(&a.redirectURI, "redirect-uri", "http://127.0.0.1:5555/callback", "Callback URL for OAuth2 responses.")
|
c.Flags().StringVar(&a.redirectURI, "redirect-uri", "http://127.0.0.1:5555/callback", "Callback URL for OAuth2 responses.")
|
||||||
c.Flags().StringVar(&issuerURL, "issuer", "http://127.0.0.1:5556", "URL of the OpenID Connect issuer.")
|
c.Flags().StringVar(&issuerURL, "issuer", "http://127.0.0.1:5556/dex", "URL of the OpenID Connect issuer.")
|
||||||
c.Flags().StringVar(&listen, "listen", "http://127.0.0.1:5555", "HTTP(S) address to listen at.")
|
c.Flags().StringVar(&listen, "listen", "http://127.0.0.1:5555", "HTTP(S) address to listen at.")
|
||||||
c.Flags().StringVar(&tlsCert, "tls-cert", "", "X509 cert file to present when serving HTTPS.")
|
c.Flags().StringVar(&tlsCert, "tls-cert", "", "X509 cert file to present when serving HTTPS.")
|
||||||
c.Flags().StringVar(&tlsKey, "tls-key", "", "Private key for the HTTPS cert.")
|
c.Flags().StringVar(&tlsKey, "tls-key", "", "Private key for the HTTPS cert.")
|
||||||
|
|
|
@ -1,18 +1,31 @@
|
||||||
issuer: http://127.0.0.1:5556
|
# The base path of dex and the external name of the OpenID Connect service.
|
||||||
|
# Clients use this value to do discovery.
|
||||||
|
issuer: http://127.0.0.1:5556/dex
|
||||||
|
|
||||||
|
# The storage configuration determines where dex stores its state. Supported
|
||||||
|
# options include SQL flavors and Kubernetes third party resources.
|
||||||
storage:
|
storage:
|
||||||
type: sqlite3
|
type: sqlite3
|
||||||
config:
|
config:
|
||||||
file: examples/dex.db
|
file: examples/dex.db
|
||||||
|
|
||||||
|
# Configuration for the
|
||||||
web:
|
web:
|
||||||
http: 127.0.0.1:5556
|
http: 127.0.0.1:5556
|
||||||
|
# HTTPS options are also supported:
|
||||||
|
# https: 127.0.0.1:5554
|
||||||
|
# tlsCert: /etc/dex/tls.crt
|
||||||
|
# tlsKey: /etc/dex/tls.key
|
||||||
|
|
||||||
connectors:
|
# Uncomment this block to enable the gRPC API.
|
||||||
- type: mockCallback
|
# grpc:
|
||||||
id: mock-callback
|
# addr: 127.0.0.1:5557
|
||||||
name: Mock
|
# tlsCert: /etc/dex/grpc.crt
|
||||||
|
# tlsKey: /etc/dex/grpc.key
|
||||||
|
|
||||||
# Instead of reading from an external storage, use this list of clients.
|
# Instead of reading from an external storage, use this list of clients.
|
||||||
|
#
|
||||||
|
# If this option isn't choosen clients may be added through the gRPC API.
|
||||||
staticClients:
|
staticClients:
|
||||||
- id: example-app
|
- id: example-app
|
||||||
redirectURIs:
|
redirectURIs:
|
||||||
|
@ -20,14 +33,22 @@ staticClients:
|
||||||
name: 'Example App'
|
name: 'Example App'
|
||||||
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
|
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
|
||||||
|
|
||||||
# Let dex keep a list of passwords which can be used to login the user.
|
connectors:
|
||||||
|
- type: mockCallback
|
||||||
|
id: mock
|
||||||
|
name: Example
|
||||||
|
|
||||||
|
# Let dex keep a list of passwords which can be used to login the user
|
||||||
enablePasswordDB: true
|
enablePasswordDB: true
|
||||||
|
|
||||||
# A static list of passwords to login the end user. By identifying here, dex
|
# A static list of passwords to login the end user. By identifying here, dex
|
||||||
# won't look in its undlying storage for passwords.
|
# won't look in its underlying storage for passwords.
|
||||||
|
#
|
||||||
|
# If this option isn't choosen users may be added through the gRPC API.
|
||||||
staticPasswords:
|
staticPasswords:
|
||||||
- email: "admin@example.com"
|
- email: "admin@example.com"
|
||||||
# bcrypt hash of the string "password"
|
# bcrypt hash of the string "password"
|
||||||
hash: "JDJhJDE0JDh4TnlVZ3pzSmVuQm4ySlRPT2QvbmVGcUlnQzF4TEFVRFA3VlpTVzhDNWlkLnFPcmNlYUJX"
|
hash: "JDJhJDE0JDh4TnlVZ3pzSmVuQm4ySlRPT2QvbmVGcUlnQzF4TEFVRFA3VlpTVzhDNWlkLnFPcmNlYUJX"
|
||||||
username: "admin"
|
username: "admin"
|
||||||
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
|
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
|
||||||
|
|
||||||
|
|
|
@ -1,29 +0,0 @@
|
||||||
issuer: http://127.0.0.1:5556
|
|
||||||
storage:
|
|
||||||
type: sqlite3
|
|
||||||
config:
|
|
||||||
file: examples/dex.db
|
|
||||||
|
|
||||||
web:
|
|
||||||
http: 127.0.0.1:5556
|
|
||||||
|
|
||||||
grpc:
|
|
||||||
addr: 127.0.0.1:5557
|
|
||||||
|
|
||||||
connectors:
|
|
||||||
- type: mockCallback
|
|
||||||
id: mock-callback
|
|
||||||
name: Mock
|
|
||||||
- type: mockPassword
|
|
||||||
id: mock-password
|
|
||||||
name: Password
|
|
||||||
config:
|
|
||||||
username: "admin"
|
|
||||||
password: "PASSWORD"
|
|
||||||
|
|
||||||
staticClients:
|
|
||||||
- id: example-app
|
|
||||||
redirectURIs:
|
|
||||||
- 'http://127.0.0.1:5555/callback'
|
|
||||||
name: 'Example App'
|
|
||||||
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
|
|
|
@ -1,20 +0,0 @@
|
||||||
issuer: http://127.0.0.1:5556
|
|
||||||
storage:
|
|
||||||
type: kubernetes
|
|
||||||
|
|
||||||
web:
|
|
||||||
http: 127.0.0.1:5556
|
|
||||||
|
|
||||||
connectors:
|
|
||||||
- type: mock
|
|
||||||
id: mock
|
|
||||||
name: Mock
|
|
||||||
|
|
||||||
- type: github
|
|
||||||
id: github
|
|
||||||
name: GitHub
|
|
||||||
config:
|
|
||||||
clientID: "$GITHUB_CLIENT_ID"
|
|
||||||
clientSecret: "$GITHUB_CLIENT_SECRET"
|
|
||||||
redirectURI: http://127.0.0.1:5556/callback/github
|
|
||||||
org: kubernetes
|
|
Loading…
Reference in a new issue