Merge pull request #612 from ericchiang/dev-make-example-config-more-readable

*: add more comments to the example config

README.md

@@ -58,10 +58,8 @@ Then to interact with dex, like any other OAuth2 provider, you must first visit
 a client app, then be prompted to login through dex. This can be achieved using
 the following steps:
 
-NOTE: The UIs are extremely bare bones at the moment.
-
 1. Navigate to http://localhost:5555/ in your browser.
 2. Hit "login" on the example app to be redirected to dex.
-3. Choose the "mock" option to login as a predefined user.
+3. Choose the "Login with Email" and enter "admin@example.com" and "password"
 4. Approve the example app's request.
 5. See the resulting token the example app claims from dex.

cmd/example-app/main.go

@@ -156,7 +156,7 @@ func cmd() *cobra.Command {
 	c.Flags().StringVar(&a.clientID, "client-id", "example-app", "OAuth2 client ID of this application.")
 	c.Flags().StringVar(&a.clientSecret, "client-secret", "ZXhhbXBsZS1hcHAtc2VjcmV0", "OAuth2 client secret of this application.")
 	c.Flags().StringVar(&a.redirectURI, "redirect-uri", "http://127.0.0.1:5555/callback", "Callback URL for OAuth2 responses.")
-	c.Flags().StringVar(&issuerURL, "issuer", "http://127.0.0.1:5556", "URL of the OpenID Connect issuer.")
+	c.Flags().StringVar(&issuerURL, "issuer", "http://127.0.0.1:5556/dex", "URL of the OpenID Connect issuer.")
 	c.Flags().StringVar(&listen, "listen", "http://127.0.0.1:5555", "HTTP(S) address to listen at.")
 	c.Flags().StringVar(&tlsCert, "tls-cert", "", "X509 cert file to present when serving HTTPS.")
 	c.Flags().StringVar(&tlsKey, "tls-key", "", "Private key for the HTTPS cert.")

examples/config-dev.yaml

@@ -1,18 +1,31 @@
-issuer: http://127.0.0.1:5556
+# The base path of dex and the external name of the OpenID Connect service.
+# Clients use this value to do discovery.
+issuer: http://127.0.0.1:5556/dex
+
+# The storage configuration determines where dex stores its state. Supported
+# options include SQL flavors and Kubernetes third party resources.
 storage:
   type: sqlite3
   config:
     file: examples/dex.db
 
+# Configuration for the
 web:
   http: 127.0.0.1:5556
+  # HTTPS options are also supported:
+  # https: 127.0.0.1:5554
+  # tlsCert: /etc/dex/tls.crt
+  # tlsKey: /etc/dex/tls.key
 
-connectors:
+# Uncomment this block to enable the gRPC API.
-- type: mockCallback
+# grpc:
-  id: mock-callback
+#   addr: 127.0.0.1:5557
-  name: Mock
+#   tlsCert: /etc/dex/grpc.crt
+#   tlsKey: /etc/dex/grpc.key
 
 # Instead of reading from an external storage, use this list of clients.
+#
+# If this option isn't choosen clients may be added through the gRPC API.
 staticClients:
 - id: example-app
   redirectURIs:
@@ -20,14 +33,22 @@ staticClients:
   name: 'Example App'
   secret: ZXhhbXBsZS1hcHAtc2VjcmV0
 
-# Let dex keep a list of passwords which can be used to login the user.
+connectors:
+- type: mockCallback
+  id: mock
+  name: Example
+
+# Let dex keep a list of passwords which can be used to login the user
 enablePasswordDB: true
 
 # A static list of passwords to login the end user. By identifying here, dex
-# won't look in its undlying storage for passwords.
+# won't look in its underlying storage for passwords.
+#
+# If this option isn't choosen users may be added through the gRPC API.
 staticPasswords:
 - email: "admin@example.com"
   # bcrypt hash of the string "password"
   hash: "JDJhJDE0JDh4TnlVZ3pzSmVuQm4ySlRPT2QvbmVGcUlnQzF4TEFVRFA3VlpTVzhDNWlkLnFPcmNlYUJX"
   username: "admin"
   userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
+

examples/config-grpc.yaml

@@ -1,29 +0,0 @@
-issuer: http://127.0.0.1:5556
-storage:
-  type: sqlite3
-  config:
-    file: examples/dex.db
-
-web:
-  http: 127.0.0.1:5556
-
-grpc:
-  addr: 127.0.0.1:5557
-
-connectors:
-- type: mockCallback
-  id: mock-callback
-  name: Mock
-- type: mockPassword
-  id: mock-password
-  name: Password
-  config:
-    username: "admin"
-    password: "PASSWORD"
-
-staticClients:
-- id: example-app
-  redirectURIs:
-  - 'http://127.0.0.1:5555/callback'
-  name: 'Example App'
-  secret: ZXhhbXBsZS1hcHAtc2VjcmV0

examples/config.yaml

@@ -1,20 +0,0 @@
-issuer: http://127.0.0.1:5556
-storage:
-  type: kubernetes
-
-web:
-  http: 127.0.0.1:5556
-
-connectors:
-- type: mock
-  id: mock
-  name: Mock
-
-- type: github
-  id: github
-  name: GitHub
-  config:
-    clientID: "$GITHUB_CLIENT_ID"
-    clientSecret: "$GITHUB_CLIENT_SECRET"
-    redirectURI: http://127.0.0.1:5556/callback/github
-    org: kubernetes