# The base path of dex and the external name of the OpenID Connect service. # This is the canonical URL that all clients MUST use to refer to dex. If a # path is provided, dex's HTTP service will listen at a non-root URL. issuer: http://127.0.0.1:5556/dex # The storage configuration determines where dex stores its state. Supported # options include SQL flavors and Kubernetes third party resources. # # See the storage document at Documentation/storage.md for further information. storage: type: sqlite3 config: file: examples/dex.db # type: mysql # config: # host: localhost # port: 3306 # database: dex # user: mysql # password: mysql # ssl: # mode: "false" # type: postgres # config: # host: localhost # port: 5432 # database: dex # user: postgres # password: postgres # ssl: # mode: disable # type: etcd # config: # endpoints: # - http://localhost:2379 # namespace: dex/ # type: kubernetes # config: # kubeConfigFile: $HOME/.kube/config # Configuration for the HTTP endpoints. web: http: 0.0.0.0:5556 # Uncomment for HTTPS options. # https: 127.0.0.1:5554 # tlsCert: /etc/dex/tls.crt # tlsKey: /etc/dex/tls.key # Configuration for telemetry telemetry: http: 0.0.0.0:5558 # Uncomment this block to enable the gRPC API. This values MUST be different # from the HTTP endpoints. # grpc: # addr: 127.0.0.1:5557 # tlsCert: examples/grpc-client/server.crt # tlsKey: examples/grpc-client/server.key # tlsClientCA: /etc/dex/client.crt # Uncomment this block to enable configuration for the expiration time durations. # expiry: # deviceRequests: "5m" # signingKeys: "6h" # idTokens: "24h" # Options for controlling the logger. # logger: # level: "debug" # format: "text" # can also be "json" # Default values shown below # oauth2: # use ["code", "token", "id_token"] to enable implicit flow for web-only clients # responseTypes: [ "code" ] # also allowed are "token" and "id_token" # By default, Dex will ask for approval to share data with application # (approval for sharing data from connected IdP to Dex is separate process on IdP) # skipApprovalScreen: false # If only one authentication method is enabled, the default behavior is to # go directly to it. For connected IdPs, this redirects the browser away # from application to upstream provider such as the Google login page # alwaysShowLoginScreen: false # Uncommend the passwordConnector to use a specific connector for password grants # passwordConnector: local # Instead of reading from an external storage, use this list of clients. # # If this option isn't chosen clients may be added through the gRPC API. staticClients: - id: example-app redirectURIs: - 'http://127.0.0.1:5555/callback' name: 'Example App' secret: ZXhhbXBsZS1hcHAtc2VjcmV0 # - id: example-device-client # redirectURIs: # - /device/callback # name: 'Static Client for Device Flow' # public: true connectors: - type: mockCallback id: mock name: Example # - type: google # id: google # name: Google # config: # issuer: https://accounts.google.com # # Connector config values starting with a "$" will read from the environment. # clientID: $GOOGLE_CLIENT_ID # clientSecret: $GOOGLE_CLIENT_SECRET # redirectURI: http://127.0.0.1:5556/dex/callback # hostedDomains: # - $GOOGLE_HOSTED_DOMAIN # Let dex keep a list of passwords which can be used to login to dex. enablePasswordDB: true # A static list of passwords to login the end user. By identifying here, dex # won't look in its underlying storage for passwords. # # If this option isn't chosen users may be added through the gRPC API. staticPasswords: - email: "admin@example.com" # bcrypt hash of the string "password" hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" username: "admin" userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"