From 6745af7747f7d0f2d6319693694e1a5c9cf6fcdc Mon Sep 17 00:00:00 2001 From: Linda Zeng Date: Wed, 9 Sep 2020 11:01:14 -0400 Subject: [PATCH] updated docs Signed-off-by: Linda Zeng --- Documentation/connectors/github.md | 22 ++++++++++++++++++++++ Documentation/getting-started.md | 2 +- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/Documentation/connectors/github.md b/Documentation/connectors/github.md index f9395283..3d3706db 100644 --- a/Documentation/connectors/github.md +++ b/Documentation/connectors/github.md @@ -122,6 +122,28 @@ connectors: rootCA: /etc/dex/ca.crt ``` +### Generate TLS assets + +Running Dex with HTTPS enabled requires a valid SSL certificate, and the API server needs to trust the certificate of the signing CA using the `--oidc-ca-file` flag. + +For our example use case, the TLS assets can be created using the following command: + +``` +$ ./examples/k8s/gencert.sh +``` + +This will generate several files under the `ssl` directory, the important ones being `cert.pem` ,`key.pem` and `ca.pem`. The generated SSL certificate is for 'dex.example.com', although you could change this by editing `gencert.sh` if required. + +### Run example client app with Github config + +``` +./bin/example-app --issuer-root-ca examples/k8s/ssl/ca.pem +``` + +1. Open browser to http://127.0.0.1:5555 +2. Click Login +3. Select Log in with GitHub and grant access to dex to view your profile + [github-oauth2]: https://github.com/settings/applications/new [github-orgs]: https://developer.github.com/v3/orgs/ [github-request-org-access]: https://help.github.com/articles/requesting-organization-approval-for-oauth-apps/ diff --git a/Documentation/getting-started.md b/Documentation/getting-started.md index 9f724dd8..c4957bc8 100644 --- a/Documentation/getting-started.md +++ b/Documentation/getting-started.md @@ -22,7 +22,7 @@ The [example config][example-config] file documents many of the configuration op ## Running a client -Dex operates like most other OAuth2 providers. Users are redirected from a client app to dex to login. Dex ships with an example client app (also built with the `make` command), for testing and demos. +Dex operates like most other OAuth2 providers. Users are redirected from a client app to dex to login. Dex ships with an example client app (built with the `make examples` command), for testing and demos. By default, the example client is configured with the same OAuth2 credentials defined in `examples/config-dev.yaml` to talk to dex. Running the example app will cause it to query dex's [discovery endpoint][oidc-discovery] and determine the OAuth2 endpoints.