cmd/dex: expose IDTokensValidFor and RotateKeysAfter server options in config.
This commit is contained in:
parent
d11224f2bb
commit
600e761266
@ -27,6 +27,7 @@ type Config struct {
|
|||||||
Web Web `json:"web"`
|
Web Web `json:"web"`
|
||||||
OAuth2 OAuth2 `json:"oauth2"`
|
OAuth2 OAuth2 `json:"oauth2"`
|
||||||
GRPC GRPC `json:"grpc"`
|
GRPC GRPC `json:"grpc"`
|
||||||
|
Expiry Expiry `json:"expiry"`
|
||||||
|
|
||||||
Templates server.TemplateConfig `json:"templates"`
|
Templates server.TemplateConfig `json:"templates"`
|
||||||
|
|
||||||
@ -210,3 +211,12 @@ func (c *Connector) UnmarshalJSON(b []byte) error {
|
|||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Expiry holds configuration for the validity period of components.
|
||||||
|
type Expiry struct {
|
||||||
|
// SigningKeys defines the duration of time after which the SigningKeys will be rotated.
|
||||||
|
SigningKeys string `json:"signingKeys"`
|
||||||
|
|
||||||
|
// IdTokens defines the duration of time for which the IdTokens will be valid.
|
||||||
|
IDTokens string `json:"idTokens"`
|
||||||
|
}
|
||||||
|
@ -56,6 +56,10 @@ staticPasswords:
|
|||||||
hash: "JDJhJDEwJDMzRU1UMGNWWVZsUHk2V0FNQ0xzY2VMWWpXaHVIcGJ6NXl1Wnh1L0dBRmowM0o5THl0anV5"
|
hash: "JDJhJDEwJDMzRU1UMGNWWVZsUHk2V0FNQ0xzY2VMWWpXaHVIcGJ6NXl1Wnh1L0dBRmowM0o5THl0anV5"
|
||||||
username: "foo"
|
username: "foo"
|
||||||
userID: "41331323-6f44-45e6-b3b9-2c4b60c02be5"
|
userID: "41331323-6f44-45e6-b3b9-2c4b60c02be5"
|
||||||
|
|
||||||
|
expiry:
|
||||||
|
signingKeys: "6h"
|
||||||
|
idTokens: "24h"
|
||||||
`)
|
`)
|
||||||
|
|
||||||
want := Config{
|
want := Config{
|
||||||
@ -113,6 +117,10 @@ staticPasswords:
|
|||||||
UserID: "41331323-6f44-45e6-b3b9-2c4b60c02be5",
|
UserID: "41331323-6f44-45e6-b3b9-2c4b60c02be5",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
Expiry: Expiry{
|
||||||
|
SigningKeys: "6h",
|
||||||
|
IDTokens: "24h",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
var c Config
|
var c Config
|
||||||
|
@ -10,6 +10,7 @@ import (
|
|||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/ghodss/yaml"
|
"github.com/ghodss/yaml"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
@ -152,6 +153,20 @@ func serve(cmd *cobra.Command, args []string) error {
|
|||||||
TemplateConfig: c.Templates,
|
TemplateConfig: c.Templates,
|
||||||
EnablePasswordDB: c.EnablePasswordDB,
|
EnablePasswordDB: c.EnablePasswordDB,
|
||||||
}
|
}
|
||||||
|
if c.Expiry.SigningKeys != "" {
|
||||||
|
signingKeys, err := time.ParseDuration(c.Expiry.SigningKeys)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("parsing signingKeys expiry: %v", err)
|
||||||
|
}
|
||||||
|
serverConfig.RotateKeysAfter = signingKeys
|
||||||
|
}
|
||||||
|
if c.Expiry.IDTokens != "" {
|
||||||
|
idTokens, err := time.ParseDuration(c.Expiry.IDTokens)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("parsing idTokens expiry: %v", err)
|
||||||
|
}
|
||||||
|
serverConfig.IDTokensValidFor = idTokens
|
||||||
|
}
|
||||||
|
|
||||||
serv, err := server.NewServer(context.Background(), serverConfig)
|
serv, err := server.NewServer(context.Background(), serverConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -62,3 +62,7 @@ staticPasswords:
|
|||||||
username: "admin"
|
username: "admin"
|
||||||
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
|
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
|
||||||
|
|
||||||
|
# Uncomment this block to enable configuration for the expiration time durations.
|
||||||
|
# expiry:
|
||||||
|
# signingKeys: "6h"
|
||||||
|
# idTokens: "24h"
|
||||||
|
Reference in New Issue
Block a user