Documentation ¶
Overview ¶
Package server implements an OpenID Connect server with federated logins.
Index ¶
Constants ¶
const LocalConnector = "local"
LocalConnector is the local passwordDB connector which is an internal connector maintained by the server.
Variables ¶
var ConnectorsConfig = map[string]func() ConnectorConfig{ "keystone": func() ConnectorConfig { return new(keystone.Config) }, "mockCallback": func() ConnectorConfig { return new(mock.CallbackConfig) }, "mockPassword": func() ConnectorConfig { return new(mock.PasswordConfig) }, "ldap": func() ConnectorConfig { return new(ldap.Config) }, "github": func() ConnectorConfig { return new(github.Config) }, "gitlab": func() ConnectorConfig { return new(gitlab.Config) }, "oidc": func() ConnectorConfig { return new(oidc.Config) }, "oauth": func() ConnectorConfig { return new(oauth.Config) }, "saml": func() ConnectorConfig { return new(saml.Config) }, "authproxy": func() ConnectorConfig { return new(authproxy.Config) }, "linkedin": func() ConnectorConfig { return new(linkedin.Config) }, "microsoft": func() ConnectorConfig { return new(microsoft.Config) }, "bitbucket-cloud": func() ConnectorConfig { return new(bitbucketcloud.Config) }, "cf": func() ConnectorConfig { return new(cf.Config) }, "samlExperimental": func() ConnectorConfig { return new(saml.Config) }, }
ConnectorsConfig variable provides an easy way to return a config struct depending on the connector type.
Functions ¶
Types ¶
type Config ¶
type Config struct { Issuer string // The backing persistence layer. Storage storage.Storage // Valid values are "code" to enable the code flow and "token" to enable the implicit // flow. If no response types are supplied this value defaults to "code". SupportedResponseTypes []string // List of allowed origins for CORS requests on discovery, token and keys endpoint. // If none are indicated, CORS requests are disabled. Passing in "*" will allow any // domain. AllowedOrigins []string // If enabled, the server won't prompt the user to approve authorization requests. // Logging in implies approval. SkipApprovalScreen bool RotateKeysAfter time.Duration // Defaults to 6 hours. IDTokensValidFor time.Duration // Defaults to 24 hours AuthRequestsValidFor time.Duration // Defaults to 24 hours // If set, the server will use this connector to handle password grants PasswordConnector string GCFrequency time.Duration // Defaults to 5 minutes // If specified, the server will use this function for determining time. Now func() time.Time Web WebConfig Logger log.Logger PrometheusRegistry *prometheus.Registry }
Config holds the server's configuration options.
Multiple servers using the same storage are expected to be configured identically.
type ConnectorConfig ¶
ConnectorConfig is a configuration that can open a connector.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is the top level object.
func NewServerWithKey ¶
NewServer constructs a server from the provided config.
func (*Server) OpenConnector ¶
OpenConnector updates server connector map with specified connector object.
type WebConfig ¶
type WebConfig struct { // A filepath to web static. // // It is expected to contain the following directories: // // * static - Static static served at "( issuer URL )/static". // * templates - HTML templates controlled by dex. // * themes/(theme) - Static static served at "( issuer URL )/theme". // Dir http.FileSystem // Defaults to "( issuer URL )/theme/logo.png" LogoURL string // Defaults to "dex" Issuer string // Defaults to "coreos" Theme string // Defaults to issuer URL HostURL string }
WebConfig holds the server's frontend templates and asset configuration.
These are currently very custom to CoreOS and it's not recommended that outside users attempt to customize these.