Commit ade27b3d authored by Eric Chiang's avatar Eric Chiang Committed by GitHub

Merge pull request #612 from ericchiang/dev-make-example-config-more-readable

*: add more comments to the example config
parents 6a9df8ab dc13f09f
......@@ -58,10 +58,8 @@ Then to interact with dex, like any other OAuth2 provider, you must first visit
a client app, then be prompted to login through dex. This can be achieved using
the following steps:
NOTE: The UIs are extremely bare bones at the moment.
1. Navigate to http://localhost:5555/ in your browser.
2. Hit "login" on the example app to be redirected to dex.
3. Choose the "mock" option to login as a predefined user.
3. Choose the "Login with Email" and enter "admin@example.com" and "password"
4. Approve the example app's request.
5. See the resulting token the example app claims from dex.
......@@ -156,7 +156,7 @@ func cmd() *cobra.Command {
c.Flags().StringVar(&a.clientID, "client-id", "example-app", "OAuth2 client ID of this application.")
c.Flags().StringVar(&a.clientSecret, "client-secret", "ZXhhbXBsZS1hcHAtc2VjcmV0", "OAuth2 client secret of this application.")
c.Flags().StringVar(&a.redirectURI, "redirect-uri", "http://127.0.0.1:5555/callback", "Callback URL for OAuth2 responses.")
c.Flags().StringVar(&issuerURL, "issuer", "http://127.0.0.1:5556", "URL of the OpenID Connect issuer.")
c.Flags().StringVar(&issuerURL, "issuer", "http://127.0.0.1:5556/dex", "URL of the OpenID Connect issuer.")
c.Flags().StringVar(&listen, "listen", "http://127.0.0.1:5555", "HTTP(S) address to listen at.")
c.Flags().StringVar(&tlsCert, "tls-cert", "", "X509 cert file to present when serving HTTPS.")
c.Flags().StringVar(&tlsKey, "tls-key", "", "Private key for the HTTPS cert.")
......
issuer: http://127.0.0.1:5556
# The base path of dex and the external name of the OpenID Connect service.
# Clients use this value to do discovery.
issuer: http://127.0.0.1:5556/dex
# The storage configuration determines where dex stores its state. Supported
# options include SQL flavors and Kubernetes third party resources.
storage:
type: sqlite3
config:
file: examples/dex.db
# Configuration for the
web:
http: 127.0.0.1:5556
# HTTPS options are also supported:
# https: 127.0.0.1:5554
# tlsCert: /etc/dex/tls.crt
# tlsKey: /etc/dex/tls.key
connectors:
- type: mockCallback
id: mock-callback
name: Mock
# Uncomment this block to enable the gRPC API.
# grpc:
# addr: 127.0.0.1:5557
# tlsCert: /etc/dex/grpc.crt
# tlsKey: /etc/dex/grpc.key
# Instead of reading from an external storage, use this list of clients.
#
# If this option isn't choosen clients may be added through the gRPC API.
staticClients:
- id: example-app
redirectURIs:
......@@ -20,14 +33,22 @@ staticClients:
name: 'Example App'
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
# Let dex keep a list of passwords which can be used to login the user.
connectors:
- type: mockCallback
id: mock
name: Example
# Let dex keep a list of passwords which can be used to login the user
enablePasswordDB: true
# A static list of passwords to login the end user. By identifying here, dex
# won't look in its undlying storage for passwords.
# won't look in its underlying storage for passwords.
#
# If this option isn't choosen users may be added through the gRPC API.
staticPasswords:
- email: "admin@example.com"
# bcrypt hash of the string "password"
hash: "JDJhJDE0JDh4TnlVZ3pzSmVuQm4ySlRPT2QvbmVGcUlnQzF4TEFVRFA3VlpTVzhDNWlkLnFPcmNlYUJX"
username: "admin"
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
issuer: http://127.0.0.1:5556
storage:
type: sqlite3
config:
file: examples/dex.db
web:
http: 127.0.0.1:5556
grpc:
addr: 127.0.0.1:5557
connectors:
- type: mockCallback
id: mock-callback
name: Mock
- type: mockPassword
id: mock-password
name: Password
config:
username: "admin"
password: "PASSWORD"
staticClients:
- id: example-app
redirectURIs:
- 'http://127.0.0.1:5555/callback'
name: 'Example App'
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
issuer: http://127.0.0.1:5556
storage:
type: kubernetes
web:
http: 127.0.0.1:5556
connectors:
- type: mock
id: mock
name: Mock
- type: github
id: github
name: GitHub
config:
clientID: "$GITHUB_CLIENT_ID"
clientSecret: "$GITHUB_CLIENT_SECRET"
redirectURI: http://127.0.0.1:5556/callback/github
org: kubernetes
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment