Commit Graph

61 Commits

Author SHA1 Message Date
Mark Sagi-Kazar
0a88483409
chore: rename the docs directory
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-01-14 17:30:04 +01:00
Mark Sagi-Kazar
7775a7e27a
Update oidc library in example app
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-01-13 19:56:23 +01:00
Maksim Nabokikh
35da73de38
chore: add frontend section to dev config (#1913)
* chore: add frontend section to dev config

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-01-12 19:20:38 +01:00
Isaac Parker
0af41fb4ca docs: Correct tlsClientCA example reference
Signed-off-by: Isaac Parker <parrotmac@gmail.com>
2020-12-28 01:58:02 -07:00
Joel Speed
336c73c0a2
Merge pull request #1706 from justin-slowik/device_flow
Implementing the OAuth2 Device Authorization Grant
2020-08-28 11:35:46 +01:00
Mark Sagi-Kazar
6dadc26ca2
Move the example app to th examples folder
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2020-07-16 09:48:35 +02:00
Martin Heide
521954a3b9 Improve formatting
Signed-off-by: Martin Heide <martin.heide@faro.com>
2020-07-15 09:49:41 +00:00
Martin Heide
705cf8bb6a Rework to use docker-compose
Signed-off-by: Martin Heide <martin.heide@faro.com>
2020-07-15 09:49:23 +00:00
Martin Heide
ce337661b9 Add missing slapd.sh script from LDAP docs, and convert it to using Docker
Signed-off-by: Martin Heide <martin.heide@faro.com>
2020-07-13 15:55:23 +00:00
justin-slowik
9882ea453f better support for /device/callback redirect uris with public clients.
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
2020-07-08 16:25:06 -04:00
justin-slowik
f6d8427f32 Added device flow static client to config-dev.yaml
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
2020-07-08 16:25:05 -04:00
Justin Slowik
9bbdc721d5 Device flow token code exchange (#2)
* Added /device/token handler with associated business logic and storage tests.

Perform user code exchange, flag the device code as complete.

Moved device handler code into its own file for cleanliness.  Cleanup

* Removed PKCE code

* Rate limiting for /device/token endpoint based on ietf standards

* Configurable Device expiry

Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
2020-07-08 16:25:05 -04:00
Mark Sagi-Kazar
e84682d7b9
Add v2 api module 2020-07-01 14:20:57 +02:00
Nandor Kracser
5b7a664e9d
add docker-compose for local testing 2020-06-30 13:46:05 +02:00
Brian Candler
442d3de11d Allow the "google" connector to work without a service account
Fixes #1718
2020-05-22 09:24:26 +00:00
Nándor István Krácser
1160649c31
Merge pull request #1621 from concourse/pr/passowrd-grant-synced
Rework - add support for Resource Owner Password Credentials Grant
2020-02-20 08:27:50 +01:00
Zach Brown
13be146d2a Add support for password grant #926 2020-01-10 13:18:09 -05:00
Vitaliy Dmitriev
f2e7823db9 connector/ldap: add multiple user to group mapping
Add an ability to fetch user's membership from
  groups of a different type by specifying multiple
  group attribute to user attribute value matchers
  in the Dex config:

    userMatchers:
    - userAttr: uid
      groupAttr: memberUid
    - userAttr: DN
      groupAttr: member

  In other words the user's groups can be fetched now from
  ldap structure similar to the following:

    dn: cn=john,ou=People,dc=example,dc=org
    objectClass: person
    objectClass: inetOrgPerson
    sn: doe
    cn: john
    uid: johndoe
    mail: johndoe@example.com
    userpassword: bar

    dn: cn=qa,ou=Groups,ou=Portland,dc=example,dc=org
    objectClass: groupOfNames
    cn: qa
    member: cn=john,ou=People,dc=example,dc=org

    dn: cn=logger,ou=UnixGroups,ou=Portland,dc=example,dc=org
    objectClass: posixGroup
    gidNumber: 1000
    cn: logger
    memberUid: johndoe

Signed-off-by: Vitaliy Dmitriev <vi7alya@gmail.com>
2020-01-03 10:40:21 +01:00
Tom Downes
963b8e992d
Add examples for recent additions to oauth2 configuration options 2019-08-09 11:58:37 -05:00
Tyler Cloke
dd84e73c0e Add VerifyPassword to API
It takes in an email and plain text password to verify. If it fails to find a password stored for email, it returns not_found. If it finds the password hash stored but that hash doesn't match the password passed via the API, it returns verified = false, else it returns verified = true.

