dex/examples/config-dev.yaml

# The base path of dex and the external name of the OpenID Connect service.
# This is the canonical URL that all clients MUST use to refer to dex. If a
# path is provided, dex's HTTP service will listen at a non-root URL.
issuer: http://127.0.0.1:5556/dex

# The storage configuration determines where dex stores its state. Supported
# options include SQL flavors and Kubernetes third party resources.
#
# See the storage document at Documentation/storage.md for further information.
storage:
  type: sqlite3
  config:
    file: examples/dex.db

# Configuration for the HTTP endpoints.
web:
  http: 0.0.0.0:5556
  # Uncomment for HTTPS options.
  # https: 127.0.0.1:5554
  # tlsCert: /etc/dex/tls.crt
  # tlsKey: /etc/dex/tls.key

# Configuration for telemetry
telemetry:
  http: 0.0.0.0:5558

# Uncomment this block to enable the gRPC API. This values MUST be different
# from the HTTP endpoints.
# grpc:
#   addr: 127.0.0.1:5557
#  tlsCert: examples/grpc-client/server.crt
#  tlsKey: examples/grpc-client/server.key
#  tlsClientCA: /etc/dex/client.crt

# Uncomment this block to enable configuration for the expiration time durations.
# expiry:
#   signingKeys: "6h"
#   idTokens: "24h"

# Options for controlling the logger.
# logger:
#   level: "debug"
#   format: "text" # can also be "json"

# Default values shown below
# oauth2:
    # use ["code", "token", "id_token"] to enable implicit flow for web-only clients
#   responseTypes: [ "code" ] # also allowed are "token" and "id_token"
    # By default, Dex will ask for approval to share data with application
    # (approval for sharing data from connected IdP to Dex is separate process on IdP)
#   skipApprovalScreen: false
    # If only one authentication method is enabled, the default behavior is to
    # go directly to it. For connected IdPs, this redirects the browser away
    # from application to upstream provider such as the Google login page
#   alwaysShowLoginScreen: false
    # Uncommend the passwordConnector to use a specific connector for password grants
#   passwordConnector: local

# Instead of reading from an external storage, use this list of clients.
#
# If this option isn't chosen clients may be added through the gRPC API.
staticClients:
- id: example-app
  redirectURIs:
  - 'http://127.0.0.1:5555/callback'
  name: 'Example App'
  secret: ZXhhbXBsZS1hcHAtc2VjcmV0

connectors:
- type: mockCallback
  id: mock
  name: Example
# - type: google
#   id: google
#   name: Google
#   config:
#     issuer: https://accounts.google.com
#     # Connector config values starting with a "$" will read from the environment.
#     clientID: $GOOGLE_CLIENT_ID
#     clientSecret: $GOOGLE_CLIENT_SECRET
#     redirectURI: http://127.0.0.1:5556/dex/callback
#     hostedDomains:
#     - $GOOGLE_HOSTED_DOMAIN

# Let dex keep a list of passwords which can be used to login to dex.
enablePasswordDB: true

# A static list of passwords to login the end user. By identifying here, dex
# won't look in its underlying storage for passwords.
#
# If this option isn't chosen users may be added through the gRPC API.
staticPasswords:
- email: "admin@example.com"
  # bcrypt hash of the string "password"
  hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
  username: "admin"
  userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
*: add more comments to the example config 2016-10-14 21:28:57 +05:30			`# The base path of dex and the external name of the OpenID Connect service.`
*: readme updates for v2 2016-11-09 01:21:59 +05:30			`# This is the canonical URL that all clients MUST use to refer to dex. If a`
			`# path is provided, dex's HTTP service will listen at a non-root URL.`
*: add more comments to the example config 2016-10-14 21:28:57 +05:30			`issuer: http://127.0.0.1:5556/dex`

			`# The storage configuration determines where dex stores its state. Supported`
			`# options include SQL flavors and Kubernetes third party resources.`
*: readme updates for v2 2016-11-09 01:21:59 +05:30			`#`
			`# See the storage document at Documentation/storage.md for further information.`
*: load static clients from config file 2016-08-05 22:20:22 +05:30			`storage:`
*: add sql storage options to dex application 2016-10-04 01:16:49 +05:30			`type: sqlite3`
			`config:`
			`file: examples/dex.db`
*: load static clients from config file 2016-08-05 22:20:22 +05:30
*: readme updates for v2 2016-11-09 01:21:59 +05:30			`# Configuration for the HTTP endpoints.`
*: load static clients from config file 2016-08-05 22:20:22 +05:30			`web:`
*: add theme based frontend configuration This PR reworks the web layout so static files can be provided and a "themes" directory to allow a certain degree of control over logos, styles, etc. This PR does NOT add general support for frontend customization, only enough to allow us to start exploring theming internally. The dex binary also must now be run from the root directory since templates are no longer "compiled into" the binary. The docker image has been updated with frontend assets. 2016-12-01 03:56:54 +05:30			`http: 0.0.0.0:5556`
*: readme updates for v2 2016-11-09 01:21:59 +05:30			`# Uncomment for HTTPS options.`
*: add more comments to the example config 2016-10-14 21:28:57 +05:30			`# https: 127.0.0.1:5554`
			`# tlsCert: /etc/dex/tls.crt`
			`# tlsKey: /etc/dex/tls.key`
*: load static clients from config file 2016-08-05 22:20:22 +05:30
*: Add go runtime, process, HTTP and gRPC metrics 2017-12-20 20:33:32 +05:30			`# Configuration for telemetry`
			`telemetry:`
			`http: 0.0.0.0:5558`

