github.com/minio/minio@v0.0.0-20240328213742-3f72439b8a27/docs/sts/dex.yaml

github.com/minio/minio@v0.0.0-20240328213742-3f72439b8a27/docs/sts/dex.yaml (about)

     1  # The base path of dex and the external name of the OpenID Connect service.
     2  # This is the canonical URL that all clients MUST use to refer to dex. If a
     3  # path is provided, dex's HTTP service will listen at a non-root URL.
     4  issuer: http://127.0.0.1:5556/dex
     5  
     6  # The storage configuration determines where dex stores its state. Supported
     7  # options include SQL flavors and Kubernetes third party resources.
     8  #
     9  # See the storage document at Documentation/storage.md for further information.
    10  storage:
    11    type: sqlite3
    12    config:
    13      file: examples/dex.db
    14  
    15  # Configuration for the HTTP endpoints.
    16  web:
    17    http: 0.0.0.0:5556
    18    # Uncomment for HTTPS options.
    19    # https: 127.0.0.1:5554
    20    # tlsCert: /etc/dex/tls.crt
    21    # tlsKey: /etc/dex/tls.key
    22  
    23    # Configuration for telemetry
    24    telemetry:
    25      http: 0.0.0.0:5558
    26  
    27  # Uncomment this block to enable configuration for the expiration time durations.
    28  expiry:
    29    signingKeys: "3h"
    30    idTokens: "3h"
    31  
    32    # Options for controlling the logger.
    33    logger:
    34      level: "debug"
    35      format: "text" # can also be "json"
    36  
    37  # Default values shown below
    38  oauth2:
    39    # use ["code", "token", "id_token"] to enable implicit flow for web-only clients
    40    responseTypes: [ "code", "token", "id_token" ] # also allowed are "token" and "id_token"
    41    # By default, Dex will ask for approval to share data with application
    42    # (approval for sharing data from connected IdP to Dex is separate process on IdP)
    43    skipApprovalScreen: false
    44    # If only one authentication method is enabled, the default behavior is to
    45    # go directly to it. For connected IdPs, this redirects the browser away
    46    # from application to upstream provider such as the Google login page
    47    alwaysShowLoginScreen: false
    48    # Uncommend the passwordConnector to use a specific connector for password grants
    49    passwordConnector: local
    50  
    51  # Instead of reading from an external storage, use this list of clients.
    52  #
    53  # If this option isn't chosen clients may be added through the gRPC API.
    54  staticClients:
    55    - id: example-app
    56      redirectURIs:
    57        - 'http://localhost:8080/oauth2/callback'
    58      name: 'Example App'
    59      secret: ZXhhbXBsZS1hcHAtc2VjcmV0
    60  
    61  connectors:
    62    - type: mockCallback
    63      id: mock
    64      name: Example
    65  
    66  # Let dex keep a list of passwords which can be used to login to dex.
    67  enablePasswordDB: true
    68  
    69  # A static list of passwords to login the end user. By identifying here, dex
    70  # won't look in its underlying storage for passwords.
    71  #
    72  # If this option isn't chosen users may be added through the gRPC API.
    73  staticPasswords:
    74    - email: "admin@example.com"
    75      # bcrypt hash of the string "password"
    76      hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
    77      username: "admin"
    78      userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"