Showing preview only (3,816K chars total). Download the full file or copy to clipboard to get everything.
Repository: dexidp/dex
Branch: master
Commit: 3c7e159750b9
Files: 432
Total size: 3.6 MB
Directory structure:
gitextract_0njidk3i/
├── .dockerignore
├── .editorconfig
├── .envrc
├── .github/
│ ├── .editorconfig
│ ├── CODE_OF_CONDUCT.md
│ ├── DCO
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug_report.yaml
│ │ ├── config.yml
│ │ └── feature_request.yaml
│ ├── PULL_REQUEST_TEMPLATE.md
│ ├── SECURITY.md
│ ├── dependabot.yaml
│ ├── release.yml
│ └── workflows/
│ ├── analysis-scorecard.yaml
│ ├── artifacts.yaml
│ ├── checks.yaml
│ ├── ci.yaml
│ ├── release.yaml
│ └── trivydb-cache.yaml
├── .gitignore
├── .gitpod.yml
├── .golangci.yaml
├── ADOPTERS.md
├── Dockerfile
├── LICENSE
├── MAINTAINERS
├── Makefile
├── README.md
├── api/
│ ├── api.pb.go
│ ├── api.proto
│ ├── api_grpc.pb.go
│ └── v2/
│ ├── api.pb.go
│ ├── api.proto
│ ├── api_grpc.pb.go
│ ├── go.mod
│ └── go.sum
├── cmd/
│ ├── dex/
│ │ ├── config.go
│ │ ├── config_test.go
│ │ ├── excluding_handler.go
│ │ ├── excluding_handler_test.go
│ │ ├── logger.go
│ │ ├── main.go
│ │ ├── serve.go
│ │ ├── serve_test.go
│ │ └── version.go
│ └── docker-entrypoint/
│ ├── main.go
│ └── main_test.go
├── config.dev.yaml
├── config.docker.yaml
├── config.yaml.dist
├── connector/
│ ├── atlassiancrowd/
│ │ ├── atlassiancrowd.go
│ │ └── atlassiancrowd_test.go
│ ├── authproxy/
│ │ ├── authproxy.go
│ │ └── authproxy_test.go
│ ├── bitbucketcloud/
│ │ ├── bitbucketcloud.go
│ │ └── bitbucketcloud_test.go
│ ├── connector.go
│ ├── gitea/
│ │ ├── gitea.go
│ │ └── gitea_test.go
│ ├── github/
│ │ ├── github.go
│ │ └── github_test.go
│ ├── gitlab/
│ │ ├── gitlab.go
│ │ ├── gitlab_test.go
│ │ └── testdata/
│ │ ├── rootCA.pem
│ │ ├── server.crt
│ │ └── server.key
│ ├── google/
│ │ ├── google.go
│ │ └── google_test.go
│ ├── keystone/
│ │ ├── keystone.go
│ │ └── keystone_test.go
│ ├── ldap/
│ │ ├── gen-certs.sh
│ │ ├── ldap.go
│ │ ├── ldap_test.go
│ │ └── testdata/
│ │ ├── certs/
│ │ │ ├── ca.crt
│ │ │ ├── ca.key
│ │ │ ├── dhparam.pem
│ │ │ ├── ldap.crt
│ │ │ └── ldap.key
│ │ └── schema.ldif
│ ├── linkedin/
│ │ └── linkedin.go
│ ├── microsoft/
│ │ ├── microsoft.go
│ │ └── microsoft_test.go
│ ├── mock/
│ │ └── connectortest.go
│ ├── oauth/
│ │ ├── oauth.go
│ │ └── oauth_test.go
│ ├── oidc/
│ │ ├── oidc.go
│ │ └── oidc_test.go
│ ├── openshift/
│ │ ├── openshift.go
│ │ └── openshift_test.go
│ └── saml/
│ ├── saml.go
│ ├── saml_test.go
│ ├── testdata/
│ │ ├── assertion-signed.tmpl
│ │ ├── assertion-signed.xml
│ │ ├── bad-ca.crt
│ │ ├── bad-ca.key
│ │ ├── bad-status.tmpl
│ │ ├── bad-status.xml
│ │ ├── ca.crt
│ │ ├── ca.key
│ │ ├── gen.sh
│ │ ├── good-resp.tmpl
│ │ ├── good-resp.xml
│ │ ├── idp-cert.pem
│ │ ├── idp-resp-signed-assertion.xml
│ │ ├── idp-resp-signed-assertion0.xml
│ │ ├── idp-resp-signed-message-and-assertion.xml
│ │ ├── idp-resp-signed-message.xml
│ │ ├── idp-resp.xml
│ │ ├── oam-ca.pem
│ │ ├── oam-resp.xml
│ │ ├── okta-ca.pem
│ │ ├── okta-resp.xml
│ │ ├── tampered-resp.xml
│ │ ├── two-assertions-first-signed.tmpl
│ │ └── two-assertions-first-signed.xml
│ └── types.go
├── docker-compose.override.yaml.dist
├── docker-compose.test.yaml
├── docker-compose.yaml
├── docs/
│ ├── README.md
│ └── enhancements/
│ ├── README.md
│ ├── _title-YYYY-MM-DD-#issue.md
│ ├── auth-sessions-2026-02-18.md
│ ├── cel-expressions-2026-02-28.md
│ ├── id-jag-2026-03-02#4600.md
│ └── token-exchange-2023-02-03-#2812.md
├── examples/
│ ├── .gitignore
│ ├── config-ad-kubelogin.yaml
│ ├── config-dev.yaml
│ ├── example-app/
│ │ ├── handlers.go
│ │ ├── handlers_device.go
│ │ ├── handlers_userinfo.go
│ │ ├── main.go
│ │ ├── static/
│ │ │ ├── app.js
│ │ │ ├── device.js
│ │ │ ├── style.css
│ │ │ └── token.js
│ │ ├── templates/
│ │ │ ├── device.html
│ │ │ ├── index.html
│ │ │ └── token.html
│ │ ├── templates.go
│ │ └── utils.go
│ ├── go.mod
│ ├── go.sum
│ ├── grpc-client/
│ │ ├── .gitignore
│ │ ├── README.md
│ │ ├── cert-destroy
│ │ ├── cert-gen
│ │ ├── client.go
│ │ ├── config.yaml
│ │ └── openssl.conf
│ ├── k8s/
│ │ ├── .gitignore
│ │ ├── dex.yaml
│ │ └── gencert.sh
│ ├── ldap/
│ │ ├── config-ldap.ldif
│ │ ├── config-ldap.yaml
│ │ └── docker-compose.yaml
│ └── oidc-conformance/
│ ├── config.yaml.tmpl
│ └── run.sh
├── flake.nix
├── go.mod
├── go.sum
├── pkg/
│ ├── cel/
│ │ ├── cel.go
│ │ ├── cel_test.go
│ │ ├── cost.go
│ │ ├── cost_test.go
│ │ ├── doc.go
│ │ ├── library/
│ │ │ ├── doc.go
│ │ │ ├── email.go
│ │ │ ├── email_test.go
│ │ │ ├── groups.go
│ │ │ └── groups_test.go
│ │ └── types.go
│ ├── featureflags/
│ │ ├── doc.go
│ │ ├── flag.go
│ │ └── set.go
│ ├── groups/
│ │ ├── doc.go
│ │ ├── groups.go
│ │ └── groups_test.go
│ └── httpclient/
│ ├── doc.go
│ ├── httpclient.go
│ ├── httpclient_test.go
│ ├── readme.md
│ └── testdata/
│ ├── rootCA.key
│ ├── rootCA.pem
│ ├── rootCA.srl
│ ├── server.crt
│ ├── server.csr
│ ├── server.csr.cnf
│ ├── server.key
│ └── v3.ext
├── scripts/
│ ├── git-version
│ ├── manifests/
│ │ ├── .editorconfig
│ │ └── crds/
│ │ ├── authcodes.yaml
│ │ ├── authrequests.yaml
│ │ ├── connectors.yaml
│ │ ├── devicerequests.yaml
│ │ ├── devicetokens.yaml
│ │ ├── oauth2clients.yaml
│ │ ├── offlinesessionses.yaml
│ │ ├── passwords.yaml
│ │ ├── refreshtokens.yaml
│ │ └── signingkeies.yaml
│ └── update-gomplate
├── server/
│ ├── api.go
│ ├── api_cache_test.go
│ ├── api_test.go
│ ├── deviceflowhandlers.go
│ ├── deviceflowhandlers_test.go
│ ├── doc.go
│ ├── errors.go
│ ├── errors_test.go
│ ├── handlers.go
│ ├── handlers_approval_test.go
│ ├── handlers_test.go
│ ├── internal/
│ │ ├── codec.go
│ │ ├── types.pb.go
│ │ └── types.proto
│ ├── introspectionhandler.go
│ ├── introspectionhandler_test.go
│ ├── mfa.go
│ ├── oauth2.go
│ ├── oauth2_test.go
│ ├── prompt.go
│ ├── prompt_test.go
│ ├── refreshhandlers.go
│ ├── refreshhandlers_test.go
│ ├── server.go
│ ├── server_test.go
│ ├── session.go
│ ├── session_test.go
│ ├── signer/
│ │ ├── local.go
│ │ ├── local_test.go
│ │ ├── mock.go
│ │ ├── rotation.go
│ │ ├── rotation_test.go
│ │ ├── signer.go
│ │ ├── utils.go
│ │ ├── vault.go
│ │ ├── vault_integration_test.go
│ │ └── vault_test.go
│ ├── templates.go
│ └── templates_test.go
├── storage/
│ ├── conformance/
│ │ ├── conformance.go
│ │ ├── gen_jwks.go
│ │ ├── jwks.go
│ │ └── transactions.go
│ ├── doc.go
│ ├── ent/
│ │ ├── client/
│ │ │ ├── authcode.go
│ │ │ ├── authrequest.go
│ │ │ ├── authsession.go
│ │ │ ├── client.go
│ │ │ ├── connector.go
│ │ │ ├── devicerequest.go
│ │ │ ├── devicetoken.go
│ │ │ ├── keys.go
│ │ │ ├── main.go
│ │ │ ├── offlinesession.go
│ │ │ ├── password.go
│ │ │ ├── refreshtoken.go
│ │ │ ├── types.go
│ │ │ ├── useridentity.go
│ │ │ └── utils.go
│ │ ├── db/
│ │ │ ├── authcode/
│ │ │ │ ├── authcode.go
│ │ │ │ └── where.go
│ │ │ ├── authcode.go
│ │ │ ├── authcode_create.go
│ │ │ ├── authcode_delete.go
│ │ │ ├── authcode_query.go
│ │ │ ├── authcode_update.go
│ │ │ ├── authrequest/
│ │ │ │ ├── authrequest.go
│ │ │ │ └── where.go
│ │ │ ├── authrequest.go
│ │ │ ├── authrequest_create.go
│ │ │ ├── authrequest_delete.go
│ │ │ ├── authrequest_query.go
│ │ │ ├── authrequest_update.go
│ │ │ ├── authsession/
│ │ │ │ ├── authsession.go
│ │ │ │ └── where.go
│ │ │ ├── authsession.go
│ │ │ ├── authsession_create.go
│ │ │ ├── authsession_delete.go
│ │ │ ├── authsession_query.go
│ │ │ ├── authsession_update.go
│ │ │ ├── client.go
│ │ │ ├── connector/
│ │ │ │ ├── connector.go
│ │ │ │ └── where.go
│ │ │ ├── connector.go
│ │ │ ├── connector_create.go
│ │ │ ├── connector_delete.go
│ │ │ ├── connector_query.go
│ │ │ ├── connector_update.go
│ │ │ ├── devicerequest/
│ │ │ │ ├── devicerequest.go
│ │ │ │ └── where.go
│ │ │ ├── devicerequest.go
│ │ │ ├── devicerequest_create.go
│ │ │ ├── devicerequest_delete.go
│ │ │ ├── devicerequest_query.go
│ │ │ ├── devicerequest_update.go
│ │ │ ├── devicetoken/
│ │ │ │ ├── devicetoken.go
│ │ │ │ └── where.go
│ │ │ ├── devicetoken.go
│ │ │ ├── devicetoken_create.go
│ │ │ ├── devicetoken_delete.go
│ │ │ ├── devicetoken_query.go
│ │ │ ├── devicetoken_update.go
│ │ │ ├── ent.go
│ │ │ ├── enttest/
│ │ │ │ └── enttest.go
│ │ │ ├── hook/
│ │ │ │ └── hook.go
│ │ │ ├── keys/
│ │ │ │ ├── keys.go
│ │ │ │ └── where.go
│ │ │ ├── keys.go
│ │ │ ├── keys_create.go
│ │ │ ├── keys_delete.go
│ │ │ ├── keys_query.go
│ │ │ ├── keys_update.go
│ │ │ ├── migrate/
│ │ │ │ ├── migrate.go
│ │ │ │ └── schema.go
│ │ │ ├── mutation.go
│ │ │ ├── oauth2client/
│ │ │ │ ├── oauth2client.go
│ │ │ │ └── where.go
│ │ │ ├── oauth2client.go
│ │ │ ├── oauth2client_create.go
│ │ │ ├── oauth2client_delete.go
│ │ │ ├── oauth2client_query.go
│ │ │ ├── oauth2client_update.go
│ │ │ ├── offlinesession/
│ │ │ │ ├── offlinesession.go
│ │ │ │ └── where.go
│ │ │ ├── offlinesession.go
│ │ │ ├── offlinesession_create.go
│ │ │ ├── offlinesession_delete.go
│ │ │ ├── offlinesession_query.go
│ │ │ ├── offlinesession_update.go
│ │ │ ├── password/
│ │ │ │ ├── password.go
│ │ │ │ └── where.go
│ │ │ ├── password.go
│ │ │ ├── password_create.go
│ │ │ ├── password_delete.go
│ │ │ ├── password_query.go
│ │ │ ├── password_update.go
│ │ │ ├── predicate/
│ │ │ │ └── predicate.go
│ │ │ ├── refreshtoken/
│ │ │ │ ├── refreshtoken.go
│ │ │ │ └── where.go
│ │ │ ├── refreshtoken.go
│ │ │ ├── refreshtoken_create.go
│ │ │ ├── refreshtoken_delete.go
│ │ │ ├── refreshtoken_query.go
│ │ │ ├── refreshtoken_update.go
│ │ │ ├── runtime/
│ │ │ │ └── runtime.go
│ │ │ ├── runtime.go
│ │ │ ├── tx.go
│ │ │ ├── useridentity/
│ │ │ │ ├── useridentity.go
│ │ │ │ └── where.go
│ │ │ ├── useridentity.go
│ │ │ ├── useridentity_create.go
│ │ │ ├── useridentity_delete.go
│ │ │ ├── useridentity_query.go
│ │ │ └── useridentity_update.go
│ │ ├── generate.go
│ │ ├── mysql.go
│ │ ├── mysql_test.go
│ │ ├── postgres.go
│ │ ├── postgres_test.go
│ │ ├── schema/
│ │ │ ├── authcode.go
│ │ │ ├── authrequest.go
│ │ │ ├── authsession.go
│ │ │ ├── client.go
│ │ │ ├── connector.go
│ │ │ ├── devicerequest.go
│ │ │ ├── devicetoken.go
│ │ │ ├── dialects.go
│ │ │ ├── keys.go
│ │ │ ├── offlinesession.go
│ │ │ ├── password.go
│ │ │ ├── refreshtoken.go
│ │ │ └── useridentity.go
│ │ ├── sqlite.go
│ │ ├── sqlite_test.go
│ │ ├── types.go
│ │ └── utils.go
│ ├── etcd/
│ │ ├── config.go
│ │ ├── etcd.go
│ │ ├── etcd_test.go
│ │ └── types.go
│ ├── health.go
│ ├── kubernetes/
│ │ ├── client.go
│ │ ├── client_test.go
│ │ ├── doc.go
│ │ ├── k8sapi/
│ │ │ ├── client.go
│ │ │ ├── crd_extensions.go
│ │ │ ├── doc.go
│ │ │ ├── extensions.go
│ │ │ ├── time.go
│ │ │ ├── unversioned.go
│ │ │ └── v1.go
│ │ ├── lock.go
│ │ ├── storage.go
│ │ ├── storage_test.go
│ │ ├── transport.go
│ │ └── types.go
│ ├── memory/
│ │ ├── memory.go
│ │ ├── memory_test.go
│ │ └── static_test.go
│ ├── sql/
│ │ ├── config.go
│ │ ├── config_test.go
│ │ ├── crud.go
│ │ ├── crud_test.go
│ │ ├── migrate.go
│ │ ├── migrate_test.go
│ │ ├── postgres_test.go
│ │ ├── sql.go
│ │ ├── sql_test.go
│ │ ├── sqlite.go
│ │ ├── sqlite_no_cgo.go
│ │ └── sqlite_test.go
│ ├── static.go
│ └── storage.go
└── web/
├── robots.txt
├── static/
│ └── main.css
├── templates/
│ ├── approval.html
│ ├── device.html
│ ├── device_success.html
│ ├── error.html
│ ├── footer.html
│ ├── header.html
│ ├── login.html
│ ├── oob.html
│ ├── password.html
│ └── totp_verify.html
├── themes/
│ ├── dark/
│ │ └── styles.css
│ └── light/
│ └── styles.css
└── web.go
================================================
FILE CONTENTS
================================================
================================================
FILE: .dockerignore
================================================
bin/
tmp/
================================================
FILE: .editorconfig
================================================
root = true
[*]
charset = utf-8
end_of_line = lf
indent_size = 4
indent_style = space
insert_final_newline = true
trim_trailing_whitespace = true
[*.go]
indent_style = tab
[*.proto]
indent_size = 2
[{Makefile,*.mk}]
indent_style = tab
[{config.yaml.dist,config.dev.yaml}]
indent_size = 2
[.golangci.yaml]
indent_size = 2
================================================
FILE: .envrc
================================================
if ! has nix_direnv_version || ! nix_direnv_version 3.0.6; then
source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.6/direnvrc" "sha256-RYcUJaRMf8oF5LznDrlCXbkOQrywm0HDv1VjYGaJGdM="
fi
use flake . --impure
dotenv_if_exists
================================================
FILE: .github/.editorconfig
================================================
[{*.yml,*.yaml}]
indent_size = 2
================================================
FILE: .github/CODE_OF_CONDUCT.md
================================================
## Community Code of Conduct
This project follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
================================================
FILE: .github/DCO
================================================
Developer Certificate of Origin
Version 1.1
Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
660 York Street, Suite 102,
San Francisco, CA 94110 USA
Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
================================================
FILE: .github/ISSUE_TEMPLATE/bug_report.yaml
================================================
name: 🐛 Bug report
description: Report a bug to help us improve Dex
body:
- type: markdown
attributes:
value: |
Thank you for submitting a bug report!
