server

package
v0.0.0-...-43a01a0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 26, 2023 License: Apache-2.0 Imports: 63 Imported by: 0

Documentation

Overview

Package server implements an OpenID Connect server with federated logins.

Index

Constants

View Source
const LocalConnector = "local"

LocalConnector is the local passwordDB connector which is an internal connector maintained by the server.

Variables

View Source
var ConnectorsConfig = map[string]func() ConnectorConfig{
	"keystone":        func() ConnectorConfig { return new(keystone.Config) },
	"mockCallback":    func() ConnectorConfig { return new(mock.CallbackConfig) },
	"mockPassword":    func() ConnectorConfig { return new(mock.PasswordConfig) },
	"ldap":            func() ConnectorConfig { return new(ldap.Config) },
	"gitea":           func() ConnectorConfig { return new(gitea.Config) },
	"github":          func() ConnectorConfig { return new(github.Config) },
	"gitlab":          func() ConnectorConfig { return new(gitlab.Config) },
	"google":          func() ConnectorConfig { return new(google.Config) },
	"oidc":            func() ConnectorConfig { return new(oidc.Config) },
	"oauth":           func() ConnectorConfig { return new(oauth.Config) },
	"saml":            func() ConnectorConfig { return new(saml.Config) },
	"authproxy":       func() ConnectorConfig { return new(authproxy.Config) },
	"linkedin":        func() ConnectorConfig { return new(linkedin.Config) },
	"microsoft":       func() ConnectorConfig { return new(microsoft.Config) },
	"bitbucket-cloud": func() ConnectorConfig { return new(bitbucketcloud.Config) },
	"openshift":       func() ConnectorConfig { return new(openshift.Config) },
	"atlassian-crowd": func() ConnectorConfig { return new(atlassiancrowd.Config) },

	"samlExperimental": func() ConnectorConfig { return new(saml.Config) },
	"ubiucp":           func() ConnectorConfig { return new(ubiucp.UbiucpConfig) },
}

ConnectorsConfig variable provides an easy way to return a config struct depending on the connector type.

Functions

func NewAPI

func NewAPI(s storage.Storage, logger log.Logger, version string) api.DexServer

NewAPI returns a server which implements the gRPC API interface.

Types

type Config

type Config struct {
	Issuer string

	// The backing persistence layer.
	Storage storage.Storage

	// Valid values are "code" to enable the code flow and "token" to enable the implicit
	// flow. If no response types are supplied this value defaults to "code".
	SupportedResponseTypes []string

	// List of allowed origins for CORS requests on discovery, token and keys endpoint.
	// If none are indicated, CORS requests are disabled. Passing in "*" will allow any
	// domain.
	AllowedOrigins []string

	// If enabled, the server won't prompt the user to approve authorization requests.
	// Logging in implies approval.
	SkipApprovalScreen bool

	// If enabled, the connectors selection page will always be shown even if there's only one
	AlwaysShowLoginScreen bool

	RotateKeysAfter        time.Duration // Defaults to 6 hours.
	IDTokensValidFor       time.Duration // Defaults to 24 hours
	AuthRequestsValidFor   time.Duration // Defaults to 24 hours
	DeviceRequestsValidFor time.Duration // Defaults to 5 minutes

	// Refresh token expiration settings
	RefreshTokenPolicy *RefreshTokenPolicy

	// If set, the server will use this connector to handle password grants
	PasswordConnector string

	GCFrequency time.Duration // Defaults to 5 minutes

	// If specified, the server will use this function for determining time.
	Now func() time.Time

	Web WebConfig

	Logger log.Logger

	PrometheusRegistry *prometheus.Registry

	HealthChecker gosundheit.Health
}

Config holds the server's configuration options.

Multiple servers using the same storage are expected to be configured identically.

type Connector

type Connector struct {
	ResourceVersion string
	Connector       connector.Connector
}

Connector is a connector with resource version metadata.

type ConnectorConfig

type ConnectorConfig interface {
	Open(id string, logger log.Logger) (connector.Connector, error)
}

ConnectorConfig is a configuration that can open a connector.

type RefreshTokenPolicy

type RefreshTokenPolicy struct {
	// contains filtered or unexported fields
}

func NewRefreshTokenPolicy

func NewRefreshTokenPolicy(logger log.Logger, rotation bool, validIfNotUsedFor, absoluteLifetime, reuseInterval string) (*RefreshTokenPolicy, error)

func (*RefreshTokenPolicy) AllowedToReuse

func (r *RefreshTokenPolicy) AllowedToReuse(lastUsed time.Time) bool

func (*RefreshTokenPolicy) CompletelyExpired

func (r *RefreshTokenPolicy) CompletelyExpired(lastUsed time.Time) bool

func (*RefreshTokenPolicy) ExpiredBecauseUnused

func (r *RefreshTokenPolicy) ExpiredBecauseUnused(lastUsed time.Time) bool

func (*RefreshTokenPolicy) RotationEnabled

func (r *RefreshTokenPolicy) RotationEnabled() bool

type Server

type Server struct {
	// contains filtered or unexported fields
}

Server is the top level object.

func NewServer

func NewServer(ctx context.Context, c Config) (*Server, error)

NewServer constructs a server from the provided config.

func NewServerWithKey

func NewServerWithKey(ctx context.Context, c Config, privateKey *rsa.PrivateKey) (*Server, error)

NewServerWithKey constructs a server from the provided config and a static signing key.

func (*Server) OpenConnector

func (s *Server) OpenConnector(conn storage.Connector) (Connector, error)

OpenConnector updates server connector map with specified connector object.

func (*Server) ServeHTTP

func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request)

type WebConfig

type WebConfig struct {
	// A file path to static web assets.
	//
	// It is expected to contain the following directories:
	//
	//   * static - Static static served at "( issuer URL )/static".
	//   * templates - HTML templates controlled by dex.
	//   * themes/(theme) - Static static served at "( issuer URL )/theme".
	Dir string

	// Alternative way to programatically configure static web assets.
	// If Dir is specified, WebFS is ignored.
	// It's expected to contain the same files and directories as mentioned above.
	//
	// Note: this is experimental. Might get removed without notice!
	WebFS fs.FS

	// Defaults to "( issuer URL )/theme/logo.png"
	LogoURL string

	// Defaults to "dex"
	Issuer string

	// Defaults to "light"
	Theme string

	// Map of extra values passed into the templates
	Extra map[string]string
}

WebConfig holds the server's frontend templates and asset configuration.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL