cmd/dex: expose IDTokensValidFor and RotateKeysAfter server options in config.

This commit is contained in:
rithu leena john 2016-11-02 17:52:49 -07:00
parent d11224f2bb
commit 600e761266
4 changed files with 37 additions and 0 deletions

View File

@ -27,6 +27,7 @@ type Config struct {
Web Web `json:"web"` Web Web `json:"web"`
OAuth2 OAuth2 `json:"oauth2"` OAuth2 OAuth2 `json:"oauth2"`
GRPC GRPC `json:"grpc"` GRPC GRPC `json:"grpc"`
Expiry Expiry `json:"expiry"`
Templates server.TemplateConfig `json:"templates"` Templates server.TemplateConfig `json:"templates"`
@ -210,3 +211,12 @@ func (c *Connector) UnmarshalJSON(b []byte) error {
} }
return nil return nil
} }
// Expiry holds configuration for the validity period of components.
type Expiry struct {
// SigningKeys defines the duration of time after which the SigningKeys will be rotated.
SigningKeys string `json:"signingKeys"`
// IdTokens defines the duration of time for which the IdTokens will be valid.
IDTokens string `json:"idTokens"`
}

View File

@ -56,6 +56,10 @@ staticPasswords:
hash: "JDJhJDEwJDMzRU1UMGNWWVZsUHk2V0FNQ0xzY2VMWWpXaHVIcGJ6NXl1Wnh1L0dBRmowM0o5THl0anV5" hash: "JDJhJDEwJDMzRU1UMGNWWVZsUHk2V0FNQ0xzY2VMWWpXaHVIcGJ6NXl1Wnh1L0dBRmowM0o5THl0anV5"
username: "foo" username: "foo"
userID: "41331323-6f44-45e6-b3b9-2c4b60c02be5" userID: "41331323-6f44-45e6-b3b9-2c4b60c02be5"
expiry:
signingKeys: "6h"
idTokens: "24h"
`) `)
want := Config{ want := Config{
@ -113,6 +117,10 @@ staticPasswords:
UserID: "41331323-6f44-45e6-b3b9-2c4b60c02be5", UserID: "41331323-6f44-45e6-b3b9-2c4b60c02be5",
}, },
}, },
Expiry: Expiry{
SigningKeys: "6h",
IDTokens: "24h",
},
} }
var c Config var c Config

View File

@ -10,6 +10,7 @@ import (
"net" "net"
"net/http" "net/http"
"os" "os"
"time"
"github.com/ghodss/yaml" "github.com/ghodss/yaml"
"github.com/spf13/cobra" "github.com/spf13/cobra"
@ -152,6 +153,20 @@ func serve(cmd *cobra.Command, args []string) error {
TemplateConfig: c.Templates, TemplateConfig: c.Templates,
EnablePasswordDB: c.EnablePasswordDB, EnablePasswordDB: c.EnablePasswordDB,
} }
if c.Expiry.SigningKeys != "" {
signingKeys, err := time.ParseDuration(c.Expiry.SigningKeys)
if err != nil {
return fmt.Errorf("parsing signingKeys expiry: %v", err)
}
serverConfig.RotateKeysAfter = signingKeys
}
if c.Expiry.IDTokens != "" {
idTokens, err := time.ParseDuration(c.Expiry.IDTokens)
if err != nil {
return fmt.Errorf("parsing idTokens expiry: %v", err)
}
serverConfig.IDTokensValidFor = idTokens
}
serv, err := server.NewServer(context.Background(), serverConfig) serv, err := server.NewServer(context.Background(), serverConfig)
if err != nil { if err != nil {

View File

@ -62,3 +62,7 @@ staticPasswords:
username: "admin" username: "admin"
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466" userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
# Uncomment this block to enable configuration for the expiration time durations.
# expiry:
# signingKeys: "6h"
# idTokens: "24h"