*: readme updates for v2 2016-11-09 01:21:59 +05:30			`# Uncomment this block to enable the gRPC API. This values MUST be different`
			`# from the HTTP endpoints.`
*: add more comments to the example config 2016-10-14 21:28:57 +05:30			`# grpc:`
			`# addr: 127.0.0.1:5557`
examples: adding a gRPC client example. 2017-02-20 22:15:32 +05:30			`# tlsCert: examples/grpc-client/server.crt`
			`# tlsKey: examples/grpc-client/server.key`
			`# tlsClientCA: /etc/dex/client.crt`
*: load static clients from config file 2016-08-05 22:20:22 +05:30
*: readme updates for v2 2016-11-09 01:21:59 +05:30			`# Uncomment this block to enable configuration for the expiration time durations.`
			`# expiry:`
			`# signingKeys: "6h"`
			`# idTokens: "24h"`

examples: add logger fields 2016-12-16 03:17:37 +05:30			`# Options for controlling the logger.`
			`# logger:`
			`# level: "debug"`
			`# format: "text" # can also be "json"`

Add examples for recent additions to oauth2 configuration options 2019-08-09 22:25:25 +05:30			`# Default values shown below`
examples: document explicit flow in example config 2017-06-23 23:57:49 +05:30			`# oauth2:`
Add examples for recent additions to oauth2 configuration options 2019-08-09 22:25:25 +05:30			`# use ["code", "token", "id_token"] to enable implicit flow for web-only clients`
			`# responseTypes: [ "code" ] # also allowed are "token" and "id_token"`
			`# By default, Dex will ask for approval to share data with application`
			`# (approval for sharing data from connected IdP to Dex is separate process on IdP)`
			`# skipApprovalScreen: false`
			`# If only one authentication method is enabled, the default behavior is to`
			`# go directly to it. For connected IdPs, this redirects the browser away`
			`# from application to upstream provider such as the Google login page`
			`# alwaysShowLoginScreen: false`
Add support for password grant #926 2018-01-03 08:45:01 +05:30			`# Uncommend the passwordConnector to use a specific connector for password grants`
			`# passwordConnector: local`
examples: document explicit flow in example config 2017-06-23 23:57:49 +05:30
*: add the ability to define passwords statically 2016-10-06 05:20:02 +05:30			`# Instead of reading from an external storage, use this list of clients.`
*: add more comments to the example config 2016-10-14 21:28:57 +05:30			`#`
*: fix spelling using github.com/client9/misspell 2017-03-20 21:46:56 +05:30			`# If this option isn't chosen clients may be added through the gRPC API.`
*: load static clients from config file 2016-08-05 22:20:22 +05:30			`staticClients:`
			`- id: example-app`
			`redirectURIs:`
			`- 'http://127.0.0.1:5555/callback'`
			`name: 'Example App'`
			`secret: ZXhhbXBsZS1hcHAtc2VjcmV0`
*: add the ability to define passwords statically 2016-10-06 05:20:02 +05:30
*: add more comments to the example config 2016-10-14 21:28:57 +05:30			`connectors:`
			`- type: mockCallback`
			`id: mock`
			`name: Example`
Allow the "google" connector to work without a service account Fixes #1718 2020-05-20 23:30:06 +05:30			`# - type: google`
*: expand environment variables in config Allow users to define config values which are read form environemnt variables. Helpful for sensitive variables such as OAuth2 client IDs or LDAP credentials. 2016-10-23 02:06:31 +05:30			`# id: google`
			`# name: Google`
			`# config:`
			`# issuer: https://accounts.google.com`
*: readme updates for v2 2016-11-09 01:21:59 +05:30			`# # Connector config values starting with a "$" will read from the environment.`
*: expand environment variables in config Allow users to define config values which are read form environemnt variables. Helpful for sensitive variables such as OAuth2 client IDs or LDAP credentials. 2016-10-23 02:06:31 +05:30			`# clientID: $GOOGLE_CLIENT_ID`
			`# clientSecret: $GOOGLE_CLIENT_SECRET`
Fix Google OIDC callback url 2016-11-21 23:55:16 +05:30			`# redirectURI: http://127.0.0.1:5556/dex/callback`
connector/oidc: fix hosted domain support. 2017-07-22 04:18:21 +05:30			`# hostedDomains:`
			`# - $GOOGLE_HOSTED_DOMAIN`
*: add more comments to the example config 2016-10-14 21:28:57 +05:30
*: readme updates for v2 2016-11-09 01:21:59 +05:30			`# Let dex keep a list of passwords which can be used to login to dex.`
*: add the ability to define passwords statically 2016-10-06 05:20:02 +05:30			`enablePasswordDB: true`

			`# A static list of passwords to login the end user. By identifying here, dex`
*: add more comments to the example config 2016-10-14 21:28:57 +05:30			`# won't look in its underlying storage for passwords.`
			`#`
*: fix spelling using github.com/client9/misspell 2017-03-20 21:46:56 +05:30			`# If this option isn't chosen users may be added through the gRPC API.`
*: add the ability to define passwords statically 2016-10-06 05:20:02 +05:30			`staticPasswords:`
			`- email: "admin@example.com"`
			`# bcrypt hash of the string "password"`
cmd/dex: only expand from env for storages and connectors Bcrypt'd hashes have "$" characters in them. This means that #667 (accepting actually bcrypted values) combined with #627 (expanding config with environment variables) broke the example config. For now, allow storages and connectors to expand their configs from the environment, but don't do this anywhere else. 2016-11-04 09:38:50 +05:30			`hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"`
*: add the ability to define passwords statically 2016-10-06 05:20:02 +05:30			`username: "admin"`
			`userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"`