forked from mystiq/dex
015e7cf606
Bcrypt'd hashes have "$" characters in them. This means that #667 (accepting actually bcrypted values) combined with #627 (expanding config with environment variables) broke the example config. For now, allow storages and connectors to expand their configs from the environment, but don't do this anywhere else.
68 lines
2 KiB
YAML
68 lines
2 KiB
YAML
# The base path of dex and the external name of the OpenID Connect service.
|
|
# Clients use this value to do discovery.
|
|
issuer: http://127.0.0.1:5556/dex
|
|
|
|
# The storage configuration determines where dex stores its state. Supported
|
|
# options include SQL flavors and Kubernetes third party resources.
|
|
storage:
|
|
type: sqlite3
|
|
config:
|
|
file: examples/dex.db
|
|
|
|
# Configuration for the
|
|
web:
|
|
http: 127.0.0.1:5556
|
|
# HTTPS options are also supported:
|
|
# https: 127.0.0.1:5554
|
|
# tlsCert: /etc/dex/tls.crt
|
|
# tlsKey: /etc/dex/tls.key
|
|
|
|
# Uncomment this block to enable the gRPC API.
|
|
# grpc:
|
|
# addr: 127.0.0.1:5557
|
|
# tlsCert: /etc/dex/grpc.crt
|
|
# tlsKey: /etc/dex/grpc.key
|
|
# tlsClientCA: /etc/dex/client.crt
|
|
|
|
# Instead of reading from an external storage, use this list of clients.
|
|
#
|
|
# If this option isn't choosen clients may be added through the gRPC API.
|
|
staticClients:
|
|
- id: example-app
|
|
redirectURIs:
|
|
- 'http://127.0.0.1:5555/callback'
|
|
name: 'Example App'
|
|
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
|
|
|
|
connectors:
|
|
- type: mockCallback
|
|
id: mock
|
|
name: Example
|
|
# - type: oidc
|
|
# id: google
|
|
# name: Google
|
|
# config:
|
|
# issuer: https://accounts.google.com
|
|
# # Config values starting with a "$" will read from the environment.
|
|
# clientID: $GOOGLE_CLIENT_ID
|
|
# clientSecret: $GOOGLE_CLIENT_SECRET
|
|
# redirectURI: http://127.0.0.1:5556/dex/callback/google
|
|
|
|
# Let dex keep a list of passwords which can be used to login the user
|
|
enablePasswordDB: true
|
|
|
|
# A static list of passwords to login the end user. By identifying here, dex
|
|
# won't look in its underlying storage for passwords.
|
|
#
|
|
# If this option isn't choosen users may be added through the gRPC API.
|
|
staticPasswords:
|
|
- email: "admin@example.com"
|
|
# bcrypt hash of the string "password"
|
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
|
username: "admin"
|
|
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
|
|
|
|
# Uncomment this block to enable configuration for the expiration time durations.
|
|
# expiry:
|
|
# signingKeys: "6h"
|
|
# idTokens: "24h"
|