Skip to content

Commit

Permalink
Merge pull request dexidp#1706 from justin-slowik/device_flow
Browse files Browse the repository at this point in the history 
Implementing the OAuth2 Device Authorization Grant
  • Loading branch information
@JoelSpeed
JoelSpeed authored Aug 28, 2020
2 parents a24f73c + 9a7926c commit 336c73c
Show file tree
Hide file tree
Showing 26 changed files with 2,512 additions and 305 deletions.
3 changes: 3 additions & 0 deletions cmd/dex/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,9 @@ type Expiry struct {

// AuthRequests defines the duration of time for which the AuthRequests will be valid.
AuthRequests string `json:"authRequests"`

// DeviceRequests defines the duration of time for which the DeviceRequests will be valid.
DeviceRequests string `json:"deviceRequests"`
}

// Logger holds configuration required to customize logging for dex.
Expand Down
8 changes: 5 additions & 3 deletions cmd/dex/config_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ expiry:
signingKeys: "7h"
idTokens: "25h"
authRequests: "25h"
deviceRequests: "10m"
logger:
level: "debug"
Expand Down Expand Up @@ -197,9 +198,10 @@ logger:
},
},
Expiry: Expiry{
SigningKeys: "7h",
IDTokens: "25h",
AuthRequests: "25h",
SigningKeys: "7h",
IDTokens: "25h",
AuthRequests: "25h",
DeviceRequests: "10m",
},
Logger: Logger{
Level: "debug",
Expand Down
9 changes: 8 additions & 1 deletion cmd/dex/serve.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -269,7 +269,14 @@ func serve(cmd *cobra.Command, args []string) error {
logger.Infof("config auth requests valid for: %v", authRequests)
serverConfig.AuthRequestsValidFor = authRequests
}

if c.Expiry.DeviceRequests != "" {
deviceRequests, err := time.ParseDuration(c.Expiry.DeviceRequests)
if err != nil {
return fmt.Errorf("invalid config value %q for device request expiry: %v", c.Expiry.AuthRequests, err)
}
logger.Infof("config device requests valid for: %v", deviceRequests)
serverConfig.DeviceRequestsValidFor = deviceRequests
}
serv, err := server.NewServer(context.Background(), serverConfig)
if err != nil {
return fmt.Errorf("failed to initialize server: %v", err)
Expand Down
7 changes: 6 additions & 1 deletion examples/config-dev.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ telemetry:

# Uncomment this block to enable configuration for the expiration time durations.
# expiry:
# deviceRequests: "5m"
# signingKeys: "6h"
# idTokens: "24h"

Expand Down Expand Up @@ -95,7 +96,11 @@ staticClients:
- 'http://127.0.0.1:5555/callback'
name: 'Example App'
secret: ZXhhbXBsZS1hcHAtc2VjcmV0

# - id: example-device-client
# redirectURIs:
# - /device/callback
# name: 'Static Client for Device Flow'
# public: true
connectors:
- type: mockCallback
id: mock
Expand Down
12 changes: 12 additions & 0 deletions scripts/manifests/crds/devicerequests.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: devicerequests.dex.coreos.com
spec:
group: dex.coreos.com
names:
kind: DeviceRequest
listKind: DeviceRequestList
plural: devicerequests
singular: devicerequest
version: v1
12 changes: 12 additions & 0 deletions scripts/manifests/crds/devicetokens.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: devicetokens.dex.coreos.com
spec:
group: dex.coreos.com
names:
kind: DeviceToken
listKind: DeviceTokenList
plural: devicetokens
singular: devicetoken
version: v1
Loading

0 comments on commit 336c73c

Please sign in to comment.