Please fill out the template below to make it easier to debug your problem.
If you are not sure if it is a bug or not, you can contact us via the available [support channels](https://github.com/dexidp/dex/issues/new/choose).
- type: checkboxes
attributes:
label: Preflight Checklist
description: Please ensure you've completed all of the following.
options:
- label: I agree to follow the [Code of Conduct](https://github.com/dexidp/dex/blob/master/.github/CODE_OF_CONDUCT.md) that this project adheres to.
required: true
- label: I have searched the [issue tracker](https://www.github.com/dexidp/dex/issues) for an issue that matches the one I want to file, without success.
required: true
- label: I am not looking for support or already pursued the available [support channels](https://github.com/dexidp/dex/issues/new/choose) without success.
required: true
- type: input
attributes:
label: Version
description: What version of Dex are you running?
placeholder: 2.29.0
validations:
required: true
- type: dropdown
attributes:
label: Storage Type
description: Which persistent storage type are you using?
options:
- etcd
- Kubernetes
- In-memory
- Postgres
- MySQL
- SQLite
validations:
required: true
- type: dropdown
attributes:
label: Installation Type
description: How did you install Dex?
options:
- Binary
- Official container image
- Official Helm chart
- Custom container image
- Custom Helm chart
- Other (specify below)
multiple: true
validations:
required: true
- type: textarea
attributes:
label: Expected Behavior
description: A clear and concise description of what you expected to happen.
validations:
required: true
- type: textarea
attributes:
label: Actual Behavior
description: A clear description of what actually happens.
validations:
required: true
- type: textarea
attributes:
label: Steps To Reproduce
description: Steps to reproduce the behavior if it is not self-explanatory.
placeholder: |
1. In this environment...
2. With this config...
3. Run '...'
4. See error...
- type: textarea
attributes:
label: Additional Information
description: Links? References? Anything that will give us more context about the issue that you are encountering!
- type: textarea
attributes:
label: Configuration
description: Contents of your configuration file (if relevant).
render: yaml
placeholder: |
issuer: http://127.0.0.1:5556/dex
storage:
# ...
connectors:
# ...
staticClients:
# ...
- type: textarea
attributes:
label: Logs
description: Dex application logs (if relevant).
render: shell
================================================
FILE: .github/ISSUE_TEMPLATE/config.yml
================================================
blank_issues_enabled: false
contact_links:
- name: 📖 Documentation enhancement
url: https://github.com/dexidp/website/issues
about: Suggest an improvement to the documentation
- name: ❓ Ask a question
url: https://github.com/dexidp/dex/discussions/new?category=q-a
about: Ask and discuss questions with other Dex community members
- name: 📚 Documentation
url: https://dexidp.io/docs/
about: Check the documentation for help
- name: 💬 Slack channel
url: https://cloud-native.slack.com/messages/dexidp
about: Please ask and answer questions here
- name: 💡 Dex Enhancement Proposal
url: https://github.com/dexidp/dex/tree/master/docs/enhancements/README.md
about: Open a proposal for significant architectural change
================================================
FILE: .github/ISSUE_TEMPLATE/feature_request.yaml
================================================
name: 🎉 Feature request
description: Suggest an idea for Dex
body:
- type: markdown
attributes:
value: |
Thank you for submitting a feature request!
Please describe what you would like to change/add and why in detail by filling out the template below.
If you are not sure if your request fits into Dex, you can contact us via the available [support channels](https://github.com/dexidp/dex/issues/new/choose).
- type: checkboxes
attributes:
label: Preflight Checklist
description: Please ensure you've completed all of the following.
options:
- label: I agree to follow the [Code of Conduct](https://github.com/dexidp/dex/blob/master/.github/CODE_OF_CONDUCT.md) that this project adheres to.
required: true
- label: I have searched the [issue tracker](https://www.github.com/dexidp/dex/issues) for an issue that matches the one I want to file, without success.
required: true
- type: textarea
attributes:
label: Problem Description
description: A clear and concise description of the problem you are seeking to solve with this feature request.
validations:
required: true
- type: textarea
attributes:
label: Proposed Solution
description: A clear and concise description of what would you like to happen.
validations:
required: true
- type: textarea
attributes:
label: Alternatives Considered
description: A clear and concise description of any alternative solutions or features you've considered.
- type: textarea
attributes:
label: Additional Information
description: Add any other context about the problem here.
================================================
FILE: .github/PULL_REQUEST_TEMPLATE.md
================================================
<!--
Thank you for sending a pull request! Here are some tips for contributors:
1. Fill the description template below.
2. Sign a DCO (if you haven't already signed it).
3. Include appropriate tests (if necessary). Make sure that all CI checks passed.
4. If the Pull Request is a work in progress, make use of GitHub's "Draft PR" feature and mark it as such.
-->
#### Overview
<!-- Describe your changes briefly here. -->
#### What this PR does / why we need it
<!--
- Please state in detail why we need this PR and what it solves.
- If your PR closes some of the existing issues, please add links to them here.
Mentioned issues will be automatically closed.
Usage: "Closes #<issue number>", or "Closes (paste link of issue)"
-->
#### Special notes for your reviewer
================================================
FILE: .github/SECURITY.md
================================================
# Security Policy
## Reporting a vulnerability
To report a vulnerability, send an email to [cncf-dex-maintainers@lists.cncf.io](mailto:cncf-dex-maintainers@lists.cncf.io)
detailing the issue and steps to reproduce. The reporter(s) can expect a
response within 48 hours acknowledging the issue was received. If a response is
not received within 48 hours, please reach out to any maintainer directly
to confirm receipt of the issue.
## Review Process
Once a maintainer has confirmed the relevance of the report, a draft security
advisory will be created on GitHub. The draft advisory will be used to discuss
the issue with maintainers, the reporter(s).
If the reporter(s) wishes to participate in this discussion, then provide
reporter GitHub username(s) to be invited to the discussion. If the reporter(s)
does not wish to participate directly in the discussion, then the reporter(s)
can request to be updated regularly via email.
If the vulnerability is accepted, a timeline for developing a patch, public
disclosure, and patch release will be determined. The reporter(s) are expected
to participate in the discussion of the timeline and abide by agreed upon dates
for public disclosure.
================================================
FILE: .github/dependabot.yaml
================================================
version: 2
updates:
- package-ecosystem: "gomod"
directory: "/"
labels:
- "area/dependencies"
schedule:
interval: "daily"
groups:
etcd:
patterns:
- "go.etcd.io/*"
- package-ecosystem: "gomod"
directory: "/api/v2"
labels:
- "area/dependencies"
schedule:
interval: "daily"
- package-ecosystem: "gomod"
directory: "/examples"
labels:
- "area/dependencies"
schedule:
interval: "daily"
- package-ecosystem: "docker"
directory: "/"
labels:
- "area/dependencies"
schedule:
interval: "daily"
- package-ecosystem: "github-actions"
directory: "/"
labels:
- "area/dependencies"
schedule:
interval: "daily"
================================================
FILE: .github/release.yml
================================================
changelog:
exclude:
labels:
- release-note/ignore
categories:
- title: Exciting New Features 🎉
labels:
- kind/feature
- release-note/new-feature
- title: Enhancements 🚀
labels:
- kind/enhancement
- release-note/enhancement
- title: Bug Fixes 🐛
labels:
- kind/bug
- release-note/bug-fix
- title: Breaking Changes 🛠
labels:
- release-note/breaking-change
- title: Deprecations ❌
labels:
- release-note/deprecation
- title: Dependency Updates ⬆️
labels:
- area/dependencies
- release-note/dependency-update
- title: Other Changes
labels:
- "*"
================================================
FILE: .github/workflows/analysis-scorecard.yaml
================================================
name: OpenSSF Scorecard
on:
branch_protection_rule:
push:
branches: [ main ]
schedule:
- cron: '30 0 * * 5'
permissions:
contents: read
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
id-token: write
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Run analysis
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
with:
results_file: results.sarif
results_format: sarif
publish_results: true
- name: Upload results as artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: OpenSSF Scorecard results
path: results.sarif
retention-days: 5
- name: Upload results to GitHub Security tab
uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v3.29.5
with:
sarif_file: results.sarif
================================================
FILE: .github/workflows/artifacts.yaml
================================================
name: Artifacts
on:
workflow_call:
inputs:
publish:
description: Publish artifacts to the artifact store
default: false
required: false
type: boolean
secrets:
DOCKER_USERNAME:
required: true
DOCKER_PASSWORD:
required: true
outputs:
container-image-name:
description: Container image name
value: ${{ jobs.container-images.outputs.name }}
container-image-digest:
description: Container image digest
value: ${{ jobs.container-images.outputs.digest }}
container-image-ref:
description: Container image ref
value: ${{ jobs.container-images.outputs.ref }}
permissions:
contents: read
jobs:
container-images:
name: Container images
runs-on: ubuntu-latest
strategy:
matrix:
variant:
- alpine
- distroless
permissions:
attestations: write
contents: read
packages: write
id-token: write
security-events: write
outputs:
name: ${{ steps.image-name.outputs.value }}
digest: ${{ steps.build.outputs.digest }}
ref: ${{ steps.image-ref.outputs.value }}
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-tags: true
- name: Set up QEMU
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Set up Syft
uses: anchore/sbom-action/download-syft@57aae528053a48a3f6235f2d9461b05fbcb7366d # v0.23.1
- name: Install cosign
uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
- name: Set image name
id: image-name
run: echo "value=ghcr.io/${{ github.repository }}" >> "$GITHUB_OUTPUT"
- name: Gather build metadata
id: meta
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
with:
images: |
${{ steps.image-name.outputs.value }}
${{ github.repository == 'dexidp/dex' && 'dexidp/dex' || '' }}
flavor: |
latest = false
tags: |
type=ref,event=branch,enable=${{ matrix.variant == 'alpine' }}
type=ref,event=pr,prefix=pr-,enable=${{ matrix.variant == 'alpine' }}
type=semver,pattern={{raw}},enable=${{ matrix.variant == 'alpine' }}
type=raw,value=latest,enable=${{ github.ref_name == github.event.repository.default_branch && matrix.variant == 'alpine' }}
type=ref,event=branch,suffix=-${{ matrix.variant }}
type=ref,event=pr,prefix=pr-,suffix=-${{ matrix.variant }}
type=semver,pattern={{raw}},suffix=-${{ matrix.variant }}
type=raw,value=latest,enable={{is_default_branch}},suffix=-${{ matrix.variant }}
labels: |
org.opencontainers.image.documentation=https://dexidp.io/docs/
# Multiple exporters are not supported yet
# See https://github.com/moby/buildkit/pull/2760
- name: Get version from git-version script
id: version
run: echo "value=$(bash ./scripts/git-version)" >> "$GITHUB_OUTPUT"
# Multiple exporters are not supported yet
# See https://github.com/moby/buildkit/pull/2760
- name: Determine build output
uses: haya14busa/action-cond@94f77f7a80cd666cb3155084e428254fea4281fd # v1.2.1
id: build-output
with:
cond: ${{ inputs.publish }}
if_true: type=image,push=true
if_false: type=oci,dest=image.tar
- name: Login to GitHub Container Registry
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
if: inputs.publish
- name: Login to Docker Hub
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
if: inputs.publish
- name: Build and push image
id: build
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
with:
context: .
