4a0218e87c
Signed-off-by: Björn Busse <bj.rn@baerlin.eu> |
||
---|---|---|
.. | ||
.gitignore | ||
cert-destroy | ||
cert-gen | ||
client.go | ||
config.yaml | ||
openssl.conf | ||
README.md |
Running a Dex gRPC client
Using gRPC, a client application can directly call methods on a server application as if it was a local object. The schema for Dex's gRPC API calls is defined in api/api.proto
. client.go
is an example client program that makes a bunch of API calls to the dex server. For further details on the Dex API refer the [documentation][https://dexidp.io/docs/api/].
Generating Credentials
Before running the client or the server, TLS credentials have to be setup for secure communication. Run the cred-gen
script to create TLS credentials for running this example. This script generates a ca.crt
, server.crt
, server.key
, client.crt
, and client.key
.
# Used to set certificate subject alt names.
export SAN=IP.1:127.0.0.1
# Run the script
./examples/grpc-client/cert-gen
To verify that the server and client certificates were signed by the CA, run the following commands:
openssl verify -CAfile ca.crt server.crt
openssl verify -CAfile ca.crt client.crt
Running the Dex server
To expose the gRPC service, the gRPC option must be enabled via the dex config file as shown below.
# Enables the gRPC API.
grpc:
addr: 127.0.0.1:5557
tlsCert: server.crt
tlsKey: server.key
Start an instance of the dex server with an in-memory data store:
./bin/dex serve examples/grpc-client/config.yaml
Running the Dex client
Finally run the Dex client providing the CA certificate, client certificate and client key as arguments.
./bin/grpc-client -ca-crt=ca.crt -client-crt=client.crt -client-key=client.key
Running the gRPC client will cause the following API calls to be made to the server
- CreatePassword
- ListPasswords
- VerifyPassword
- DeletePassword
Cleaning up
Run the following command to destroy all the credentials files that were created by the cert-gen
script:
./examples/grpc-client/cert-destroy