Documentation
¶
Overview ¶
Package server implements an OpenID Connect server with federated logins.
Index ¶
Constants ¶
View Source
const LocalConnector = "local"
LocalConnector is the local passwordDB connector which is an internal connector maintained by the server.
Variables ¶
View Source
var ConnectorsConfig = map[string]func() ConnectorConfig{ "keystone": func() ConnectorConfig { return new(keystone.Config) }, "mockCallback": func() ConnectorConfig { return new(mock.CallbackConfig) }, "mockPassword": func() ConnectorConfig { return new(mock.PasswordConfig) }, "ldap": func() ConnectorConfig { return new(ldap.Config) }, "gitea": func() ConnectorConfig { return new(gitea.Config) }, "github": func() ConnectorConfig { return new(github.Config) }, "gitlab": func() ConnectorConfig { return new(gitlab.Config) }, "google": func() ConnectorConfig { return new(google.Config) }, "oidc": func() ConnectorConfig { return new(oidc.Config) }, "oauth": func() ConnectorConfig { return new(oauth.Config) }, "saml": func() ConnectorConfig { return new(saml.Config) }, "authproxy": func() ConnectorConfig { return new(authproxy.Config) }, "linkedin": func() ConnectorConfig { return new(linkedin.Config) }, "microsoft": func() ConnectorConfig { return new(microsoft.Config) }, "bitbucket-cloud": func() ConnectorConfig { return new(bitbucketcloud.Config) }, "openshift": func() ConnectorConfig { return new(openshift.Config) }, "atlassian-crowd": func() ConnectorConfig { return new(atlassiancrowd.Config) }, "samlExperimental": func() ConnectorConfig { return new(saml.Config) }, "ubiucp": func() ConnectorConfig { return new(ubiucp.UbiucpConfig) }, }
ConnectorsConfig variable provides an easy way to return a config struct depending on the connector type.
Functions ¶
Types ¶
type Config ¶
type Config struct {
Issuer string
// The backing persistence layer.
Storage storage.Storage
// Valid values are "code" to enable the code flow and "token" to enable the implicit
// flow. If no response types are supplied this value defaults to "code".
SupportedResponseTypes []string
// List of allowed origins for CORS requests on discovery, token and keys endpoint.
// If none are indicated, CORS requests are disabled. Passing in "*" will allow any
// domain.
AllowedOrigins []string
// If enabled, the server won't prompt the user to approve authorization requests.
// Logging in implies approval.
SkipApprovalScreen bool
// If enabled, the connectors selection page will always be shown even if there's only one
AlwaysShowLoginScreen bool
RotateKeysAfter time.Duration // Defaults to 6 hours.
IDTokensValidFor time.Duration // Defaults to 24 hours
AuthRequestsValidFor time.Duration // Defaults to 24 hours
DeviceRequestsValidFor time.Duration // Defaults to 5 minutes
// Refresh token expiration settings
RefreshTokenPolicy *RefreshTokenPolicy
// If set, the server will use this connector to handle password grants
PasswordConnector string
GCFrequency time.Duration // Defaults to 5 minutes
// If specified, the server will use this function for determining time.
Now func() time.Time
Web WebConfig
Logger log.Logger
PrometheusRegistry *prometheus.Registry
HealthChecker gosundheit.Health
}
Config holds the server's configuration options.
Multiple servers using the same storage are expected to be configured identically.
type ConnectorConfig ¶
ConnectorConfig is a configuration that can open a connector.
type RefreshTokenPolicy ¶
type RefreshTokenPolicy struct {
// contains filtered or unexported fields
}
func NewRefreshTokenPolicy ¶
func (*RefreshTokenPolicy) AllowedToReuse ¶
func (r *RefreshTokenPolicy) AllowedToReuse(lastUsed time.Time) bool
func (*RefreshTokenPolicy) CompletelyExpired ¶
func (r *RefreshTokenPolicy) CompletelyExpired(lastUsed time.Time) bool
func (*RefreshTokenPolicy) ExpiredBecauseUnused ¶
func (r *RefreshTokenPolicy) ExpiredBecauseUnused(lastUsed time.Time) bool
func (*RefreshTokenPolicy) RotationEnabled ¶
func (r *RefreshTokenPolicy) RotationEnabled() bool
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is the top level object.
func NewServerWithKey ¶
NewServerWithKey constructs a server from the provided config and a static signing key.
func (*Server) OpenConnector ¶
OpenConnector updates server connector map with specified connector object.
type WebConfig ¶
type WebConfig struct {
// A file path to static web assets.
//
// It is expected to contain the following directories:
//
// * static - Static static served at "( issuer URL )/static".
// * templates - HTML templates controlled by dex.
// * themes/(theme) - Static static served at "( issuer URL )/theme".
Dir string
// Alternative way to programatically configure static web assets.
// If Dir is specified, WebFS is ignored.
// It's expected to contain the same files and directories as mentioned above.
//
// Note: this is experimental. Might get removed without notice!
WebFS fs.FS
// Defaults to "( issuer URL )/theme/logo.png"
LogoURL string
// Defaults to "dex"
Issuer string
// Defaults to "light"
Theme string
// Map of extra values passed into the templates
Extra map[string]string
}
WebConfig holds the server's frontend templates and asset configuration.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.