platforms: linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
tags: ${{ steps.meta.outputs.tags }}
build-args: |
BASE_IMAGE=${{ matrix.variant }}
VERSION=${{ steps.version.outputs.value }}
COMMIT_HASH=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
labels: |
${{ steps.meta.outputs.labels }}
# cache-from: type=gha
# cache-to: type=gha,mode=max
outputs: ${{ steps.build-output.outputs.value }}
# push: ${{ inputs.publish }}
- name: Sign the images with GitHub OIDC Token
run: |
cosign sign --yes ${{ steps.image-name.outputs.value }}@${{ steps.build.outputs.digest }}
if: inputs.publish
- name: Set image ref
id: image-ref
run: echo "value=${{ steps.image-name.outputs.value }}@${{ steps.build.outputs.digest }}" >> "$GITHUB_OUTPUT"
- name: Fetch image
run: skopeo --insecure-policy copy docker://${{ steps.image-ref.outputs.value }} oci-archive:image.tar
if: inputs.publish
# Uncomment the following lines for debugging:
# - name: Upload image as artifact
# uses: actions/upload-artifact@v3
# with:
# name: "[${{ github.job }}] OCI tarball"
# path: image.tar
- name: Extract OCI tarball
id: extract-oci
run: |
mkdir -p image
tar -xf image.tar -C image
image_name=$(jq -r '.manifests[0].annotations["io.containerd.image.name"]' image/index.json)
image_tag=$(jq -r '.manifests[0].annotations["org.opencontainers.image.ref.name"]' image/index.json)
echo "Copying $image_tag -> $image_name"
skopeo copy "oci:image:$image_tag" "docker-daemon:$image_name"
echo "value=$image_name" >> "$GITHUB_OUTPUT"
if: ${{ !inputs.publish }}
# - name: List tags
# run: skopeo --insecure-policy list-tags oci:image
#
# # See https://github.com/anchore/syft/issues/1545
# - name: Extract image from multi-arch image
# run: skopeo --override-os linux --override-arch amd64 --insecure-policy copy oci:image:${{ steps.image-name.outputs.value }}:${{ steps.meta.outputs.version }} docker-archive:docker.tar
#
# - name: Generate SBOM
# run: syft -o spdx-json=sbom-spdx.json docker-archive:docker.tar
#
# - name: Upload SBOM as artifact
# uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
# with:
# name: "[${{ github.job }}] SBOM"
# path: sbom-spdx.json
# retention-days: 5
# TODO: uncomment when the action is working for non ghcr.io pushes. GH Issue: https://github.com/actions/attest-build-provenance/issues/80
# - name: Generate build provenance attestation
# uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
# with:
# subject-name: dexidp/dex
# subject-digest: ${{ steps.build.outputs.digest }}
# push-to-registry: true
- name: Generate build provenance attestation
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
with:
subject-name: ghcr.io/${{ github.repository }}
subject-digest: ${{ steps.build.outputs.digest }}
push-to-registry: true
if: inputs.publish
- name: Prepare image fs for scanning
run: |
image_ref=${{ steps.extract-oci.outputs.value != '' && steps.extract-oci.outputs.value || steps.image-ref.outputs.value }}
docker export $(docker create --rm $image_ref) -o docker-image.tar
mkdir -p docker-image
tar -xf docker-image.tar -C docker-image
## Use cache for the trivy-db to avoid the TOOMANYREQUESTS error https://github.com/aquasecurity/trivy-action/pull/397
## To avoid the trivy-db becoming outdated, we save the cache for one day
- name: Get data
id: date
run: echo "date=$(date +%Y-%m-%d)" >> $GITHUB_OUTPUT
- name: Restore trivy cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: cache/db
key: trivy-cache-${{ steps.date.outputs.date }}
restore-keys: trivy-cache-
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
with:
input: docker-image
format: sarif
output: trivy-results.sarif
scan-type: "rootfs"
scan-ref: "."
cache-dir: "./cache"
# Disable skipping trivy cache for now
env:
TRIVY_SKIP_DB_UPDATE: true
TRIVY_SKIP_JAVA_DB_UPDATE: true
## Trivy-db uses `0600` permissions.
## But `action/cache` use `runner` user by default
## So we need to change the permissions before caching the database.
- name: change permissions for trivy.db
run: sudo chmod 0644 ./cache/db/trivy.db
- name: Check Trivy sarif
run: cat trivy-results.sarif
- name: Upload Trivy scan results as artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: "[${{ github.job }}] Trivy scan results"
path: trivy-results.sarif
retention-days: 5
overwrite: true
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v3.29.5
with:
sarif_file: trivy-results.sarif
================================================
FILE: .github/workflows/checks.yaml
================================================
name: PR Checks
on:
pull_request:
types: [opened, labeled, unlabeled, synchronize]
permissions:
contents: read
jobs:
release-label:
name: Release note label
runs-on: ubuntu-latest
if: github.repository == 'dexidp/dex'
steps:
- name: Check minimum labels
uses: mheap/github-action-required-labels@0ac283b4e65c1fb28ce6079dea5546ceca98ccbe # v5.5
with:
mode: minimum
count: 1
labels: "release-note/ignore, kind/feature, release-note/new-feature, kind/enhancement, release-note/enhancement, kind/bug, release-note/bug-fix, release-note/breaking-change, release-note/deprecation, area/dependencies, release-note/dependency-update"
================================================
FILE: .github/workflows/ci.yaml
================================================
name: CI
on:
push:
branches: [master]
pull_request:
permissions:
contents: read
jobs:
test:
name: Test
runs-on: ubuntu-latest
services:
postgres:
image: postgres:10.8
env:
TZ: UTC
ports:
- 5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
postgres-ent:
image: postgres:10.8
env:
TZ: UTC
ports:
- 5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
mysql:
image: mysql:5.7
env:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: dex
ports:
- 3306
options: --health-cmd "mysql -proot -e \"show databases;\"" --health-interval 10s --health-timeout 5s --health-retries 5
mysql-ent:
image: mysql:5.7
env:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: dex
ports:
- 3306
options: --health-cmd "mysql -proot -e \"show databases;\"" --health-interval 10s --health-timeout 5s --health-retries 5
mysql8:
image: mysql:8.0
env:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: dex
ports:
- 3306
options: --health-cmd "mysql -proot -e \"show databases;\"" --health-interval 10s --health-timeout 5s --health-retries 5
mysql8-ent:
image: mysql:8.0
env:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: dex
ports:
- 3306
options: --health-cmd "mysql -proot -e \"show databases;\"" --health-interval 10s --health-timeout 5s --health-retries 5
etcd:
image: gcr.io/etcd-development/etcd:v3.5.0
ports:
- 2379
env:
ETCD_LISTEN_CLIENT_URLS: http://0.0.0.0:2379
ETCD_ADVERTISE_CLIENT_URLS: http://0.0.0.0:2379
options: --health-cmd "ETCDCTL_API=3 etcdctl --endpoints http://localhost:2379 endpoint health" --health-interval 10s --health-timeout 5s --health-retries 5
keystone:
image: openio/openstack-keystone:rocky
ports:
- 5000
- 35357
options: --health-cmd "curl --fail http://localhost:5000/v3" --health-interval 10s --health-timeout 5s --health-retries 5
vault:
image: hashicorp/vault:1.21
ports:
- 8200
env:
VAULT_DEV_ROOT_TOKEN_ID: root-token
VAULT_DEV_LISTEN_ADDRESS: "0.0.0.0:8200"
options: --health-cmd "vault status -address=http://localhost:8200 || exit 1" --health-interval 10s --health-timeout 5s --health-retries 5
openbao:
image: quay.io/openbao/openbao:2.5
ports:
- 8210
env:
BAO_DEV_ROOT_TOKEN_ID: root-token
BAO_DEV_LISTEN_ADDRESS: "0.0.0.0:8210"
options: --health-cmd "bao status -address=http://localhost:8210 || exit 1" --health-interval 10s --health-timeout 5s --health-retries 5
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "1.25"
- name: Download tool dependencies
run: make deps
# Ensure that generated files were committed.
# It can help us determine, that the code is in the intermediate state, which should not be tested.
# Thus, heavy jobs like creating a kind cluster and testing / linting will be skipped.
- name: Verify
run: make verify
- name: Start services
run: docker compose -f docker-compose.test.yaml up -d
- name: Create kind cluster
uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc # v1.14.0
with:
version: "v0.17.0"
node_image: "kindest/node:v1.25.3@sha256:cd248d1438192f7814fbca8fede13cfe5b9918746dfa12583976158a834fd5c5"
- name: Test
run: make testall
env:
DEX_MYSQL_DATABASE: dex
DEX_MYSQL_USER: root
DEX_MYSQL_PASSWORD: root
DEX_MYSQL_HOST: 127.0.0.1
DEX_MYSQL_PORT: ${{ job.services.mysql.ports[3306] }}
DEX_MYSQL_ENT_DATABASE: dex
DEX_MYSQL_ENT_USER: root
DEX_MYSQL_ENT_PASSWORD: root
DEX_MYSQL_ENT_HOST: 127.0.0.1
DEX_MYSQL_ENT_PORT: ${{ job.services.mysql-ent.ports[3306] }}
DEX_MYSQL8_DATABASE: dex
DEX_MYSQL8_USER: root
DEX_MYSQL8_PASSWORD: root
DEX_MYSQL8_HOST: 127.0.0.1
DEX_MYSQL8_PORT: ${{ job.services.mysql8.ports[3306] }}
DEX_MYSQL8_ENT_DATABASE: dex
DEX_MYSQL8_ENT_USER: root
DEX_MYSQL8_ENT_PASSWORD: root
DEX_MYSQL8_ENT_HOST: 127.0.0.1
DEX_MYSQL8_ENT_PORT: ${{ job.services.mysql8-ent.ports[3306] }}
DEX_POSTGRES_DATABASE: postgres
DEX_POSTGRES_USER: postgres
DEX_POSTGRES_PASSWORD: postgres
DEX_POSTGRES_HOST: localhost
DEX_POSTGRES_PORT: ${{ job.services.postgres.ports[5432] }}
DEX_POSTGRES_ENT_DATABASE: postgres
DEX_POSTGRES_ENT_USER: postgres
DEX_POSTGRES_ENT_PASSWORD: postgres
DEX_POSTGRES_ENT_HOST: localhost
DEX_POSTGRES_ENT_PORT: ${{ job.services.postgres-ent.ports[5432] }}
DEX_ETCD_ENDPOINTS: http://localhost:${{ job.services.etcd.ports[2379] }}
DEX_LDAP_HOST: localhost
DEX_LDAP_PORT: 3890
DEX_LDAP_TLS_PORT: 6360
DEX_KEYSTONE_URL: http://localhost:${{ job.services.keystone.ports[5000] }}
DEX_KEYSTONE_ADMIN_URL: http://localhost:${{ job.services.keystone.ports[35357] }}
DEX_KEYSTONE_ADMIN_USER: demo
DEX_KEYSTONE_ADMIN_PASS: DEMO_PASS
DEX_VAULT_ADDR: http://localhost:${{ job.services.vault.ports[8200] }}
DEX_VAULT_TOKEN: root-token
DEX_OPENBAO_ADDR: http://localhost:${{ job.services.openbao.ports[8210] }}
DEX_OPENBAO_TOKEN: root-token
DEX_KUBERNETES_CONFIG_PATH: ~/.kube/config
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "1.25"
- name: Download golangci-lint
run: make bin/golangci-lint
- name: Lint
run: make lint
artifacts:
name: Artifacts
uses: ./.github/workflows/artifacts.yaml
with:
publish: ${{ github.event_name == 'push' }}
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
permissions:
attestations: write
contents: read
packages: write
id-token: write
security-events: write
dependency-review:
name: Dependency review
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Dependency Review
uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0
================================================
FILE: .github/workflows/release.yaml
================================================
name: Release
on:
push:
tags: [ "v[0-9]+.[0-9]+.[0-9]+" ]
permissions:
contents: read
jobs:
artifacts:
name: Artifacts
uses: ./.github/workflows/artifacts.yaml
with:
publish: true
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
permissions:
attestations: write
contents: read
packages: write
id-token: write
security-events: write
================================================
FILE: .github/workflows/trivydb-cache.yaml
================================================
# Note: This workflow only updates the cache. You should create a separate workflow for your actual Trivy scans.
# In your scan workflow, set TRIVY_SKIP_DB_UPDATE=true and TRIVY_SKIP_JAVA_DB_UPDATE=true.
name: Update Trivy Cache
on:
schedule:
- cron: '0 0 * * *' # Run daily at midnight UTC
workflow_dispatch: # Allow manual triggering
permissions:
contents: read
jobs:
update-trivy-db:
runs-on: ubuntu-latest
steps:
- name: Setup oras
uses: oras-project/setup-oras@22ce207df3b08e061f537244349aac6ae1d214f6 # v1.2.4
- name: Get current date
id: date
run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
- name: Download and extract the vulnerability DB
run: |
mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db
oras pull ghcr.io/aquasecurity/trivy-db:2
tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db
rm db.tar.gz
- name: Download and extract the Java DB
run: |
mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db
oras pull ghcr.io/aquasecurity/trivy-java-db:1
tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db
rm javadb.tar.gz
- name: Cache DBs
uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ${{ github.workspace }}/.cache/trivy
key: cache-trivy-${{ steps.date.outputs.date }}
================================================
FILE: .gitignore
================================================
/.devenv/
/.direnv/
/.idea/
/bin/
/config.yaml
/docker-compose.override.yaml
/var/
/vendor/
*.db
================================================
FILE: .gitpod.yml
================================================
tasks:
- init: go get && go build ./... && go test ./... && make
command: go run
================================================
FILE: .golangci.yaml
================================================
version: "2"
run:
timeout: 5m
linters:
disable:
- staticcheck
- errcheck
enable:
- depguard
- dogsled
- exhaustive
- gochecknoinits
# - gocritic
- goprintffuncname
- govet
- ineffassign
- misspell
- nakedret
- nolintlint
- prealloc
# - revive
# - sqlclosecheck
# - staticcheck
- unconvert
- unused
- whitespace
# Disable temporarily until everything works with Go 1.20
# - bodyclose
# - rowserrcheck
# - tparallel
# - unparam
# Disable temporarily until the following issue is resolved: https://github.com/golangci/golangci-lint/issues/3086
# - sqlclosecheck
# TODO: fix linter errors before enabling
# - exhaustivestruct
# - gochecknoglobals
# - errorlint
# - gocognit
# - godot
# - nlreturn
# - noctx
# - revive
# - wrapcheck
# TODO: fix linter errors before enabling (from original config)
# - dupl
# - errcheck
# - goconst
# - gocyclo
# - gosec
# - lll
# - scopelint
# unused
# - goheader
# - gomodguard
# don't enable:
# - asciicheck
# - funlen
# - godox
# - goerr113
# - gomnd
# - interfacer
# - maligned
# - nestif
# - testpackage
# - wsl
exclusions:
rules:
- linters:
- errcheck
- noctx
path: _test.go
presets:
- comments
- std-error-handling
settings:
misspell:
locale: US
nolintlint:
allow-unused: false # report any unused nolint directives
require-specific: false # don't require nolint directives to be specific about which linter is being skipped
gocritic:
# Enable multiple checks by tags. See "Tags" section in https://github.com/go-critic/go-critic#usage.
enabled-tags:
- diagnostic
- experimental
- opinionated
- style
disabled-checks:
- importShadow
- unnamedResult
depguard:
rules:
deprecated:
deny:
- pkg: "io/ioutil"
desc: "The 'io/ioutil' package is deprecated. Use corresponding 'os' or 'io' functions instead."
formatters:
enable:
- gci
- gofmt
- gofumpt
- goimports
# - golines
settings:
gci:
sections:
- standard
- default
- localmodule
# issues:
# exclude-dirs:
# - storage/ent/db # generated ent code
================================================
FILE: ADOPTERS.md
================================================
# Adopters
This is a list of production adopters of Dex (in alphabetical order).
