# The base path of Dex and the external name of the OpenID Connect service.
# This is the canonical URL that all clients MUST use to refer to Dex. If a
# path is provided, Dex's HTTP service will listen at a non-root URL.
issuer: http://127.0.0.1:5556/dex

# The storage configuration determines where Dex stores its state.
# Supported options include:
#   - SQL flavors
#   - key-value stores (eg. etcd)
#   - Kubernetes Custom Resources
#
# See the documentation (https://dexidp.io/docs/storage/) for further information.
storage:
  type: memory

  # type: sqlite3
  # config:
  #   file: /var/dex/dex.db

  # type: mysql
  # config:
  #   host: 127.0.0.1
  #   port: 3306
  #   database: dex
  #   user: mysql
  #   password: mysql
  #   ssl:
  #     mode: "false"

  # type: postgres
  # config:
  #   host: 127.0.0.1
  #   port: 5432
  #   database: dex
  #   user: postgres
  #   password: postgres
  #   ssl:
  #     mode: disable

  # type: etcd
  # config:
  #   endpoints:
  #     - http://127.0.0.1:2379
  #   namespace: dex/

  # type: kubernetes
  # config:
  #   kubeConfigFile: $HOME/.kube/config

# HTTP service configuration
web:
  http: 127.0.0.1:5556

  # Uncomment to enable HTTPS endpoint.
  # https: 127.0.0.1:5554
  # tlsCert: /etc/dex/tls.crt
  # tlsKey: /etc/dex/tls.key

# Dex UI configuration
# frontend:
#   issuer: dex
#   logoURL: theme/logo.png
#   dir: ""
#   theme: light

# Telemetry configuration
# telemetry:
#   http: 127.0.0.1:5558

# logger:
#   level: "debug"
#   format: "text" # can also be "json"

# gRPC API configuration
# Uncomment this block to enable the gRPC API.
# See the documentation (https://dexidp.io/docs/api/) for further information.
# grpc:
#   addr: 127.0.0.1:5557
#   tlsCert: examples/grpc-client/server.crt
#   tlsKey: examples/grpc-client/server.key
#   tlsClientCA: examples/grpc-client/ca.crt

# Expiration configuration for tokens, signing keys, etc.
# expiry:
#   deviceRequests: "5m"
#   signingKeys: "6h"
#   idTokens: "24h"
#   refreshTokens:
#     disableRotation: false
#     reuseInterval: "3s"
#     validIfNotUsedFor: "2160h" # 90 days
#     absoluteLifetime: "3960h" # 165 days

# OAuth2 configuration
# oauth2:
#   # use ["code", "token", "id_token"] to enable implicit flow for web-only clients
#   responseTypes: [ "code" ] # also allowed are "token" and "id_token"
#
#   # By default, Dex will ask for approval to share data with application
#   # (approval for sharing data from connected IdP to Dex is separate process on IdP)
#   skipApprovalScreen: false
#
#   # If only one authentication method is enabled, the default behavior is to
#   # go directly to it. For connected IdPs, this redirects the browser away
#   # from application to upstream provider such as the Google login page
#   alwaysShowLoginScreen: false
#
#   # Uncomment to use a specific connector for password grants
#   passwordConnector: local

# Static clients registered in Dex by default.
#
# Alternatively, clients may be added through the gRPC API.
# staticClients:
#   - id: example-app
#     redirectURIs:
#       - 'http://127.0.0.1:5555/callback'
#     name: 'Example App'
#     secret: ZXhhbXBsZS1hcHAtc2VjcmV0

# Connectors are used to authenticate users agains upstream identity providers.
#
# See the documentation (https://dexidp.io/docs/connectors/) for further information.
# connectors: []

# Enable the password database.
#
# It's a "virtual" connector (identity provider) that stores
# login credentials in Dex's store.
enablePasswordDB: true

# If this option isn't chosen users may be added through the gRPC API.
# A static list of passwords for the password connector.
#
# Alternatively, passwords my be added/updated through the gRPC API.
# staticPasswords: []