Commit Graph

27 Commits

Author SHA1 Message Date
Eric Chiang
015e7cf606 cmd/dex: only expand from env for storages and connectors
Bcrypt'd hashes have "$" characters in them. This means that #667
(accepting actually bcrypted values) combined with #627 (expanding
config with environment variables) broke the example config.

For now, allow storages and connectors to expand their configs from
the environment, but don't do this anywhere else.
2016-11-03 21:38:32 -07:00
rithu leena john
600e761266 cmd/dex: expose IDTokensValidFor and RotateKeysAfter server options in config. 2016-11-03 17:25:36 -07:00
Eric Chiang
ebe51e736d cmd/dex: accept raw bcrypt'd hash as well as base64'd version of hash 2016-11-03 15:23:56 -07:00
Eric Chiang
aa7f304bc1 *: switch to github.com/ghodss/yaml for more consistent YAML parsing
ghodss/yaml converts from YAML to JSON before attempting to unmarshal.
This allows us to:

* Get the correct behavor when decoding base64'd []byte slices.
* Use *json.RawMessage.
* Not have to support extravagant YAML features.
* Let our structs use `json:` tags
2016-11-03 14:39:32 -07:00
rithu leena john
42dfd3ecec cmd/dex: add option for gRPC client auth CA. 2016-11-02 14:51:22 -07:00
Eric Chiang
a11db557b4 *: expand environment variables in config
Allow users to define config values which are read form environemnt
variables. Helpful for sensitive variables such as OAuth2 client IDs
or LDAP credentials.
2016-10-22 13:49:40 -07:00
Eric Chiang
dc13f09fb7 *: add more comments to the example config 2016-10-14 08:58:57 -07:00
Eric Chiang
3dac0063df *: properly compile version into docker images 2016-10-13 17:58:40 -07:00
Eric Chiang
4296604f11 {cmd,server}: move garbage collection logic to server 2016-10-12 21:50:20 -07:00
Eric Chiang
fdc529ee0d cmd/example-app: check if a provider supports a refresh token scope
Some OpenID Connect providers, notably Google, don't follow the spec
and allow refresh tokens to be requested with the "offline_access"
scope. Try to determine which we're talking to by checking the
supported_scopes listed by the provider discovery.
2016-10-10 08:52:07 -07:00
Eric Chiang
dcbe67d89c {cmd/dex,server}: expose skip approval screen option 2016-10-07 11:53:01 -07:00
Eric Chiang
2909929b17 *: add the ability to define passwords statically 2016-10-06 10:35:54 -07:00
Eric Chiang
4550b95dfd cmd/dex: add config options for gRPC 2016-10-04 00:30:30 -07:00
Eric Chiang
10e53c40f7 cmd/dex: rename file 2016-10-03 12:56:09 -07:00
Eric Chiang
3e8907b818 *: add sql storage options to dex application 2016-10-03 12:48:26 -07:00
Eric Chiang
608d8ba984 *: switch dex to the ported templates 2016-09-05 17:25:39 -07:00
Eric Chiang
68746fd795 *: add a mock connector which takes a username and password for testing
Since we don't have a good strategy which takes a username and password
add a mock connector which implementes PasswordConnector so we can
develop the frontend screens.
2016-09-05 17:25:12 -07:00
Eric Chiang
571024182d *: set response types supported in discovery based on server config 2016-08-25 16:18:09 -07:00
Eric Chiang
c113df961a *: support the implicit flow 2016-08-24 11:21:39 -07:00
Eric Chiang
bfe560ee21 rename 2016-08-10 22:31:42 -07:00
Eric Chiang
d313e5d493 *: add example for running on kubernetes 2016-08-10 17:50:55 -07:00
Eric Chiang
e6f34e1051 *: determine version from git 2016-08-09 14:38:09 -07:00
Eric Chiang
467d02738e *: add example-app 2016-08-08 16:32:42 -07:00
Eric Chiang
fd5e508f1c *: implement the OpenID Connect connector 2016-08-08 11:49:47 -07:00
Eric Chiang
31082eed27 *: remove api and clt
It's not clear that the best way to manage clients is through a
gRPC based command line tool. For example we may explore an admin
dashboard and enable bootstrapping through static clients.

For now use static clients while we hold off on a more concrete
proposal.
2016-08-05 10:00:04 -07:00
Eric Chiang
53d1be4a87 *: load static clients from config file 2016-08-05 09:54:03 -07:00
Eric Chiang
cab271f304 initial commit 2016-07-26 15:51:24 -07:00