# Companies
- [Aspect](https://www.aspect.com/) uses Dex for authenticating users across their Kubernetes infrastructure (using Kubernetes OIDC support).
- [Banzai Cloud](https://banzaicloud.com) is using Dex for authenticating to its Pipeline control plane and also to authenticate users against provisioned Kubernetes clusters (via Kubernetes OIDC support).
- [Ericsson](https://www.ericsson.com) is using Dex to authenticate access to Kubernetes API server in [Cloud Container Distribution](https://www.ericsson.com/en/portfolio/cloud-software-and-services/cloud-core/cloud-infrastructure/nfvi/cloud-container-distribution).
- [Flant](https://flant.com) uses Dex for providing access to core components of [Managed Kubernetes as a Service](https://flant.com/services/managed-kubernetes-as-a-service), integration with various authentication providers, plugging custom applications.
- [JuliaBox](https://juliabox.com/) is leveraging federated OIDC provided by Dex for authenticating users to their compute infrastructure based on Kubernetes.
- [Pusher](https://pusher.com) uses Dex for authenticating users across their Kubernetes infrastructure (using Kubernetes OIDC support) in conjunction with the [OAuth2 Proxy](https://github.com/pusher/oauth2_proxy) for protecting web UIs.
# Projects
- [Argo CD](https://argoproj.github.io/cd) integrates Dex to provide convenient Single Sign On capabilities to its web UI and CLI
- [Chef](https://chef.io) uses Dex for authenticating users in [Chef Automate](https://automate.chef.io/). The code is Open Source, available at [`github.com/chef/automate`](https://github.com/chef/automate).
- [Elastisys](https://elastisys.com) uses Dex for authentication in [Welkin, The Application Platform for Software Critical to Society](https://elastisys.io/welkin/), including SSO to Grafana, OpenSearch, and Harbor.
- [Kasten](https://www.kasten.io) is using Dex for authenticating access to the dashboard of [K10](https://www.kasten.io/product/), a Kubernetes-native platform for backup, disaster recovery and mobility of Kubernetes applications. K10 is widely used by a variety of customers including large enterprises, financial services, design firms, and IT companies.
- [Kubeflow](https://www.kubeflow.org/) [uses](https://github.com/kubeflow/manifests#dex) Dex as one of its components in the Kubeflow Platform for external OIDC authentication.
- [Kyma](https://kyma-project.io) is using Dex to authenticate access to Kubernetes API server (even for managed Kubernetes like Google Kubernetes Engine or Azure Kubernetes Service) and for protecting web UI of [Kyma Console](https://github.com/kyma-project/console) and other UIs integrated in Kyma ([Grafana](https://github.com/grafana/grafana), [Loki](https://github.com/grafana/loki), and [Jaeger](https://github.com/jaegertracing/jaeger)). Kyma is an open-source project ([`github.com/kyma-project`](https://github.com/kyma-project/kyma)) designed natively on Kubernetes, that allows you to extend and customize your applications in a quick and modern way, using serverless computing or microservice architecture.
- [LitmusChaos](https://litmuschaos.io/) uses Dex to [implement](https://docs.litmuschaos.io/docs/user-guides/chaoscenter-oauth-dex-installation#deploy-dex-oidc-provider) OAuth2 login support in ChaosCenter, its centralized chaos management tool.
- [LLMariner](https://llmariner.ai/) uses Dex for [user management](https://llmariner.ai/docs/features/user_management/).
- [Pydio](https://pydio.com/) Pydio Cells is an open source sync & share platform written in Go. Cells is using Dex as an OIDC service for authentication and authorizations. Check out [Pydio Cells repository](https://github.com/pydio/cells) for more information and/or to contribute.
- [sigstore](https://sigstore.dev) uses Dex for authentication in their public Fulcio instance, which is a certificate authority for code signing certificates bound to OIDC-based identities.
- [Terrakube](https://docs.terrakube.io/) relies on Dex for [user authentication](https://docs.terrakube.io/getting-started/deployment/user-authentication-dex). Its Helm chart uses Dex as a dependency.
================================================
FILE: Dockerfile
================================================
ARG BASE_IMAGE=alpine
FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.9.0@sha256:c64defb9ed5a91eacb37f96ccc3d4cd72521c4bd18d5442905b95e2226b0e707 AS xx
FROM --platform=$BUILDPLATFORM golang:1.26.1-alpine3.22@sha256:07e91d24f6330432729082bb580983181809e0a48f0f38ecde26868d4568c6ac AS builder
COPY --from=xx / /
RUN apk add --update alpine-sdk ca-certificates openssl clang lld
ARG TARGETPLATFORM
RUN xx-apk --update add musl-dev gcc
# lld has issues building static binaries for ppc so prefer ld for it
RUN [ "$(xx-info arch)" != "ppc64le" ] || XX_CC_PREFER_LINKER=ld xx-clang --setup-target-triple
RUN xx-go --wrap
WORKDIR /usr/local/src/dex
ARG GOPROXY
ENV CGO_ENABLED=1
COPY go.mod go.sum ./
COPY api/v2/go.mod api/v2/go.sum ./api/v2/
RUN go mod download
COPY . .
# Propagate Dex version from build args to the build environment
ARG VERSION
RUN make release-binary
RUN xx-verify /go/bin/dex && xx-verify /go/bin/docker-entrypoint
FROM alpine:3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659 AS stager
RUN mkdir -p /var/dex
RUN mkdir -p /etc/dex
COPY config.docker.yaml /etc/dex/
FROM alpine:3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659 AS gomplate
ARG TARGETOS
ARG TARGETARCH
ARG TARGETVARIANT
ENV GOMPLATE_VERSION=v5.0.0
RUN wget -O /usr/local/bin/gomplate \
"https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${TARGETOS:-linux}-${TARGETARCH:-amd64}${TARGETVARIANT}" \
&& chmod +x /usr/local/bin/gomplate
# For Dependabot to detect base image versions
FROM alpine:3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659 AS alpine
FROM alpine AS user-setup
RUN addgroup -g 1001 -S dex && adduser -u 1001 -S -G dex -D -H -s /sbin/nologin dex
FROM gcr.io/distroless/static-debian13:nonroot@sha256:e3f945647ffb95b5839c07038d64f9811adf17308b9121d8a2b87b6a22a80a39 AS distroless
FROM $BASE_IMAGE
# Dex connectors, such as GitHub and Google logins require root certificates.
# Proper installations should manage those certificates, but it's a bad user
# experience when this doesn't work out of the box.
#
# See https://go.dev/src/crypto/x509/root_linux.go for Go root CA bundle locations.
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
# Ensure the dex user/group exist before setting ownership or switching to them.
COPY --from=user-setup /etc/passwd /etc/passwd
COPY --from=user-setup /etc/group /etc/group
COPY --from=stager --chown=1001:1001 /var/dex /var/dex
COPY --from=stager --chown=1001:1001 /etc/dex /etc/dex
# Copy module files for CVE scanning / dependency analysis.
COPY --from=builder /usr/local/src/dex/go.mod /usr/local/src/dex/go.sum /usr/local/src/dex/
COPY --from=builder /usr/local/src/dex/api/v2/go.mod /usr/local/src/dex/api/v2/go.sum /usr/local/src/dex/api/v2/
COPY --from=builder /go/bin/dex /usr/local/bin/dex
COPY --from=builder /go/bin/docker-entrypoint /usr/local/bin/docker-entrypoint
COPY --from=builder /usr/local/src/dex/web /srv/dex/web
COPY --from=gomplate /usr/local/bin/gomplate /usr/local/bin/gomplate
USER dex:dex
ENTRYPOINT ["/usr/local/bin/docker-entrypoint"]
CMD ["dex", "serve", "/etc/dex/config.docker.yaml"]
================================================
FILE: LICENSE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: MAINTAINERS
================================================
Joel Speed <Joel.speed@hotmail.co.uk> (@JoelSpeed)
Maksim Nabokikh <max.nabokih@gmail.com> (@nabokihms)
Mark Sagi-Kazar <mark.sagikazar@gmail.com> (@sagikazarmark)
Nandor Kracser <bonifaido@gmail.com> (@bonifaido)
Rithu John <rithujohn191@gmail.com> (@rithujohn191)
Stephen Augustus <foo@auggie.dev> (@justaugustus)
================================================
FILE: Makefile
================================================
export PATH := $(abspath bin/protoc/bin/):$(abspath bin/):${PATH}
OS = $(shell uname | tr A-Z a-z)
user=$(shell id -u -n)
group=$(shell id -g -n)
$( shell mkdir -p bin )
PROJ = dex
ORG_PATH = github.com/dexidp
REPO_PATH = $(ORG_PATH)/$(PROJ)
VERSION ?= $(shell ./scripts/git-version)
export GOBIN=$(PWD)/bin
LD_FLAGS="-w -X main.version=$(VERSION)"
# Dependency versions
GOLANGCI_VERSION = 2.4.0
GOTESTSUM_VERSION ?= 1.12.0
PROTOC_VERSION = 29.3
PROTOC_GEN_GO_VERSION = 1.36.5
PROTOC_GEN_GO_GRPC_VERSION = 1.5.1
KIND_VERSION = 0.22.0
KIND_NODE_IMAGE = "kindest/node:v1.25.3@sha256:cd248d1438192f7814fbca8fede13cfe5b9918746dfa12583976158a834fd5c5"
KIND_TMP_DIR = "$(PWD)/bin/test/dex-kind-kubeconfig"
##@ Build
build: bin/dex ## Build Dex binaries.
examples: bin/grpc-client bin/example-app ## Build example app.
.PHONY: update-gomplate
update-gomplate: ## Check and update gomplate version in Dockerfile.
@./scripts/update-gomplate
.PHONY: release-binary
release-binary: LD_FLAGS = "-w -X main.version=$(VERSION) -extldflags \"-static\""
release-binary: ## Build release binaries (used to build a final container image).
@go build -o /go/bin/dex -v -ldflags $(LD_FLAGS) $(REPO_PATH)/cmd/dex
@go build -o /go/bin/docker-entrypoint -v -ldflags $(LD_FLAGS) $(REPO_PATH)/cmd/docker-entrypoint
bin/dex:
@mkdir -p bin/
@go install -v -ldflags $(LD_FLAGS) $(REPO_PATH)/cmd/dex
bin/grpc-client:
@mkdir -p bin/
@cd examples/ && go install -v -ldflags $(LD_FLAGS) $(REPO_PATH)/examples/grpc-client
bin/example-app:
@mkdir -p bin/
@cd examples/ && go install -v -ldflags $(LD_FLAGS) $(REPO_PATH)/examples/example-app
##@ Generate
.PHONY: generate
generate: generate-proto generate-proto-internal generate-ent go-mod-tidy ## Run all generators.
.PHONY: generate-ent
generate-ent: ## Generate code for database ORM.
@go generate $(REPO_PATH)/storage/ent/
.PHONY: generate-proto
generate-proto: ## Generate the Dex client's protobuf code.
@protoc --go_out=paths=source_relative:. --go-grpc_out=paths=source_relative:. api/v2/*.proto
@protoc --go_out=paths=source_relative:. --go-grpc_out=paths=source_relative:. api/*.proto
.PHONY: generate-proto-internal
generate-proto-internal: ## Generate protobuf code for token encoding.
@protoc --go_out=paths=source_relative:. server/internal/*.proto
go-mod-tidy: ## Run go mod tidy for all targets.
@go mod tidy
@cd examples/ && go mod tidy
@cd api/v2/ && go mod tidy
bin/protoc:
@mkdir -p bin/protoc
ifeq ($(shell uname | tr A-Z a-z), darwin)
curl -L https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-osx-x86_64.zip > bin/protoc.zip
endif
ifeq ($(shell uname | tr A-Z a-z), linux)
curl -L https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-x86_64.zip > bin/protoc.zip
endif
unzip bin/protoc.zip -d bin/protoc
rm bin/protoc.zip
bin/protoc-gen-go:
@mkdir -p bin
curl -L https://github.com/protocolbuffers/protobuf-go/releases/download/v${PROTOC_GEN_GO_VERSION}/protoc-gen-go.v${PROTOC_GEN_GO_VERSION}.$(shell uname | tr A-Z a-z).amd64.tar.gz | tar -zOxf - protoc-gen-go > ./bin/protoc-gen-go
@chmod +x ./bin/protoc-gen-go
bin/protoc-gen-go-grpc:
@mkdir -p bin
curl -L https://github.com/grpc/grpc-go/releases/download/cmd/protoc-gen-go-grpc/v${PROTOC_GEN_GO_GRPC_VERSION}/protoc-gen-go-grpc.v${PROTOC_GEN_GO_GRPC_VERSION}.$(shell uname | tr A-Z a-z).amd64.tar.gz | tar -zOxf - ./protoc-gen-go-grpc > ./bin/protoc-gen-go-grpc
@chmod +x ./bin/protoc-gen-go-grpc
##@ Verify
verify: generate ## Verify that all the code was generated and committed to repository.
@git diff --exit-code
.PHONY: verify-proto
verify-proto: generate-proto ## Verify that the Dex client's protobuf code was generated.
@git diff --exit-code
.PHONY: verify-proto
verify-proto-internal: generate-proto-internal ## Verify internal protobuf code for token encoding was generated.
@git diff --exit-code
.PHONY: verify-ent
verify-ent: generate-ent ## Verify code for database ORM was generated.
@git diff --exit-code
.PHONY: verify-go-mod
verify-go-mod: go-mod-tidy ## Check that go.mod and go.sum formatted according to the changes.
@git diff --exit-code
##@ Test and Lint
deps: bin/gotestsum bin/golangci-lint bin/protoc bin/protoc-gen-go bin/protoc-gen-go-grpc bin/kind ## Install dev dependencies.
# Detect if we're running in GitHub Actions
ifdef GITHUB_ACTIONS
GOTESTSUM_FORMAT = github-actions
else
GOTESTSUM_FORMAT = testname
GOTESTSUM_FORMAT_ICONS = hivis
endif
.PHONY: test testrace testall
test: bin/gotestsum ## Test go code.
ifdef GOTESTSUM_FORMAT_ICONS
@gotestsum --format $(GOTESTSUM_FORMAT) --format-icons $(GOTESTSUM_FORMAT_ICONS) -- -v ./...
else
@gotestsum --format $(GOTESTSUM_FORMAT) -- -v ./...
endif
testrace: bin/gotestsum ## Test go code and check for possible race conditions.
ifdef GOTESTSUM_FORMAT_ICONS
@gotestsum --format $(GOTESTSUM_FORMAT) --format-icons $(GOTESTSUM_FORMAT_ICONS) -- -v --race ./...
else
@gotestsum --format $(GOTESTSUM_FORMAT) -- -v --race ./...
endif
testall: testrace ## Run all tests for go code.
