Version: v1.0.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Oct 5, 2020 License: Apache-2.0 Imports: 57 Imported by: 3



Package server implements an OpenID Connect server with federated logins.



View Source
const LocalConnector = "local"

LocalConnector is the local passwordDB connector which is an internal connector maintained by the server.


View Source
var ConnectorsConfig = map[string]func() ConnectorConfig{
	"keystone":        func() ConnectorConfig { return new(keystone.Config) },
	"mockCallback":    func() ConnectorConfig { return new(mock.CallbackConfig) },
	"mockPassword":    func() ConnectorConfig { return new(mock.PasswordConfig) },
	"ldap":            func() ConnectorConfig { return new(ldap.Config) },
	"gitea":           func() ConnectorConfig { return new(gitea.Config) },
	"github":          func() ConnectorConfig { return new(github.Config) },
	"gitlab":          func() ConnectorConfig { return new(gitlab.Config) },
	"google":          func() ConnectorConfig { return new(google.Config) },
	"oidc":            func() ConnectorConfig { return new(oidc.Config) },
	"oauth":           func() ConnectorConfig { return new(oauth.Config) },
	"saml":            func() ConnectorConfig { return new(saml.Config) },
	"authproxy":       func() ConnectorConfig { return new(authproxy.Config) },
	"linkedin":        func() ConnectorConfig { return new(linkedin.Config) },
	"microsoft":       func() ConnectorConfig { return new(microsoft.Config) },
	"bitbucket-cloud": func() ConnectorConfig { return new(bitbucketcloud.Config) },
	"openshift":       func() ConnectorConfig { return new(openshift.Config) },
	"atlassian-crowd": func() ConnectorConfig { return new(atlassiancrowd.Config) },
	"cf":              func() ConnectorConfig { return new(cf.Config) },

	"samlExperimental": func() ConnectorConfig { return new(saml.Config) },

ConnectorsConfig variable provides an easy way to return a config struct depending on the connector type.


func NewAPI

func NewAPI(s storage.Storage, logger log.Logger) api.DexServer

NewAPI returns a server which implements the gRPC API interface.


type Config

type Config struct {
	Issuer string

	// The backing persistence layer.
	Storage storage.Storage

	// Valid values are "code" to enable the code flow and "token" to enable the implicit
	// flow. If no response types are supplied this value defaults to "code".
	SupportedResponseTypes []string

	// List of allowed origins for CORS requests on discovery, token and keys endpoint.
	// If none are indicated, CORS requests are disabled. Passing in "*" will allow any
	// domain.
	AllowedOrigins []string

	// If enabled, the server won't prompt the user to approve authorization requests.
	// Logging in implies approval.
	SkipApprovalScreen bool

	// If enabled, the connectors selection page will always be shown even if there's only one
	AlwaysShowLoginScreen bool

	RotateKeysAfter        time.Duration // Defaults to 6 hours.
	IDTokensValidFor       time.Duration // Defaults to 24 hours
	AuthRequestsValidFor   time.Duration // Defaults to 24 hours
	DeviceRequestsValidFor time.Duration // Defaults to 5 minutes
	// If set, the server will use this connector to handle password grants
	PasswordConnector string

	GCFrequency time.Duration // Defaults to 5 minutes

	// If specified, the server will use this function for determining time.
	Now func() time.Time

	Web WebConfig

	Logger log.Logger

	PrometheusRegistry *prometheus.Registry

Config holds the server's configuration options.

Multiple servers using the same storage are expected to be configured identically.

type Connector

type Connector struct {
	ResourceVersion string
	Connector       connector.Connector

Connector is a connector with resource version metadata.

type ConnectorConfig

type ConnectorConfig interface {
	Open(id string, logger log.Logger) (connector.Connector, error)

ConnectorConfig is a configuration that can open a connector.

type Server

type Server struct {
	// contains filtered or unexported fields

Server is the top level object.

func NewServer

func NewServer(ctx context.Context, c Config) (*Server, error)

NewServer constructs a server from the provided config.

func NewServerWithKey

func NewServerWithKey(ctx context.Context, c Config, privateKey *rsa.PrivateKey) (*Server, error)

NewServerWithKey constructs a server from the provided config and a static signing key.

func (*Server) OpenConnector

func (s *Server) OpenConnector(conn storage.Connector) (Connector, error)

OpenConnector updates server connector map with specified connector object.

func (*Server) ServeHTTP

func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request)

type WebConfig

type WebConfig struct {
	// A filepath to web static.
	// It is expected to contain the following directories:
	//   * static - Static static served at "( issuer URL )/static".
	//   * templates - HTML templates controlled by dex.
	//   * themes/(theme) - Static static served at "( issuer URL )/theme".
	Dir http.FileSystem

	// Defaults to "( issuer URL )/theme/logo.png"
	LogoURL string

	// Defaults to "dex"
	Issuer string

	// Defaults to "coreos"
	Theme string

	// Map of extra values passed into the templates
	Extra map[string]string

	// Defaults to issuer URL
	HostURL string

WebConfig holds the server's frontend templates and asset configuration.

These are currently very custom to CoreOS and it's not recommended that outside users attempt to customize these.


Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL