From 600e761266823788d4f46b710234b77bcc9afa29 Mon Sep 17 00:00:00 2001 From: rithu leena john Date: Wed, 2 Nov 2016 17:52:49 -0700 Subject: [PATCH] cmd/dex: expose IDTokensValidFor and RotateKeysAfter server options in config. --- cmd/dex/config.go | 10 ++++++++++ cmd/dex/config_test.go | 8 ++++++++ cmd/dex/serve.go | 15 +++++++++++++++ examples/config-dev.yaml | 4 ++++ 4 files changed, 37 insertions(+) diff --git a/cmd/dex/config.go b/cmd/dex/config.go index 6e93478b..6109489a 100644 --- a/cmd/dex/config.go +++ b/cmd/dex/config.go @@ -27,6 +27,7 @@ type Config struct { Web Web `json:"web"` OAuth2 OAuth2 `json:"oauth2"` GRPC GRPC `json:"grpc"` + Expiry Expiry `json:"expiry"` Templates server.TemplateConfig `json:"templates"` @@ -210,3 +211,12 @@ func (c *Connector) UnmarshalJSON(b []byte) error { } return nil } + +// Expiry holds configuration for the validity period of components. +type Expiry struct { + // SigningKeys defines the duration of time after which the SigningKeys will be rotated. + SigningKeys string `json:"signingKeys"` + + // IdTokens defines the duration of time for which the IdTokens will be valid. + IDTokens string `json:"idTokens"` +} diff --git a/cmd/dex/config_test.go b/cmd/dex/config_test.go index e49d98ac..4bdf0acb 100644 --- a/cmd/dex/config_test.go +++ b/cmd/dex/config_test.go @@ -56,6 +56,10 @@ staticPasswords: hash: "JDJhJDEwJDMzRU1UMGNWWVZsUHk2V0FNQ0xzY2VMWWpXaHVIcGJ6NXl1Wnh1L0dBRmowM0o5THl0anV5" username: "foo" userID: "41331323-6f44-45e6-b3b9-2c4b60c02be5" + +expiry: + signingKeys: "6h" + idTokens: "24h" `) want := Config{ @@ -113,6 +117,10 @@ staticPasswords: UserID: "41331323-6f44-45e6-b3b9-2c4b60c02be5", }, }, + Expiry: Expiry{ + SigningKeys: "6h", + IDTokens: "24h", + }, } var c Config diff --git a/cmd/dex/serve.go b/cmd/dex/serve.go index 59679642..24738a77 100644 --- a/cmd/dex/serve.go +++ b/cmd/dex/serve.go @@ -10,6 +10,7 @@ import ( "net" "net/http" "os" + "time" "github.com/ghodss/yaml" "github.com/spf13/cobra" @@ -152,6 +153,20 @@ func serve(cmd *cobra.Command, args []string) error { TemplateConfig: c.Templates, EnablePasswordDB: c.EnablePasswordDB, } + if c.Expiry.SigningKeys != "" { + signingKeys, err := time.ParseDuration(c.Expiry.SigningKeys) + if err != nil { + return fmt.Errorf("parsing signingKeys expiry: %v", err) + } + serverConfig.RotateKeysAfter = signingKeys + } + if c.Expiry.IDTokens != "" { + idTokens, err := time.ParseDuration(c.Expiry.IDTokens) + if err != nil { + return fmt.Errorf("parsing idTokens expiry: %v", err) + } + serverConfig.IDTokensValidFor = idTokens + } serv, err := server.NewServer(context.Background(), serverConfig) if err != nil { diff --git a/examples/config-dev.yaml b/examples/config-dev.yaml index b6a4dc09..134f2766 100644 --- a/examples/config-dev.yaml +++ b/examples/config-dev.yaml @@ -62,3 +62,7 @@ staticPasswords: username: "admin" userID: "08a8684b-db88-4b73-90a9-3cd1661f5466" +# Uncomment this block to enable configuration for the expiration time durations. +# expiry: +# signingKeys: "6h" +# idTokens: "24h"