.PHONY: lint
lint: ## Run linter.
@golangci-lint version
@golangci-lint run
.PHONY: fix
fix: ## Fix lint violations.
@golangci-lint version
@golangci-lint fmt
docker-compose.override.yaml:
cp docker-compose.override.yaml.dist docker-compose.override.yaml
.PHONY: up
up: docker-compose.override.yaml ## Launch the development environment.
@ if [ docker-compose.override.yaml -ot docker-compose.override.yaml.dist ]; then diff -u docker-compose.override.yaml docker-compose.override.yaml.dist || (echo "!!! The distributed docker-compose.override.yaml example changed. Please update your file accordingly (or at least touch it). !!!" && false); fi
docker-compose up -d
.PHONY: down
down: clear ## Destroy the development environment.
docker-compose down --volumes --remove-orphans --rmi local
.PHONY: kind-up kind-down kind-tests
kind-up: ## Create a kind cluster.
@mkdir -p bin/test
@kind create cluster --image ${KIND_NODE_IMAGE} --kubeconfig ${KIND_TMP_DIR} --name dex-tests
kind-tests: export DEX_KUBERNETES_CONFIG_PATH=${KIND_TMP_DIR}
kind-tests: testall ## Run test on kind cluster (kind cluster must be created).
kind-down: ## Delete the kind cluster.
@kind delete cluster --name dex-tests
rm ${KIND_TMP_DIR}
bin/golangci-lint:
@mkdir -p bin
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | BINARY=golangci-lint bash -s -- v${GOLANGCI_VERSION}
bin/gotestsum:
@mkdir -p bin
curl -L https://github.com/gotestyourself/gotestsum/releases/download/v${GOTESTSUM_VERSION}/gotestsum_${GOTESTSUM_VERSION}_$(shell uname | tr A-Z a-z)_amd64.tar.gz | tar -zOxf - gotestsum > ./bin/gotestsum
@chmod +x ./bin/gotestsum
bin/kind:
@mkdir -p bin
curl -L https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-$(shell uname | tr A-Z a-z)-amd64 > ./bin/kind
@chmod +x ./bin/kind
##@ Clean
clean: ## Delete all builds and downloaded dependencies.
@rm -rf bin/
FORMATTING_BEGIN_YELLOW = \033[0;33m
FORMATTING_BEGIN_BLUE = \033[36m
FORMATTING_END = \033[0m
.PHONY: help
help:
@printf -- "${FORMATTING_BEGIN_BLUE}%s${FORMATTING_END}\n" \
"" \
" ___ " \
" / _ \_____ __ " \
" / // / -_) \ / " \
" /____/\__/_\_\ " \
"" \
"-----------------------" \
""
@awk 'BEGIN {\
FS = ":.*##"; \
printf "Usage: ${FORMATTING_BEGIN_BLUE}OPTION${FORMATTING_END}=<value> make ${FORMATTING_BEGIN_YELLOW}<target>${FORMATTING_END}\n"\
} \
/^[a-zA-Z0-9_-]+:.*?##/ { printf " ${FORMATTING_BEGIN_BLUE}%-46s${FORMATTING_END} %s\n", $$1, $$2 } \
/^.?.?##~/ { printf " %-46s${FORMATTING_BEGIN_YELLOW}%-46s${FORMATTING_END}\n", "", substr($$1, 6) } \
/^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
================================================
FILE: README.md
================================================
# dex - A federated OpenID Connect provider
[](https://api.securityscorecards.dev/projects/github.com/dexidp/dex)
[](https://goreportcard.com/report/github.com/dexidp/dex)
[](https://gitpod.io/#https://github.com/dexidp/dex)
Dex is an identity service that uses [OpenID Connect][openid-connect] to drive authentication for other apps.
Dex acts as a portal to other identity providers through ["connectors."](#connectors) This lets dex defer authentication to LDAP servers, SAML providers, or established identity providers like GitHub, Google, and Active Directory. Clients write their authentication logic once to talk to dex, then dex handles the protocols for a given backend.
## ID Tokens
ID Tokens are an OAuth2 extension introduced by OpenID Connect and dex's primary feature. ID Tokens are [JSON Web Tokens][jwt-io] (JWTs) signed by dex and returned as part of the OAuth2 response that attests to the end user's identity. An example JWT might look like:
```
eyJhbGciOiJSUzI1NiIsImtpZCI6IjlkNDQ3NDFmNzczYjkzOGNmNjVkZDMyNjY4NWI4NjE4MGMzMjRkOTkifQ.eyJpc3MiOiJodHRwOi8vMTI3LjAuMC4xOjU1NTYvZGV4Iiwic3ViIjoiQ2djeU16UXlOelE1RWdabmFYUm9kV0kiLCJhdWQiOiJleGFtcGxlLWFwcCIsImV4cCI6MTQ5Mjg4MjA0MiwiaWF0IjoxNDkyNzk1NjQyLCJhdF9oYXNoIjoiYmk5NmdPWFpTaHZsV1l0YWw5RXFpdyIsImVtYWlsIjoiZXJpYy5jaGlhbmdAY29yZW9zLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJncm91cHMiOlsiYWRtaW5zIiwiZGV2ZWxvcGVycyJdLCJuYW1lIjoiRXJpYyBDaGlhbmcifQ.OhROPq_0eP-zsQRjg87KZ4wGkjiQGnTi5QuG877AdJDb3R2ZCOk2Vkf5SdP8cPyb3VMqL32G4hLDayniiv8f1_ZXAde0sKrayfQ10XAXFgZl_P1yilkLdknxn6nbhDRVllpWcB12ki9vmAxklAr0B1C4kr5nI3-BZLrFcUR5sQbxwJj4oW1OuG6jJCNGHXGNTBTNEaM28eD-9nhfBeuBTzzO7BKwPsojjj4C9ogU4JQhGvm_l4yfVi0boSx8c0FX3JsiB0yLa1ZdJVWVl9m90XmbWRSD85pNDQHcWZP9hR6CMgbvGkZsgjG32qeRwUL_eNkNowSBNWLrGNPoON1gMg
```
ID Tokens contains standard claims assert which client app logged the user in, when the token expires, and the identity of the user.
```json
{
"iss": "http://127.0.0.1:5556/dex",
"sub": "CgcyMzQyNzQ5EgZnaXRodWI",
"aud": "example-app",
"exp": 1492882042,
"iat": 1492795642,
"at_hash": "bi96gOXZShvlWYtal9Eqiw",
"email": "jane.doe@coreos.com",
"email_verified": true,
"groups": [
"admins",
"developers"
],
"name": "Jane Doe"
}
```
Because these tokens are signed by dex and [contain standard-based claims][standard-claims] other services can consume them as service-to-service credentials. Systems that can already consume OpenID Connect ID Tokens issued by dex include:
* [Kubernetes][kubernetes]
* [AWS STS][aws-sts]
For details on how to request or validate an ID Token, see [_"Writing apps that use dex"_][using-dex].
## Kubernetes and Dex
Dex runs natively on top of any Kubernetes cluster using Custom Resource Definitions and can drive API server authentication through the OpenID Connect plugin. Clients, such as the [`kubernetes-dashboard`](https://github.com/kubernetes/dashboard) and `kubectl`, can act on behalf of users who can login to the cluster through any identity provider dex supports.
* More docs for running dex as a Kubernetes authenticator can be found [here](https://dexidp.io/docs/guides/kubernetes/).
* You can find more about companies and projects which use dex, [here](./ADOPTERS.md).
## Connectors
When a user logs in through dex, the user's identity is usually stored in another user-management system: a LDAP directory, a GitHub org, etc. Dex acts as a shim between a client app and the upstream identity provider. The client only needs to understand OpenID Connect to query dex, while dex implements an array of protocols for querying other user-management systems.
A "connector" is a strategy used by dex for authenticating a user against another identity provider. Dex implements connectors that target specific platforms such as GitHub, LinkedIn, and Microsoft as well as established protocols like LDAP and SAML.
Depending on the connectors limitations in protocols can prevent dex from issuing [refresh tokens][scopes] or returning [group membership][scopes] claims. For example, because SAML doesn't provide a non-interactive way to refresh assertions, if a user logs in through the SAML connector dex won't issue a refresh token to its client. Refresh token support is required for clients that require offline access, such as `kubectl`.
Dex implements the following connectors:
| Name | supports refresh tokens | supports groups claim | supports preferred_username claim | status | notes |
| ---- | ----------------------- | --------------------- | --------------------------------- | ------ | ----- |
| [LDAP](https://dexidp.io/docs/connectors/ldap/) | yes | yes | yes | stable | |
| [GitHub](https://dexidp.io/docs/connectors/github/) | yes | yes | yes | stable | |
| [SAML 2.0](https://dexidp.io/docs/connectors/saml/) | no | yes | no | stable | WARNING: Unmaintained and likely vulnerable to auth bypasses ([#1884](https://github.com/dexidp/dex/discussions/1884)) |
| [GitLab](https://dexidp.io/docs/connectors/gitlab/) | yes | yes | yes | beta | |
| [OpenID Connect](https://dexidp.io/docs/connectors/oidc/) | yes | yes | yes | beta | Includes Salesforce, Azure, etc. |
| [OAuth 2.0](https://dexidp.io/docs/connectors/oauth/) | no | yes | yes | alpha | |
| [Google](https://dexidp.io/docs/connectors/google/) | yes | yes | yes | alpha | |
| [LinkedIn](https://dexidp.io/docs/connectors/linkedin/) | yes | no | no | beta | |
| [Microsoft](https://dexidp.io/docs/connectors/microsoft/) | yes | yes | no | beta | |
| [AuthProxy](https://dexidp.io/docs/connectors/authproxy/) | no | yes | no | alpha | Authentication proxies such as Apache2 mod_auth, etc. |
| [Bitbucket Cloud](https://dexidp.io/docs/connectors/bitbucketcloud/) | yes | yes | no | alpha | |
| [OpenShift](https://dexidp.io/docs/connectors/openshift/) | yes | yes | no | alpha | |
| [Atlassian Crowd](https://dexidp.io/docs/connectors/atlassian-crowd/) | yes | yes | yes * | beta | preferred_username claim must be configured through config |
| [Gitea](https://dexidp.io/docs/connectors/gitea/) | yes | no | yes | beta | |
| [OpenStack Keystone](https://dexidp.io/docs/connectors/keystone/) | yes | yes | no | alpha | |
Stable, beta, and alpha are defined as:
* Stable: well tested, in active use, and will not change in backward incompatible ways.
* Beta: tested and unlikely to change in backward incompatible ways.
* Alpha: may be untested by core maintainers and is subject to change in backward incompatible ways.
All changes or deprecations of connector features will be announced in the [release notes][release-notes].
## Documentation
* [Getting started](https://dexidp.io/docs/getting-started/)
* [Intro to OpenID Connect](https://dexidp.io/docs/openid-connect/)
* [Writing apps that use dex][using-dex]
* [What's new in v2](https://dexidp.io/docs/archive/v2/)
* [Custom scopes, claims, and client features](https://dexidp.io/docs/custom-scopes-claims-clients/)
* [Storage options](https://dexidp.io/docs/storage/)
* [gRPC API](https://dexidp.io/docs/api/)
* [Using Kubernetes with dex](https://dexidp.io/docs/kubernetes/)
* Client libraries
* [Go][go-oidc]
## Reporting a vulnerability
Please see our [security policy](.github/SECURITY.md) for details about reporting vulnerabilities.
## Getting help
- For feature requests and bugs, file an [issue](https://github.com/dexidp/dex/issues).
- For general discussion about both using and developing Dex:
- join the [#dexidp](https://cloud-native.slack.com/messages/dexidp) on the CNCF Slack
- open a new [discussion](https://github.com/dexidp/dex/discussions)
- join the [dex-dev](https://groups.google.com/forum/#!forum/dex-dev) mailing list
[openid-connect]: https://openid.net/connect/
[standard-claims]: https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
[scopes]: https://dexidp.io/docs/custom-scopes-claims-clients/#scopes
[using-dex]: https://dexidp.io/docs/using-dex/
[jwt-io]: https://jwt.io/
[kubernetes]: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens
[aws-sts]: https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html
[go-oidc]: https://github.com/coreos/go-oidc
[issue-1065]: https://github.com/dexidp/dex/issues/1065
[release-notes]: https://github.com/dexidp/dex/releases
## Development
When all coding and testing is done, please run the test suite:
```shell
make testall
```
For the best developer experience, install [Nix](https://builtwithnix.org/) and [direnv](https://direnv.net/).
Alternatively, install Go and Docker manually or using a package manager. Install the rest of the dependencies by running `make deps`.
For release process, please read the [release documentation](https://dexidp.io/docs/development/releases/).
## License
The project is licensed under the [Apache License, Version 2.0](LICENSE).
================================================
FILE: api/api.pb.go
================================================
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.36.5
// protoc v5.29.3
// source: api/api.proto
package api
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
unsafe "unsafe"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
// Client represents an OAuth2 client.
type Client struct {
state protoimpl.MessageState `protogen:"open.v1"`
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Secret string `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
RedirectUris []string `protobuf:"bytes,3,rep,name=redirect_uris,json=redirectUris,proto3" json:"redirect_uris,omitempty"`
TrustedPeers []string `protobuf:"bytes,4,rep,name=trusted_peers,json=trustedPeers,proto3" json:"trusted_peers,omitempty"`
Public bool `protobuf:"varint,5,opt,name=public,proto3" json:"public,omitempty"`
Name string `protobuf:"bytes,6,opt,name=name,proto3" json:"name,omitempty"`
LogoUrl string `protobuf:"bytes,7,opt,name=logo_url,json=logoUrl,proto3" json:"logo_url,omitempty"`
AllowedConnectors []string `protobuf:"bytes,8,rep,name=allowed_connectors,json=allowedConnectors,proto3" json:"allowed_connectors,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *Client) Reset() {
*x = Client{}
mi := &file_api_api_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *Client) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*Client) ProtoMessage() {}
func (x *Client) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[0]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use Client.ProtoReflect.Descriptor instead.
func (*Client) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{0}
}
func (x *Client) GetId() string {
if x != nil {
return x.Id
}
return ""
}
func (x *Client) GetSecret() string {
if x != nil {
return x.Secret
}
return ""
}
func (x *Client) GetRedirectUris() []string {
if x != nil {
return x.RedirectUris
}
return nil
}
func (x *Client) GetTrustedPeers() []string {
if x != nil {
return x.TrustedPeers
}
return nil
}
func (x *Client) GetPublic() bool {
if x != nil {
return x.Public
}
return false
}
func (x *Client) GetName() string {
if x != nil {
return x.Name
}
return ""
}
func (x *Client) GetLogoUrl() string {
if x != nil {
return x.LogoUrl
}
return ""
}
func (x *Client) GetAllowedConnectors() []string {
if x != nil {
return x.AllowedConnectors
}
return nil
}
// CreateClientReq is a request to make a client.
type CreateClientReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
Client *Client `protobuf:"bytes,1,opt,name=client,proto3" json:"client,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *CreateClientReq) Reset() {
*x = CreateClientReq{}
mi := &file_api_api_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *CreateClientReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*CreateClientReq) ProtoMessage() {}
func (x *CreateClientReq) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[1]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use CreateClientReq.ProtoReflect.Descriptor instead.
func (*CreateClientReq) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{1}
}
func (x *CreateClientReq) GetClient() *Client {
if x != nil {
return x.Client
}
return nil
}
// CreateClientResp returns the response from creating a client.
type CreateClientResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
AlreadyExists bool `protobuf:"varint,1,opt,name=already_exists,json=alreadyExists,proto3" json:"already_exists,omitempty"`
Client *Client `protobuf:"bytes,2,opt,name=client,proto3" json:"client,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *CreateClientResp) Reset() {
*x = CreateClientResp{}
mi := &file_api_api_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *CreateClientResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*CreateClientResp) ProtoMessage() {}
func (x *CreateClientResp) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[2]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use CreateClientResp.ProtoReflect.Descriptor instead.
func (*CreateClientResp) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{2}
}
func (x *CreateClientResp) GetAlreadyExists() bool {
if x != nil {
return x.AlreadyExists
}
return false
}
func (x *CreateClientResp) GetClient() *Client {
if x != nil {
return x.Client
}
return nil
}
// DeleteClientReq is a request to delete a client.
type DeleteClientReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
// The ID of the client.
