diff --git a/README.md b/README.md index 9fec4c7d..f9ae424e 100644 --- a/README.md +++ b/README.md @@ -58,10 +58,8 @@ Then to interact with dex, like any other OAuth2 provider, you must first visit a client app, then be prompted to login through dex. This can be achieved using the following steps: -NOTE: The UIs are extremely bare bones at the moment. - 1. Navigate to http://localhost:5555/ in your browser. 2. Hit "login" on the example app to be redirected to dex. -3. Choose the "mock" option to login as a predefined user. +3. Choose the "Login with Email" and enter "admin@example.com" and "password" 4. Approve the example app's request. 5. See the resulting token the example app claims from dex. diff --git a/cmd/example-app/main.go b/cmd/example-app/main.go index 3e6c7006..9f46f9ed 100644 --- a/cmd/example-app/main.go +++ b/cmd/example-app/main.go @@ -156,7 +156,7 @@ func cmd() *cobra.Command { c.Flags().StringVar(&a.clientID, "client-id", "example-app", "OAuth2 client ID of this application.") c.Flags().StringVar(&a.clientSecret, "client-secret", "ZXhhbXBsZS1hcHAtc2VjcmV0", "OAuth2 client secret of this application.") c.Flags().StringVar(&a.redirectURI, "redirect-uri", "http://127.0.0.1:5555/callback", "Callback URL for OAuth2 responses.") - c.Flags().StringVar(&issuerURL, "issuer", "http://127.0.0.1:5556", "URL of the OpenID Connect issuer.") + c.Flags().StringVar(&issuerURL, "issuer", "http://127.0.0.1:5556/dex", "URL of the OpenID Connect issuer.") c.Flags().StringVar(&listen, "listen", "http://127.0.0.1:5555", "HTTP(S) address to listen at.") c.Flags().StringVar(&tlsCert, "tls-cert", "", "X509 cert file to present when serving HTTPS.") c.Flags().StringVar(&tlsKey, "tls-key", "", "Private key for the HTTPS cert.") diff --git a/examples/config-dev.yaml b/examples/config-dev.yaml index d771bb7c..5f937da4 100644 --- a/examples/config-dev.yaml +++ b/examples/config-dev.yaml @@ -1,18 +1,31 @@ -issuer: http://127.0.0.1:5556 +# The base path of dex and the external name of the OpenID Connect service. +# Clients use this value to do discovery. +issuer: http://127.0.0.1:5556/dex + +# The storage configuration determines where dex stores its state. Supported +# options include SQL flavors and Kubernetes third party resources. storage: type: sqlite3 config: file: examples/dex.db +# Configuration for the web: http: 127.0.0.1:5556 + # HTTPS options are also supported: + # https: 127.0.0.1:5554 + # tlsCert: /etc/dex/tls.crt + # tlsKey: /etc/dex/tls.key -connectors: -- type: mockCallback - id: mock-callback - name: Mock +# Uncomment this block to enable the gRPC API. +# grpc: +# addr: 127.0.0.1:5557 +# tlsCert: /etc/dex/grpc.crt +# tlsKey: /etc/dex/grpc.key # Instead of reading from an external storage, use this list of clients. +# +# If this option isn't choosen clients may be added through the gRPC API. staticClients: - id: example-app redirectURIs: @@ -20,14 +33,22 @@ staticClients: name: 'Example App' secret: ZXhhbXBsZS1hcHAtc2VjcmV0 -# Let dex keep a list of passwords which can be used to login the user. +connectors: +- type: mockCallback + id: mock + name: Example + +# Let dex keep a list of passwords which can be used to login the user enablePasswordDB: true # A static list of passwords to login the end user. By identifying here, dex -# won't look in its undlying storage for passwords. +# won't look in its underlying storage for passwords. +# +# If this option isn't choosen users may be added through the gRPC API. staticPasswords: - email: "admin@example.com" # bcrypt hash of the string "password" hash: "JDJhJDE0JDh4TnlVZ3pzSmVuQm4ySlRPT2QvbmVGcUlnQzF4TEFVRFA3VlpTVzhDNWlkLnFPcmNlYUJX" username: "admin" userID: "08a8684b-db88-4b73-90a9-3cd1661f5466" + diff --git a/examples/config-grpc.yaml b/examples/config-grpc.yaml deleted file mode 100644 index ee0345ee..00000000 --- a/examples/config-grpc.yaml +++ /dev/null @@ -1,29 +0,0 @@ -issuer: http://127.0.0.1:5556 -storage: - type: sqlite3 - config: - file: examples/dex.db - -web: - http: 127.0.0.1:5556 - -grpc: - addr: 127.0.0.1:5557 - -connectors: -- type: mockCallback - id: mock-callback - name: Mock -- type: mockPassword - id: mock-password - name: Password - config: - username: "admin" - password: "PASSWORD" - -staticClients: -- id: example-app - redirectURIs: - - 'http://127.0.0.1:5555/callback' - name: 'Example App' - secret: ZXhhbXBsZS1hcHAtc2VjcmV0 diff --git a/examples/config.yaml b/examples/config.yaml deleted file mode 100644 index 268d0bd6..00000000 --- a/examples/config.yaml +++ /dev/null @@ -1,20 +0,0 @@ -issuer: http://127.0.0.1:5556 -storage: - type: kubernetes - -web: - http: 127.0.0.1:5556 - -connectors: -- type: mock - id: mock - name: Mock - -- type: github - id: github - name: GitHub - config: - clientID: "$GITHUB_CLIENT_ID" - clientSecret: "$GITHUB_CLIENT_SECRET" - redirectURI: http://127.0.0.1:5556/callback/github - org: kubernetes