cmd/dex: expose IDTokensValidFor and RotateKeysAfter server options in config.
This commit is contained in:
parent
d11224f2bb
commit
600e761266
4 changed files with 37 additions and 0 deletions
|
@ -27,6 +27,7 @@ type Config struct {
|
|||
Web Web `json:"web"`
|
||||
OAuth2 OAuth2 `json:"oauth2"`
|
||||
GRPC GRPC `json:"grpc"`
|
||||
Expiry Expiry `json:"expiry"`
|
||||
|
||||
Templates server.TemplateConfig `json:"templates"`
|
||||
|
||||
|
@ -210,3 +211,12 @@ func (c *Connector) UnmarshalJSON(b []byte) error {
|
|||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Expiry holds configuration for the validity period of components.
|
||||
type Expiry struct {
|
||||
// SigningKeys defines the duration of time after which the SigningKeys will be rotated.
|
||||
SigningKeys string `json:"signingKeys"`
|
||||
|
||||
// IdTokens defines the duration of time for which the IdTokens will be valid.
|
||||
IDTokens string `json:"idTokens"`
|
||||
}
|
||||
|
|
|
@ -56,6 +56,10 @@ staticPasswords:
|
|||
hash: "JDJhJDEwJDMzRU1UMGNWWVZsUHk2V0FNQ0xzY2VMWWpXaHVIcGJ6NXl1Wnh1L0dBRmowM0o5THl0anV5"
|
||||
username: "foo"
|
||||
userID: "41331323-6f44-45e6-b3b9-2c4b60c02be5"
|
||||
|
||||
expiry:
|
||||
signingKeys: "6h"
|
||||
idTokens: "24h"
|
||||
`)
|
||||
|
||||
want := Config{
|
||||
|
@ -113,6 +117,10 @@ staticPasswords:
|
|||
UserID: "41331323-6f44-45e6-b3b9-2c4b60c02be5",
|
||||
},
|
||||
},
|
||||
Expiry: Expiry{
|
||||
SigningKeys: "6h",
|
||||
IDTokens: "24h",
|
||||
},
|
||||
}
|
||||
|
||||
var c Config
|
||||
|
|
|
@ -10,6 +10,7 @@ import (
|
|||
"net"
|
||||
"net/http"
|
||||
"os"
|
||||
"time"
|
||||
|
||||
"github.com/ghodss/yaml"
|
||||
"github.com/spf13/cobra"
|
||||
|
@ -152,6 +153,20 @@ func serve(cmd *cobra.Command, args []string) error {
|
|||
TemplateConfig: c.Templates,
|
||||
EnablePasswordDB: c.EnablePasswordDB,
|
||||
}
|
||||
if c.Expiry.SigningKeys != "" {
|
||||
signingKeys, err := time.ParseDuration(c.Expiry.SigningKeys)
|
||||
if err != nil {
|
||||
return fmt.Errorf("parsing signingKeys expiry: %v", err)
|
||||
}
|
||||
serverConfig.RotateKeysAfter = signingKeys
|
||||
}
|
||||
if c.Expiry.IDTokens != "" {
|
||||
idTokens, err := time.ParseDuration(c.Expiry.IDTokens)
|
||||
if err != nil {
|
||||
return fmt.Errorf("parsing idTokens expiry: %v", err)
|
||||
}
|
||||
serverConfig.IDTokensValidFor = idTokens
|
||||
}
|
||||
|
||||
serv, err := server.NewServer(context.Background(), serverConfig)
|
||||
if err != nil {
|
||||
|
|
|
@ -62,3 +62,7 @@ staticPasswords:
|
|||
username: "admin"
|
||||
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
|
||||
|
||||
# Uncomment this block to enable configuration for the expiration time durations.
|
||||
# expiry:
|
||||
# signingKeys: "6h"
|
||||
# idTokens: "24h"
|
||||
|
|
Reference in a new issue