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *DeleteClientReq) Reset() {
*x = DeleteClientReq{}
mi := &file_api_api_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *DeleteClientReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*DeleteClientReq) ProtoMessage() {}
func (x *DeleteClientReq) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[3]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use DeleteClientReq.ProtoReflect.Descriptor instead.
func (*DeleteClientReq) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{3}
}
func (x *DeleteClientReq) GetId() string {
if x != nil {
return x.Id
}
return ""
}
// DeleteClientResp determines if the client is deleted successfully.
type DeleteClientResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
NotFound bool `protobuf:"varint,1,opt,name=not_found,json=notFound,proto3" json:"not_found,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *DeleteClientResp) Reset() {
*x = DeleteClientResp{}
mi := &file_api_api_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *DeleteClientResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*DeleteClientResp) ProtoMessage() {}
func (x *DeleteClientResp) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[4]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use DeleteClientResp.ProtoReflect.Descriptor instead.
func (*DeleteClientResp) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{4}
}
func (x *DeleteClientResp) GetNotFound() bool {
if x != nil {
return x.NotFound
}
return false
}
// UpdateClientReq is a request to update an existing client.
type UpdateClientReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
RedirectUris []string `protobuf:"bytes,2,rep,name=redirect_uris,json=redirectUris,proto3" json:"redirect_uris,omitempty"`
TrustedPeers []string `protobuf:"bytes,3,rep,name=trusted_peers,json=trustedPeers,proto3" json:"trusted_peers,omitempty"`
Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"`
LogoUrl string `protobuf:"bytes,5,opt,name=logo_url,json=logoUrl,proto3" json:"logo_url,omitempty"`
AllowedConnectors []string `protobuf:"bytes,6,rep,name=allowed_connectors,json=allowedConnectors,proto3" json:"allowed_connectors,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *UpdateClientReq) Reset() {
*x = UpdateClientReq{}
mi := &file_api_api_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *UpdateClientReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*UpdateClientReq) ProtoMessage() {}
func (x *UpdateClientReq) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[5]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use UpdateClientReq.ProtoReflect.Descriptor instead.
func (*UpdateClientReq) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{5}
}
func (x *UpdateClientReq) GetId() string {
if x != nil {
return x.Id
}
return ""
}
func (x *UpdateClientReq) GetRedirectUris() []string {
if x != nil {
return x.RedirectUris
}
return nil
}
func (x *UpdateClientReq) GetTrustedPeers() []string {
if x != nil {
return x.TrustedPeers
}
return nil
}
func (x *UpdateClientReq) GetName() string {
if x != nil {
return x.Name
}
return ""
}
func (x *UpdateClientReq) GetLogoUrl() string {
if x != nil {
return x.LogoUrl
}
return ""
}
func (x *UpdateClientReq) GetAllowedConnectors() []string {
if x != nil {
return x.AllowedConnectors
}
return nil
}
// UpdateClientResp returns the response from updating a client.
type UpdateClientResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
NotFound bool `protobuf:"varint,1,opt,name=not_found,json=notFound,proto3" json:"not_found,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *UpdateClientResp) Reset() {
*x = UpdateClientResp{}
mi := &file_api_api_proto_msgTypes[6]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *UpdateClientResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*UpdateClientResp) ProtoMessage() {}
func (x *UpdateClientResp) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[6]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use UpdateClientResp.ProtoReflect.Descriptor instead.
func (*UpdateClientResp) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{6}
}
func (x *UpdateClientResp) GetNotFound() bool {
if x != nil {
return x.NotFound
}
return false
}
// Password is an email for password mapping managed by the storage.
type Password struct {
state protoimpl.MessageState `protogen:"open.v1"`
Email string `protobuf:"bytes,1,opt,name=email,proto3" json:"email,omitempty"`
// Currently we do not accept plain text passwords. Could be an option in the future.
Hash []byte `protobuf:"bytes,2,opt,name=hash,proto3" json:"hash,omitempty"`
Username string `protobuf:"bytes,3,opt,name=username,proto3" json:"username,omitempty"`
UserId string `protobuf:"bytes,4,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *Password) Reset() {
*x = Password{}
mi := &file_api_api_proto_msgTypes[7]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *Password) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*Password) ProtoMessage() {}
func (x *Password) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[7]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use Password.ProtoReflect.Descriptor instead.
func (*Password) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{7}
}
func (x *Password) GetEmail() string {
if x != nil {
return x.Email
}
return ""
}
func (x *Password) GetHash() []byte {
if x != nil {
return x.Hash
}
return nil
}
func (x *Password) GetUsername() string {
if x != nil {
return x.Username
}
return ""
}
func (x *Password) GetUserId() string {
if x != nil {
return x.UserId
}
return ""
}
// CreatePasswordReq is a request to make a password.
type CreatePasswordReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
Password *Password `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *CreatePasswordReq) Reset() {
*x = CreatePasswordReq{}
mi := &file_api_api_proto_msgTypes[8]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *CreatePasswordReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*CreatePasswordReq) ProtoMessage() {}
func (x *CreatePasswordReq) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[8]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use CreatePasswordReq.ProtoReflect.Descriptor instead.
func (*CreatePasswordReq) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{8}
}
func (x *CreatePasswordReq) GetPassword() *Password {
if x != nil {
return x.Password
}
return nil
}
// CreatePasswordResp returns the response from creating a password.
type CreatePasswordResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
AlreadyExists bool `protobuf:"varint,1,opt,name=already_exists,json=alreadyExists,proto3" json:"already_exists,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *CreatePasswordResp) Reset() {
*x = CreatePasswordResp{}
mi := &file_api_api_proto_msgTypes[9]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *CreatePasswordResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*CreatePasswordResp) ProtoMessage() {}
func (x *CreatePasswordResp) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[9]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use CreatePasswordResp.ProtoReflect.Descriptor instead.
func (*CreatePasswordResp) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{9}
}
func (x *CreatePasswordResp) GetAlreadyExists() bool {
if x != nil {
return x.AlreadyExists
}
return false
}
// UpdatePasswordReq is a request to modify an existing password.
type UpdatePasswordReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
// The email used to lookup the password. This field cannot be modified
Email string `protobuf:"bytes,1,opt,name=email,proto3" json:"email,omitempty"`
NewHash []byte `protobuf:"bytes,2,opt,name=new_hash,json=newHash,proto3" json:"new_hash,omitempty"`
NewUsername string `protobuf:"bytes,3,opt,name=new_username,json=newUsername,proto3" json:"new_username,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *UpdatePasswordReq) Reset() {
*x = UpdatePasswordReq{}
mi := &file_api_api_proto_msgTypes[10]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *UpdatePasswordReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*UpdatePasswordReq) ProtoMessage() {}
func (x *UpdatePasswordReq) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[10]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use UpdatePasswordReq.ProtoReflect.Descriptor instead.
func (*UpdatePasswordReq) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{10}
}
func (x *UpdatePasswordReq) GetEmail() string {
if x != nil {
return x.Email
}
return ""
}
func (x *UpdatePasswordReq) GetNewHash() []byte {
if x != nil {
return x.NewHash
}
return nil
}
func (x *UpdatePasswordReq) GetNewUsername() string {
if x != nil {
return x.NewUsername
}
return ""
}
// UpdatePasswordResp returns the response from modifying an existing password.
type UpdatePasswordResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
NotFound bool `protobuf:"varint,1,opt,name=not_found,json=notFound,proto3" json:"not_found,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *UpdatePasswordResp) Reset() {
*x = UpdatePasswordResp{}
mi := &file_api_api_proto_msgTypes[11]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *UpdatePasswordResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*UpdatePasswordResp) ProtoMessage() {}
func (x *UpdatePasswordResp) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[11]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use UpdatePasswordResp.ProtoReflect.Descriptor instead.
func (*UpdatePasswordResp) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{11}
}
func (x *UpdatePasswordResp) GetNotFound() bool {
if x != nil {
return x.NotFound
}
return false
}
// DeletePasswordReq is a request to delete a password.
type DeletePasswordReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
Email string `protobuf:"bytes,1,opt,name=email,proto3" json:"email,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *DeletePasswordReq) Reset() {
*x = DeletePasswordReq{}
mi := &file_api_api_proto_msgTypes[12]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *DeletePasswordReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*DeletePasswordReq) ProtoMessage() {}
func (x *DeletePasswordReq) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[12]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use DeletePasswordReq.ProtoReflect.Descriptor instead.
func (*DeletePasswordReq) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{12}
}
func (x *DeletePasswordReq) GetEmail() string {
if x != nil {
return x.Email
}
return ""
}
// DeletePasswordResp returns the response from deleting a password.
type DeletePasswordResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
NotFound bool `protobuf:"varint,1,opt,name=not_found,json=notFound,proto3" json:"not_found,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *DeletePasswordResp) Reset() {
*x = DeletePasswordResp{}
mi := &file_api_api_proto_msgTypes[13]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *DeletePasswordResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*DeletePasswordResp) ProtoMessage() {}
func (x *DeletePasswordResp) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[13]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use DeletePasswordResp.ProtoReflect.Descriptor instead.
func (*DeletePasswordResp) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{13}
}
func (x *DeletePasswordResp) GetNotFound() bool {
if x != nil {
return x.NotFound
}
return false
}
// ListPasswordReq is a request to enumerate passwords.
type ListPasswordReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ListPasswordReq) Reset() {
*x = ListPasswordReq{}
mi := &file_api_api_proto_msgTypes[14]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ListPasswordReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ListPasswordReq) ProtoMessage() {}
func (x *ListPasswordReq) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[14]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ListPasswordReq.ProtoReflect.Descriptor instead.
func (*ListPasswordReq) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{14}
}
// ListPasswordResp returns a list of passwords.
type ListPasswordResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
Passwords []*Password `protobuf:"bytes,1,rep,name=passwords,proto3" json:"passwords,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ListPasswordResp) Reset() {
*x = ListPasswordResp{}
mi := &file_api_api_proto_msgTypes[15]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ListPasswordResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ListPasswordResp) ProtoMessage() {}
func (x *ListPasswordResp) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[15]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ListPasswordResp.ProtoReflect.Descriptor instead.
func (*ListPasswordResp) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{15}
}
func (x *ListPasswordResp) GetPasswords() []*Password {
if x != nil {
return x.Passwords
}
return nil
}
// VersionReq is a request to fetch version info.
type VersionReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *VersionReq) Reset() {
*x = VersionReq{}
mi := &file_api_api_proto_msgTypes[16]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *VersionReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*VersionReq) ProtoMessage() {}
func (x *VersionReq) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[16]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use VersionReq.ProtoReflect.Descriptor instead.
func (*VersionReq) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{16}
}
// VersionResp holds the version info of components.
type VersionResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
// Semantic version of the server.
Server string `protobuf:"bytes,1,opt,name=server,proto3" json:"server,omitempty"`
// Numeric version of the API. It increases every time a new call is added to the API.
// Clients should use this info to determine if the server supports specific features.
Api int32 `protobuf:"varint,2,opt,name=api,proto3" json:"api,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *VersionResp) Reset() {
*x = VersionResp{}
mi := &file_api_api_proto_msgTypes[17]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *VersionResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*VersionResp) ProtoMessage() {}
func (x *VersionResp) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[17]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use VersionResp.ProtoReflect.Descriptor instead.
func (*VersionResp) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{17}
}
func (x *VersionResp) GetServer() string {
if x != nil {
return x.Server
}
return ""
}
func (x *VersionResp) GetApi() int32 {
if x != nil {
return x.Api
}
return 0
}
// RefreshTokenRef contains the metadata for a refresh token that is managed by the storage.
type RefreshTokenRef struct {
state protoimpl.MessageState `protogen:"open.v1"`
// ID of the refresh token.
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
ClientId string `protobuf:"bytes,2,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
CreatedAt int64 `protobuf:"varint,5,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
LastUsed int64 `protobuf:"varint,6,opt,name=last_used,json=lastUsed,proto3" json:"last_used,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RefreshTokenRef) Reset() {
*x = RefreshTokenRef{}
mi := &file_api_api_proto_msgTypes[18]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RefreshTokenRef) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RefreshTokenRef) ProtoMessage() {}
func (x *RefreshTokenRef) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[18]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RefreshTokenRef.ProtoReflect.Descriptor instead.
func (*RefreshTokenRef) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{18}
}
func (x *RefreshTokenRef) GetId() string {
if x != nil {
return x.Id
}
return ""
}
func (x *RefreshTokenRef) GetClientId() string {
if x != nil {
return x.ClientId
}
return ""
}
func (x *RefreshTokenRef) GetCreatedAt() int64 {
if x != nil {
return x.CreatedAt
}
return 0
}
func (x *RefreshTokenRef) GetLastUsed() int64 {
if x != nil {
return x.LastUsed
}
return 0
}
// ListRefreshReq is a request to enumerate the refresh tokens of a user.
type ListRefreshReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
// The "sub" claim returned in the ID Token.
UserId string `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ListRefreshReq) Reset() {
*x = ListRefreshReq{}
mi := &file_api_api_proto_msgTypes[19]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ListRefreshReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ListRefreshReq) ProtoMessage() {}
func (x *ListRefreshReq) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[19]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ListRefreshReq.ProtoReflect.Descriptor instead.
func (*ListRefreshReq) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{19}
}
func (x *ListRefreshReq) GetUserId() string {
if x != nil {
return x.UserId
}
return ""
}
// ListRefreshResp returns a list of refresh tokens for a user.
type ListRefreshResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
RefreshTokens []*RefreshTokenRef `protobuf:"bytes,1,rep,name=refresh_tokens,json=refreshTokens,proto3" json:"refresh_tokens,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ListRefreshResp) Reset() {
*x = ListRefreshResp{}
mi := &file_api_api_proto_msgTypes[20]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ListRefreshResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ListRefreshResp) ProtoMessage() {}
func (x *ListRefreshResp) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[20]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ListRefreshResp.ProtoReflect.Descriptor instead.
func (*ListRefreshResp) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{20}
}
func (x *ListRefreshResp) GetRefreshTokens() []*RefreshTokenRef {
if x != nil {
return x.RefreshTokens
}
return nil
}
// RevokeRefreshReq is a request to revoke the refresh token of the user-client pair.
type RevokeRefreshReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
// The "sub" claim returned in the ID Token.
