Documentation ¶
Overview ¶
Package server implements an OpenID Connect server with federated logins.
Index ¶
Constants ¶
const LocalConnector = "local"
LocalConnector is the local passwordDB connector which is an internal connector maintained by the server.
Variables ¶
var ConnectorsConfig = map[string]func() ConnectorConfig{ "keystone": func() ConnectorConfig { return new(keystone.Config) }, "mockCallback": func() ConnectorConfig { return new(mock.CallbackConfig) }, "mockPassword": func() ConnectorConfig { return new(mock.PasswordConfig) }, "ldap": func() ConnectorConfig { return new(ldap.Config) }, "gitea": func() ConnectorConfig { return new(gitea.Config) }, "github": func() ConnectorConfig { return new(github.Config) }, "gitlab": func() ConnectorConfig { return new(gitlab.Config) }, "google": func() ConnectorConfig { return new(google.Config) }, "oidc": func() ConnectorConfig { return new(oidc.Config) }, "oauth": func() ConnectorConfig { return new(oauth.Config) }, "saml": func() ConnectorConfig { return new(saml.Config) }, "authproxy": func() ConnectorConfig { return new(authproxy.Config) }, "linkedin": func() ConnectorConfig { return new(linkedin.Config) }, "microsoft": func() ConnectorConfig { return new(microsoft.Config) }, "bitbucket-cloud": func() ConnectorConfig { return new(bitbucketcloud.Config) }, "openshift": func() ConnectorConfig { return new(openshift.Config) }, "atlassian-crowd": func() ConnectorConfig { return new(atlassiancrowd.Config) }, "samlExperimental": func() ConnectorConfig { return new(saml.Config) }, "ubiucp": func() ConnectorConfig { return new(ubiucp.UbiucpConfig) }, }
ConnectorsConfig variable provides an easy way to return a config struct depending on the connector type.
Functions ¶
Types ¶
type Config ¶
type Config struct { Issuer string // The backing persistence layer. Storage storage.Storage // Valid values are "code" to enable the code flow and "token" to enable the implicit // flow. If no response types are supplied this value defaults to "code". SupportedResponseTypes []string // List of allowed origins for CORS requests on discovery, token and keys endpoint. // If none are indicated, CORS requests are disabled. Passing in "*" will allow any // domain. AllowedOrigins []string // If enabled, the server won't prompt the user to approve authorization requests. // Logging in implies approval. SkipApprovalScreen bool // If enabled, the connectors selection page will always be shown even if there's only one AlwaysShowLoginScreen bool RotateKeysAfter time.Duration // Defaults to 6 hours. IDTokensValidFor time.Duration // Defaults to 24 hours AuthRequestsValidFor time.Duration // Defaults to 24 hours DeviceRequestsValidFor time.Duration // Defaults to 5 minutes // Refresh token expiration settings RefreshTokenPolicy *RefreshTokenPolicy // If set, the server will use this connector to handle password grants PasswordConnector string GCFrequency time.Duration // Defaults to 5 minutes // If specified, the server will use this function for determining time. Now func() time.Time Web WebConfig Logger log.Logger PrometheusRegistry *prometheus.Registry HealthChecker gosundheit.Health }
Config holds the server's configuration options.
Multiple servers using the same storage are expected to be configured identically.
type ConnectorConfig ¶
ConnectorConfig is a configuration that can open a connector.
type RefreshTokenPolicy ¶
type RefreshTokenPolicy struct {
// contains filtered or unexported fields
}
func NewRefreshTokenPolicy ¶
func (*RefreshTokenPolicy) AllowedToReuse ¶
func (r *RefreshTokenPolicy) AllowedToReuse(lastUsed time.Time) bool
func (*RefreshTokenPolicy) CompletelyExpired ¶
func (r *RefreshTokenPolicy) CompletelyExpired(lastUsed time.Time) bool
func (*RefreshTokenPolicy) ExpiredBecauseUnused ¶
func (r *RefreshTokenPolicy) ExpiredBecauseUnused(lastUsed time.Time) bool
func (*RefreshTokenPolicy) RotationEnabled ¶
func (r *RefreshTokenPolicy) RotationEnabled() bool
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is the top level object.
func NewServerWithKey ¶
NewServerWithKey constructs a server from the provided config and a static signing key.
func (*Server) OpenConnector ¶
OpenConnector updates server connector map with specified connector object.
type WebConfig ¶
type WebConfig struct { // A file path to static web assets. // // It is expected to contain the following directories: // // * static - Static static served at "( issuer URL )/static". // * templates - HTML templates controlled by dex. // * themes/(theme) - Static static served at "( issuer URL )/theme". Dir string // Alternative way to programatically configure static web assets. // If Dir is specified, WebFS is ignored. // It's expected to contain the same files and directories as mentioned above. // // Note: this is experimental. Might get removed without notice! WebFS fs.FS // Defaults to "( issuer URL )/theme/logo.png" LogoURL string // Defaults to "dex" Issuer string // Defaults to "light" Theme string // Map of extra values passed into the templates Extra map[string]string }
WebConfig holds the server's frontend templates and asset configuration.