This repository has been archived on 2023-08-14. You can view files and clone it, but cannot push or open issues or pull requests.
dex/examples/grpc-client
Tyler Cloke dd84e73c0e Add VerifyPassword to API
It takes in an email and plain text password to verify. If it fails to find a password stored for email, it returns not_found. If it finds the password hash stored but that hash doesn't match the password passed via the API, it returns verified = false, else it returns verified = true.

Co-authored-by: Alban Seurat <alban.seurat@me.com>
2019-07-22 10:23:07 +02:00
..
.gitignore examples: adding a gRPC client example. 2017-02-28 12:06:44 -08:00
cert-destroy examples: adding a gRPC client example. 2017-02-28 12:06:44 -08:00
cert-gen examples: adding a gRPC client example. 2017-02-28 12:06:44 -08:00
client.go Add VerifyPassword to API 2019-07-22 10:23:07 +02:00
config.yaml examples/grpc-client: clean up the example and add tlsClientCA to ConfigMap. 2017-03-23 16:57:23 -07:00
openssl.conf examples: adding a gRPC client example. 2017-02-28 12:06:44 -08:00
README.md Add VerifyPassword to API 2019-07-22 10:23:07 +02:00

Running a Dex gRPC client

Using gRPC, a client application can directly call methods on a server application as if it was a local object. The schema for Dex's gRPC API calls is defined in api/api.proto. client.go is an example client program that makes a bunch of API calls to the dex server. For further details on the Dex API refer Documentation/api.md.

Generating Credentials

Before running the client or the server, TLS credentials have to be setup for secure communication. Run the cred-gen script to create TLS credentials for running this example. This script generates a ca.crt, server.crt, server.key, client.crt, and client.key.

# Used to set certificate subject alt names.
export SAN=IP.1:127.0.0.1

# Run the script
./examples/grpc-client/cert-gen

To verify that the server and client certificates were signed by the CA, run the following commands:

openssl verify -CAfile ca.crt server.crt
openssl verify -CAfile ca.crt client.crt

Running the Dex server

To expose the gRPC service, the gRPC option must be enabled via the dex config file as shown below.

# Enables the gRPC API.
grpc:
  addr: 127.0.0.1:5557
  tlsCert: server.crt
  tlsKey: server.key

Start an instance of the dex server with an in-memory data store:

./bin/dex serve examples/grpc-client/config.yaml

Running the Dex client

Finally run the Dex client providing the CA certificate, client certificate and client key as arguments.

./bin/grpc-client -ca-crt=ca.crt -client-crt=client.crt -client-key=client.key

Running the gRPC client will cause the following API calls to be made to the server

  1. CreatePassword
  2. ListPasswords
  3. VerifyPassword
  4. DeletePassword

Cleaning up

Run the following command to destroy all the credentials files that were created by the cert-gen script:

./examples/grpc-client/cert-destroy