UserId string `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
ClientId string `protobuf:"bytes,2,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RevokeRefreshReq) Reset() {
*x = RevokeRefreshReq{}
mi := &file_api_api_proto_msgTypes[21]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RevokeRefreshReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RevokeRefreshReq) ProtoMessage() {}
func (x *RevokeRefreshReq) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[21]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RevokeRefreshReq.ProtoReflect.Descriptor instead.
func (*RevokeRefreshReq) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{21}
}
func (x *RevokeRefreshReq) GetUserId() string {
if x != nil {
return x.UserId
}
return ""
}
func (x *RevokeRefreshReq) GetClientId() string {
if x != nil {
return x.ClientId
}
return ""
}
// RevokeRefreshResp determines if the refresh token is revoked successfully.
type RevokeRefreshResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
// Set to true is refresh token was not found and token could not be revoked.
NotFound bool `protobuf:"varint,1,opt,name=not_found,json=notFound,proto3" json:"not_found,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RevokeRefreshResp) Reset() {
*x = RevokeRefreshResp{}
mi := &file_api_api_proto_msgTypes[22]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RevokeRefreshResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RevokeRefreshResp) ProtoMessage() {}
func (x *RevokeRefreshResp) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[22]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RevokeRefreshResp.ProtoReflect.Descriptor instead.
func (*RevokeRefreshResp) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{22}
}
func (x *RevokeRefreshResp) GetNotFound() bool {
if x != nil {
return x.NotFound
}
return false
}
type VerifyPasswordReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
Email string `protobuf:"bytes,1,opt,name=email,proto3" json:"email,omitempty"`
Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *VerifyPasswordReq) Reset() {
*x = VerifyPasswordReq{}
mi := &file_api_api_proto_msgTypes[23]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *VerifyPasswordReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*VerifyPasswordReq) ProtoMessage() {}
func (x *VerifyPasswordReq) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[23]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use VerifyPasswordReq.ProtoReflect.Descriptor instead.
func (*VerifyPasswordReq) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{23}
}
func (x *VerifyPasswordReq) GetEmail() string {
if x != nil {
return x.Email
}
return ""
}
func (x *VerifyPasswordReq) GetPassword() string {
if x != nil {
return x.Password
}
return ""
}
type VerifyPasswordResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
Verified bool `protobuf:"varint,1,opt,name=verified,proto3" json:"verified,omitempty"`
NotFound bool `protobuf:"varint,2,opt,name=not_found,json=notFound,proto3" json:"not_found,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *VerifyPasswordResp) Reset() {
*x = VerifyPasswordResp{}
mi := &file_api_api_proto_msgTypes[24]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *VerifyPasswordResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*VerifyPasswordResp) ProtoMessage() {}
func (x *VerifyPasswordResp) ProtoReflect() protoreflect.Message {
mi := &file_api_api_proto_msgTypes[24]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use VerifyPasswordResp.ProtoReflect.Descriptor instead.
func (*VerifyPasswordResp) Descriptor() ([]byte, []int) {
return file_api_api_proto_rawDescGZIP(), []int{24}
}
func (x *VerifyPasswordResp) GetVerified() bool {
if x != nil {
return x.Verified
}
return false
}
func (x *VerifyPasswordResp) GetNotFound() bool {
if x != nil {
return x.NotFound
}
return false
}
var File_api_api_proto protoreflect.FileDescriptor
var file_api_api_proto_rawDesc = string([]byte{
0x0a, 0x0d, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x70, 0x69, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
0x03, 0x61, 0x70, 0x69, 0x22, 0xf0, 0x01, 0x0a, 0x06, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12,
0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12,
0x16, 0x0a, 0x06, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
0x06, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x64, 0x69, 0x72,
0x65, 0x63, 0x74, 0x5f, 0x75, 0x72, 0x69, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c,
0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x55, 0x72, 0x69, 0x73, 0x12, 0x23, 0x0a, 0x0d,
0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20,
0x03, 0x28, 0x09, 0x52, 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x50, 0x65, 0x65, 0x72,
0x73, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x18, 0x05, 0x20, 0x01, 0x28,
0x08, 0x52, 0x06, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x19, 0x0a,
0x08, 0x6c, 0x6f, 0x67, 0x6f, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52,
0x07, 0x6c, 0x6f, 0x67, 0x6f, 0x55, 0x72, 0x6c, 0x12, 0x2d, 0x0a, 0x12, 0x61, 0x6c, 0x6c, 0x6f,
0x77, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x18, 0x08,
0x20, 0x03, 0x28, 0x09, 0x52, 0x11, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x43, 0x6f, 0x6e,
0x6e, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x22, 0x36, 0x0a, 0x0f, 0x43, 0x72, 0x65, 0x61, 0x74,
0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x12, 0x23, 0x0a, 0x06, 0x63, 0x6c,
0x69, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x61, 0x70, 0x69,
0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x52, 0x06, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x22,
0x5e, 0x0a, 0x10, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x52,
0x65, 0x73, 0x70, 0x12, 0x25, 0x0a, 0x0e, 0x61, 0x6c, 0x72, 0x65, 0x61, 0x64, 0x79, 0x5f, 0x65,
0x78, 0x69, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x61, 0x6c, 0x72,
0x65, 0x61, 0x64, 0x79, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x23, 0x0a, 0x06, 0x63, 0x6c,
0x69, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x61, 0x70, 0x69,
0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x52, 0x06, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x22,
0x21, 0x0a, 0x0f, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x52,
0x65, 0x71, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02,
0x69, 0x64, 0x22, 0x2f, 0x0a, 0x10, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x43, 0x6c, 0x69, 0x65,
0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x6f, 0x74, 0x5f, 0x66, 0x6f,
0x75, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6e, 0x6f, 0x74, 0x46, 0x6f,
0x75, 0x6e, 0x64, 0x22, 0xc9, 0x01, 0x0a, 0x0f, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x6c,
0x69, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20,
0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x64, 0x69, 0x72,
0x65, 0x63, 0x74, 0x5f, 0x75, 0x72, 0x69, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c,
0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x55, 0x72, 0x69, 0x73, 0x12, 0x23, 0x0a, 0x0d,
0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20,
0x03, 0x28, 0x09, 0x52, 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x50, 0x65, 0x65, 0x72,
0x73, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x6f, 0x5f, 0x75, 0x72,
0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x6f, 0x55, 0x72, 0x6c,
0x12, 0x2d, 0x0a, 0x12, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e,
0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x11, 0x61, 0x6c,
0x6c, 0x6f, 0x77, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x22,
0x2f, 0x0a, 0x10, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x52,
0x65, 0x73, 0x70, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x6f, 0x74, 0x5f, 0x66, 0x6f, 0x75, 0x6e, 0x64,
0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6e, 0x6f, 0x74, 0x46, 0x6f, 0x75, 0x6e, 0x64,
0x22, 0x69, 0x0a, 0x08, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x14, 0x0a, 0x05,
0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x6d, 0x61,
0x69, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c,
0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61,
0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61,
0x6d, 0x65, 0x12, 0x17, 0x0a, 0x07, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20,
0x01, 0x28, 0x09, 0x52, 0x06, 0x75, 0x73, 0x65, 0x72, 0x49, 0x64, 0x22, 0x3e, 0x0a, 0x11, 0x43,
0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x71,
0x12, 0x29, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x01, 0x20, 0x01,
0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72,
0x64, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x22, 0x3b, 0x0a, 0x12, 0x43,
0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x73,
0x70, 0x12, 0x25, 0x0a, 0x0e, 0x61, 0x6c, 0x72, 0x65, 0x61, 0x64, 0x79, 0x5f, 0x65, 0x78, 0x69,
0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x61, 0x6c, 0x72, 0x65, 0x61,
0x64, 0x79, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x67, 0x0a, 0x11, 0x55, 0x70, 0x64, 0x61,
0x74, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x71, 0x12, 0x14, 0x0a,
0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x6d,
0x61, 0x69, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x6e, 0x65, 0x77, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18,
0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x6e, 0x65, 0x77, 0x48, 0x61, 0x73, 0x68, 0x12, 0x21,
0x0a, 0x0c, 0x6e, 0x65, 0x77, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03,
0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6e, 0x65, 0x77, 0x55, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d,
0x65, 0x22, 0x31, 0x0a, 0x12, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77,
0x6f, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x6f, 0x74, 0x5f, 0x66,
0x6f, 0x75, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6e, 0x6f, 0x74, 0x46,
0x6f, 0x75, 0x6e, 0x64, 0x22, 0x29, 0x0a, 0x11, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x61,
0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x71, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x6d, 0x61,
0x69, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x22,
0x31, 0x0a, 0x12, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72,
0x64, 0x52, 0x65, 0x73, 0x70, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x6f, 0x74, 0x5f, 0x66, 0x6f, 0x75,
0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6e, 0x6f, 0x74, 0x46, 0x6f, 0x75,
0x6e, 0x64, 0x22, 0x11, 0x0a, 0x0f, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f,
0x72, 0x64, 0x52, 0x65, 0x71, 0x22, 0x3f, 0x0a, 0x10, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x61, 0x73,
0x73, 0x77, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, 0x12, 0x2b, 0x0a, 0x09, 0x70, 0x61, 0x73,
0x73, 0x77, 0x6f, 0x72, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x61,
0x70, 0x69, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x52, 0x09, 0x70, 0x61, 0x73,
0x73, 0x77, 0x6f, 0x72, 0x64, 0x73, 0x22, 0x0c, 0x0a, 0x0a, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
0x6e, 0x52, 0x65, 0x71, 0x22, 0x37, 0x0a, 0x0b, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52,
0x65, 0x73, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20,
0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x61,
0x70, 0x69, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x61, 0x70, 0x69, 0x22, 0x7a, 0x0a,
0x0f, 0x52, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x66,
0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64,
0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20,
0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x1d, 0x0a,
0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28,
0x03, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x1b, 0x0a, 0x09,
0x6c, 0x61, 0x73, 0x74, 0x5f, 0x75, 0x73, 0x65, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52,
0x08, 0x6c, 0x61, 0x73, 0x74, 0x55, 0x73, 0x65, 0x64, 0x22, 0x29, 0x0a, 0x0e, 0x4c, 0x69, 0x73,
0x74, 0x52, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x52, 0x65, 0x71, 0x12, 0x17, 0x0a, 0x07, 0x75,
0x73, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x75, 0x73,
0x65, 0x72, 0x49, 0x64, 0x22, 0x4e, 0x0a, 0x0f, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x66, 0x72,
0x65, 0x73, 0x68, 0x52, 0x65, 0x73, 0x70, 0x12, 0x3b, 0x0a, 0x0e, 0x72, 0x65, 0x66, 0x72, 0x65,
0x73, 0x68, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
0x14, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x52, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x54, 0x6f, 0x6b,
0x65, 0x6e, 0x52, 0x65, 0x66, 0x52, 0x0d, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x54, 0x6f,
0x6b, 0x65, 0x6e, 0x73, 0x22, 0x48, 0x0a, 0x10, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x52, 0x65,
0x66, 0x72, 0x65, 0x73, 0x68, 0x52, 0x65, 0x71, 0x12, 0x17, 0x0a, 0x07, 0x75, 0x73, 0x65, 0x72,
0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x75, 0x73, 0x65, 0x72, 0x49,
0x64, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02,
0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x22, 0x30,
0x0a, 0x11, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x52, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x52,
0x65, 0x73, 0x70, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x6f, 0x74, 0x5f, 0x66, 0x6f, 0x75, 0x6e, 0x64,
0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6e, 0x6f, 0x74, 0x46, 0x6f, 0x75, 0x6e, 0x64,
0x22, 0x45, 0x0a, 0x11, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f,
0x72, 0x64, 0x52, 0x65, 0x71, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x01,
0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x70,
0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70,
0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x22, 0x4d, 0x0a, 0x12, 0x56, 0x65, 0x72, 0x69, 0x66,
0x79, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, 0x12, 0x1a, 0x0a,
0x08, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52,
0x08, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x6f, 0x74,
0x5f, 0x66, 0x6f, 0x75, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6e, 0x6f,
0x74, 0x46, 0x6f, 0x75, 0x6e, 0x64, 0x32, 0xc7, 0x05, 0x0a, 0x03, 0x44, 0x65, 0x78, 0x12, 0x3d,
0x0a, 0x0c, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x14,
0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e,
0x74, 0x52, 0x65, 0x71, 0x1a, 0x15, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74,
0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x22, 0x00, 0x12, 0x3d, 0x0a,
0x0c, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x2e,
0x61, 0x70, 0x69, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74,
0x52, 0x65, 0x71, 0x1a, 0x15, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x22, 0x00, 0x12, 0x3d, 0x0a, 0x0c,
0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x2e, 0x61,
0x70, 0x69, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x52,
0x65, 0x71, 0x1a, 0x15, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x43,
0x6c, 0x69, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x22, 0x00, 0x12, 0x43, 0x0a, 0x0e, 0x43,
0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x16, 0x2e,
0x61, 0x70, 0x69, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f,
0x72, 0x64, 0x52, 0x65, 0x71, 0x1a, 0x17, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x72, 0x65, 0x61,
0x74, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, 0x22, 0x00,
0x12, 0x43, 0x0a, 0x0e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f,
0x72, 0x64, 0x12, 0x16, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50,
0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x71, 0x1a, 0x17, 0x2e, 0x61, 0x70, 0x69,