Co-authored-by: Alban Seurat <alban.seurat@me.com>
2019-07-22 10:23:07 +02:00
Mark Sagi-Kazar
c48cb36e8f
Fix typo 2019-02-22 20:54:19 +01:00
Takashi Okamoto
2d7de4ec70 Add Active Directory and kubeloing integration sample. 2019-01-26 04:15:50 +00:00
Owen Tuz
58093dbb29 Kubernetes example: Add RBAC resources and serviceAccount to YAML manifest, remove some references to deprecated TPR approach 2018-11-23 10:48:00 +00:00
Stephan Renatus
9cc85c447c examples/k8s: reference quay.io/dexidp
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-09-06 09:10:01 +02:00
Stephan Renatus
b9f6594bf0 *: github.com/coreos/dex -> github.com/dexidp/dex
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-09-05 17:57:08 +02:00
tw3rp
49bbcd343f
[version_update] Update the version to the latest
Version mentioned in this example is very old and was causing issues
2018-08-05 15:48:11 -07:00
Joe Borg
fc8b20ba35 Removing whitespace 2018-04-27 09:28:52 +01:00
Frederic Branczyk
5f03479d29
*: Add go runtime, process, HTTP and gRPC metrics 2017-12-21 21:24:09 +01:00
Stephan Renatus
b09a13458f password connectors: allow overriding the username attribute (password prompt)
This allows users of the LDAP connector to give users of Dex' login
prompt an idea of what they should enter for a username.

Before, irregardless of how the LDAP connector was set up, the prompt
was

    Username
    [_________________]

    Password
    [_________________]

Now, this is configurable, and can be used to say "MyCorp SSO Login" if
that's what it is.

If it's not configured, it will default to "Username".

For the passwordDB connector (local users), it is set to "Email
Address", since this is what it uses.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2017-11-09 09:30:03 +01:00
Eric Chiang
50f2905cac *: add standup script for LDAP 2017-08-22 10:37:29 -07:00
rithu john
5e0bf8b65f connector/oidc: fix hosted domain support. 2017-07-25 13:46:12 -07:00
rithu leena john
a5d218fd08 Merge pull request #974 from roguePanda/google-hosted-domain
Google hosted domain support
2017-07-07 10:26:28 -07:00
Eric Chiang
c1a7285711 examples: document explicit flow in example config 2017-06-23 11:27:49 -07:00
Ben Navetta
687bc9ca5c add hosted domain to example config 2017-06-20 23:01:35 -07:00
rithu john
562eae3fc7 examples/grpc-client: clean up the example and add tlsClientCA to ConfigMap. 2017-03-23 16:57:23 -07:00
Eric Chiang
33f0199077 *: fix spelling using github.com/client9/misspell 2017-03-20 09:16:56 -07:00
rithu john
08db0eb5ce examples/grpc-client: minor corrections in the dex client example. 2017-03-03 15:58:30 -08:00
rithu john
fa2f76bcdb examples: adding a gRPC client example. 2017-02-28 12:06:44 -08:00
h0me
9bf491befc replace bcrypt hash with a working one
replace bcrypt hash with an appropriate value for the string "password"
2016-12-20 15:21:05 +01:00
Eric Chiang
4d54038256 examples: add logger fields 2016-12-15 13:47:37 -08:00
Eric Chiang
391dc51c13 *: add theme based frontend configuration
This PR reworks the web layout so static files can be provided and
a "themes" directory to allow a certain degree of control over logos,
styles, etc.

This PR does NOT add general support for frontend customization,
only enough to allow us to start exploring theming internally.
The dex binary also must now be run from the root directory since
templates are no longer "compiled into" the binary.

The docker image has been updated with frontend assets.
2016-11-30 17:20:21 -08:00
Phu Kieu
ba58f3f43b Fix Google OIDC callback url 2016-11-21 10:25:16 -08:00
Eric Chiang
e6b54250db Merge pull request #684 from ericchiang/examples-k8s-fixup
examples/k8s: update kubernetes examples
2016-11-17 15:28:00 -08:00
Eric Chiang
3ecfaf700e examples/k8s: update kubernetes examples 2016-11-17 14:10:55 -08:00
Eric Chiang
674bec0468 Merge pull request #674 from ericchiang/readme-docs-v2
*: readme updates for v2
2016-11-08 15:20:51 -08:00
Eric Chiang
a52e324f68 *: readme updates for v2 2016-11-08 14:36:29 -08:00
Eric Chiang
015e7cf606 cmd/dex: only expand from env for storages and connectors
Bcrypt'd hashes have "$" characters in them. This means that #667
(accepting actually bcrypted values) combined with #627 (expanding
config with environment variables) broke the example config.

For now, allow storages and connectors to expand their configs from
the environment, but don't do this anywhere else.
2016-11-03 21:38:32 -07:00
rithu leena john
600e761266 cmd/dex: expose IDTokensValidFor and RotateKeysAfter server options in config. 2016-11-03 17:25:36 -07:00
Eric Chiang
ebe51e736d cmd/dex: accept raw bcrypt'd hash as well as base64'd version of hash 2016-11-03 15:23:56 -07:00
rithu leena john
42dfd3ecec cmd/dex: add option for gRPC client auth CA. 2016-11-02 14:51:22 -07:00