0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x52,
0x65, 0x73, 0x70, 0x22, 0x00, 0x12, 0x43, 0x0a, 0x0e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50,
0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x16, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x65,
0x6c, 0x65, 0x74, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x71, 0x1a,
0x17, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x61, 0x73, 0x73,
0x77, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x0d, 0x4c, 0x69,
0x73, 0x74, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x73, 0x12, 0x14, 0x2e, 0x61, 0x70,
0x69, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x52, 0x65,
0x71, 0x1a, 0x15, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x61, 0x73, 0x73,
0x77, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x0a, 0x47, 0x65,
0x74, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x0f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x56,
0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x1a, 0x10, 0x2e, 0x61, 0x70, 0x69, 0x2e,
0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x22, 0x00, 0x12, 0x3a, 0x0a,
0x0b, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x12, 0x13, 0x2e, 0x61,
0x70, 0x69, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x52, 0x65,
0x71, 0x1a, 0x14, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x66, 0x72,
0x65, 0x73, 0x68, 0x52, 0x65, 0x73, 0x70, 0x22, 0x00, 0x12, 0x40, 0x0a, 0x0d, 0x52, 0x65, 0x76,
0x6f, 0x6b, 0x65, 0x52, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x12, 0x15, 0x2e, 0x61, 0x70, 0x69,
0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x52, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x52, 0x65,
0x71, 0x1a, 0x16, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x52, 0x65,
0x66, 0x72, 0x65, 0x73, 0x68, 0x52, 0x65, 0x73, 0x70, 0x22, 0x00, 0x12, 0x43, 0x0a, 0x0e, 0x56,
0x65, 0x72, 0x69, 0x66, 0x79, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x16, 0x2e,
0x61, 0x70, 0x69, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f,
0x72, 0x64, 0x52, 0x65, 0x71, 0x1a, 0x17, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x56, 0x65, 0x72, 0x69,
0x66, 0x79, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, 0x22, 0x00,
0x42, 0x2f, 0x0a, 0x12, 0x63, 0x6f, 0x6d, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x6f, 0x73, 0x2e, 0x64,
0x65, 0x78, 0x2e, 0x61, 0x70, 0x69, 0x5a, 0x19, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63,
0x6f, 0x6d, 0x2f, 0x64, 0x65, 0x78, 0x69, 0x64, 0x70, 0x2f, 0x64, 0x65, 0x78, 0x2f, 0x61, 0x70,
0x69, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
})
var (
file_api_api_proto_rawDescOnce sync.Once
file_api_api_proto_rawDescData []byte
)
func file_api_api_proto_rawDescGZIP() []byte {
file_api_api_proto_rawDescOnce.Do(func() {
file_api_api_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_api_api_proto_rawDesc), len(file_api_api_proto_rawDesc)))
})
return file_api_api_proto_rawDescData
}
var file_api_api_proto_msgTypes = make([]protoimpl.MessageInfo, 25)
var file_api_api_proto_goTypes = []any{
(*Client)(nil), // 0: api.Client
(*CreateClientReq)(nil), // 1: api.CreateClientReq
(*CreateClientResp)(nil), // 2: api.CreateClientResp
(*DeleteClientReq)(nil), // 3: api.DeleteClientReq
(*DeleteClientResp)(nil), // 4: api.DeleteClientResp
(*UpdateClientReq)(nil), // 5: api.UpdateClientReq
(*UpdateClientResp)(nil), // 6: api.UpdateClientResp
(*Password)(nil), // 7: api.Password
(*CreatePasswordReq)(nil), // 8: api.CreatePasswordReq
(*CreatePasswordResp)(nil), // 9: api.CreatePasswordResp
(*UpdatePasswordReq)(nil), // 10: api.UpdatePasswordReq
(*UpdatePasswordResp)(nil), // 11: api.UpdatePasswordResp
(*DeletePasswordReq)(nil), // 12: api.DeletePasswordReq
(*DeletePasswordResp)(nil), // 13: api.DeletePasswordResp
(*ListPasswordReq)(nil), // 14: api.ListPasswordReq
(*ListPasswordResp)(nil), // 15: api.ListPasswordResp
(*VersionReq)(nil), // 16: api.VersionReq
(*VersionResp)(nil), // 17: api.VersionResp
(*RefreshTokenRef)(nil), // 18: api.RefreshTokenRef
(*ListRefreshReq)(nil), // 19: api.ListRefreshReq
(*ListRefreshResp)(nil), // 20: api.ListRefreshResp
(*RevokeRefreshReq)(nil), // 21: api.RevokeRefreshReq
(*RevokeRefreshResp)(nil), // 22: api.RevokeRefreshResp
(*VerifyPasswordReq)(nil), // 23: api.VerifyPasswordReq
(*VerifyPasswordResp)(nil), // 24: api.VerifyPasswordResp
}
var file_api_api_proto_depIdxs = []int32{
0, // 0: api.CreateClientReq.client:type_name -> api.Client
0, // 1: api.CreateClientResp.client:type_name -> api.Client
7, // 2: api.CreatePasswordReq.password:type_name -> api.Password
7, // 3: api.ListPasswordResp.passwords:type_name -> api.Password
18, // 4: api.ListRefreshResp.refresh_tokens:type_name -> api.RefreshTokenRef
1, // 5: api.Dex.CreateClient:input_type -> api.CreateClientReq
5, // 6: api.Dex.UpdateClient:input_type -> api.UpdateClientReq
3, // 7: api.Dex.DeleteClient:input_type -> api.DeleteClientReq
8, // 8: api.Dex.CreatePassword:input_type -> api.CreatePasswordReq
10, // 9: api.Dex.UpdatePassword:input_type -> api.UpdatePasswordReq
12, // 10: api.Dex.DeletePassword:input_type -> api.DeletePasswordReq
14, // 11: api.Dex.ListPasswords:input_type -> api.ListPasswordReq
16, // 12: api.Dex.GetVersion:input_type -> api.VersionReq
19, // 13: api.Dex.ListRefresh:input_type -> api.ListRefreshReq
21, // 14: api.Dex.RevokeRefresh:input_type -> api.RevokeRefreshReq
23, // 15: api.Dex.VerifyPassword:input_type -> api.VerifyPasswordReq
2, // 16: api.Dex.CreateClient:output_type -> api.CreateClientResp
6, // 17: api.Dex.UpdateClient:output_type -> api.UpdateClientResp
4, // 18: api.Dex.DeleteClient:output_type -> api.DeleteClientResp
9, // 19: api.Dex.CreatePassword:output_type -> api.CreatePasswordResp
11, // 20: api.Dex.UpdatePassword:output_type -> api.UpdatePasswordResp
13, // 21: api.Dex.DeletePassword:output_type -> api.DeletePasswordResp
15, // 22: api.Dex.ListPasswords:output_type -> api.ListPasswordResp
17, // 23: api.Dex.GetVersion:output_type -> api.VersionResp
20, // 24: api.Dex.ListRefresh:output_type -> api.ListRefreshResp
22, // 25: api.Dex.RevokeRefresh:output_type -> api.RevokeRefreshResp
24, // 26: api.Dex.VerifyPassword:output_type -> api.VerifyPasswordResp
16, // [16:27] is the sub-list for method output_type
5, // [5:16] is the sub-list for method input_type
5, // [5:5] is the sub-list for extension type_name
5, // [5:5] is the sub-list for extension extendee
0, // [0:5] is the sub-list for field type_name
}
func init() { file_api_api_proto_init() }
func file_api_api_proto_init() {
if File_api_api_proto != nil {
return
}
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: unsafe.Slice(unsafe.StringData(file_api_api_proto_rawDesc), len(file_api_api_proto_rawDesc)),
NumEnums: 0,
NumMessages: 25,
NumExtensions: 0,
NumServices: 1,
},
GoTypes: file_api_api_proto_goTypes,
DependencyIndexes: file_api_api_proto_depIdxs,
MessageInfos: file_api_api_proto_msgTypes,
}.Build()
File_api_api_proto = out.File
file_api_api_proto_goTypes = nil
file_api_api_proto_depIdxs = nil
}
================================================
FILE: api/api.proto
================================================
syntax = "proto3";
package api;
option java_package = "com.coreos.dex.api";
option go_package = "github.com/dexidp/dex/api";
// Client represents an OAuth2 client.
message Client {
string id = 1;
string secret = 2;
repeated string redirect_uris = 3;
repeated string trusted_peers = 4;
bool public = 5;
string name = 6;
string logo_url = 7;
repeated string allowed_connectors = 8;
}
// CreateClientReq is a request to make a client.
message CreateClientReq {
Client client = 1;
}
// CreateClientResp returns the response from creating a client.
message CreateClientResp {
bool already_exists = 1;
Client client = 2;
}
// DeleteClientReq is a request to delete a client.
message DeleteClientReq {
// The ID of the client.
string id = 1;
}
// DeleteClientResp determines if the client is deleted successfully.
message DeleteClientResp {
bool not_found = 1;
}
// UpdateClientReq is a request to update an existing client.
message UpdateClientReq {
string id = 1;
repeated string redirect_uris = 2;
repeated string trusted_peers = 3;
string name = 4;
string logo_url = 5;
repeated string allowed_connectors = 6;
}
// UpdateClientResp returns the response from updating a client.
message UpdateClientResp {
bool not_found = 1;
}
// TODO(ericchiang): expand this.
// Password is an email for password mapping managed by the storage.
message Password {
string email = 1;
// Currently we do not accept plain text passwords. Could be an option in the future.
bytes hash = 2;
string username = 3;
string user_id = 4;
}
// CreatePasswordReq is a request to make a password.
message CreatePasswordReq {
Password password = 1;
}
// CreatePasswordResp returns the response from creating a password.
message CreatePasswordResp {
bool already_exists = 1;
}
// UpdatePasswordReq is a request to modify an existing password.
message UpdatePasswordReq {
// The email used to lookup the password. This field cannot be modified
string email = 1;
bytes new_hash = 2;
string new_username = 3;
}
// UpdatePasswordResp returns the response from modifying an existing password.
message UpdatePasswordResp {
bool not_found = 1;
}
// DeletePasswordReq is a request to delete a password.
message DeletePasswordReq {
string email = 1;
}
// DeletePasswordResp returns the response from deleting a password.
message DeletePasswordResp {
bool not_found = 1;
}
// ListPasswordReq is a request to enumerate passwords.
message ListPasswordReq {}
// ListPasswordResp returns a list of passwords.
message ListPasswordResp {
repeated Password passwords = 1;
}
// VersionReq is a request to fetch version info.
message VersionReq {}
// VersionResp holds the version info of components.
message VersionResp {
// Semantic version of the server.
string server = 1;
// Numeric version of the API. It increases every time a new call is added to the API.
// Clients should use this info to determine if the server supports specific features.
int32 api = 2;
}
// RefreshTokenRef contains the metadata for a refresh token that is managed by the storage.
message RefreshTokenRef {
// ID of the refresh token.
string id = 1;
string client_id = 2;
int64 created_at = 5;
int64 last_used = 6;
}
// ListRefreshReq is a request to enumerate the refresh tokens of a user.
message ListRefreshReq {
// The "sub" claim returned in the ID Token.
string user_id = 1;
}
// ListRefreshResp returns a list of refresh tokens for a user.
message ListRefreshResp {
repeated RefreshTokenRef refresh_tokens = 1;
}
// RevokeRefreshReq is a request to revoke the refresh token of the user-client pair.
message RevokeRefreshReq {
// The "sub" claim returned in the ID Token.
string user_id = 1;
string client_id = 2;
}
// RevokeRefreshResp determines if the refresh token is revoked successfully.
message RevokeRefreshResp {
// Set to true is refresh token was not found and token could not be revoked.
bool not_found = 1;
}
message VerifyPasswordReq {
string email = 1;
string password = 2;
}
message VerifyPasswordResp {
bool verified = 1;
bool not_found = 2;
}
// Dex represents the dex gRPC service.
service Dex {
// CreateClient creates a client.
rpc CreateClient(CreateClientReq) returns (CreateClientResp) {};
// UpdateClient updates an existing client
rpc UpdateClient(UpdateClientReq) returns (UpdateClientResp) {};
// DeleteClient deletes the provided client.
rpc DeleteClient(DeleteClientReq) returns (DeleteClientResp) {};
// CreatePassword creates a password.
rpc CreatePassword(CreatePasswordReq) returns (CreatePasswordResp) {};
// UpdatePassword modifies existing password.
rpc UpdatePassword(UpdatePasswordReq) returns (UpdatePasswordResp) {};
// DeletePassword deletes the password.
rpc DeletePassword(DeletePasswordReq) returns (DeletePasswordResp) {};
// ListPassword lists all password entries.
rpc ListPasswords(ListPasswordReq) returns (ListPasswordResp) {};
// GetVersion returns version information of the server.
rpc GetVersion(VersionReq) returns (VersionResp) {};
// ListRefresh lists all the refresh token entries for a particular user.
rpc ListRefresh(ListRefreshReq) returns (ListRefreshResp) {};
// RevokeRefresh revokes the refresh token for the provided user-client pair.
//
// Note that each user-client pair can have only one refresh token at a time.
rpc RevokeRefresh(RevokeRefreshReq) returns (RevokeRefreshResp) {};
// VerifyPassword returns whether a password matches a hash for a specific email or not.
rpc VerifyPassword(VerifyPasswordReq) returns (VerifyPasswordResp) {};
}
================================================
FILE: api/api_grpc.pb.go
================================================
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
// - protoc-gen-go-grpc v1.5.1
// - protoc v5.29.3
// source: api/api.proto
package api
import (
context "context"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
)
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
// Requires gRPC-Go v1.64.0 or later.
const _ = grpc.SupportPackageIsVersion9
const (
Dex_CreateClient_FullMethodName = "/api.Dex/CreateClient"
Dex_UpdateClient_FullMethodName = "/api.Dex/UpdateClient"
Dex_DeleteClient_FullMethodName = "/api.Dex/DeleteClient"
Dex_CreatePassword_FullMethodName = "/api.Dex/CreatePassword"
Dex_UpdatePassword_FullMethodName = "/api.Dex/UpdatePassword"
Dex_DeletePassword_FullMethodName = "/api.Dex/DeletePassword"
Dex_ListPasswords_FullMethodName = "/api.Dex/ListPasswords"
Dex_GetVersion_FullMethodName = "/api.Dex/GetVersion"
Dex_ListRefresh_FullMethodName = "/api.Dex/ListRefresh"
Dex_RevokeRefresh_FullMethodName = "/api.Dex/RevokeRefresh"
Dex_VerifyPassword_FullMethodName = "/api.Dex/VerifyPassword"
)
// DexClient is the client API for Dex service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
//
// Dex represents the dex gRPC service.
type DexClient interface {
// CreateClient creates a client.
CreateClient(ctx context.Context, in *CreateClientReq, opts ...grpc.CallOption) (*CreateClientResp, error)
// UpdateClient updates an existing client
UpdateClient(ctx context.Context, in *UpdateClientReq, opts ...grpc.CallOption) (*UpdateClientResp, error)
// DeleteClient deletes the provided client.
DeleteClient(ctx context.Context, in *DeleteClientReq, opts ...grpc.CallOption) (*DeleteClientResp, error)
// CreatePassword creates a password.
CreatePassword(ctx context.Context, in *CreatePasswordReq, opts ...grpc.CallOption) (*CreatePasswordResp, error)
// UpdatePassword modifies existing password.
UpdatePassword(ctx context.Context, in *UpdatePasswordReq, opts ...grpc.CallOption) (*UpdatePasswordResp, error)
// DeletePassword deletes the password.
DeletePassword(ctx context.Context, in *DeletePasswordReq, opts ...grpc.CallOption) (*DeletePasswordResp, error)
// ListPassword lists all password entries.
ListPasswords(ctx context.Context, in *ListPasswordReq, opts ...grpc.CallOption) (*ListPasswordResp, error)
// GetVersion returns version information of the server.
GetVersion(ctx context.Context, in *VersionReq, opts ...grpc.CallOption) (*VersionResp, error)
// ListRefresh lists all the refresh token entries for a particular user.
ListRefresh(ctx context.Context, in *ListRefreshReq, opts ...grpc.CallOption) (*ListRefreshResp, error)
// RevokeRefresh revokes the refresh token for the provided user-client pair.
//
// Note that each user-client pair can have only one refresh token at a time.
RevokeRefresh(ctx context.Context, in *RevokeRefreshReq, opts ...grpc.CallOption) (*RevokeRefreshResp, error)
// VerifyPassword returns whether a password matches a hash for a specific email or not.
VerifyPassword(ctx context.Context, in *VerifyPasswordReq, opts ...grpc.CallOption) (*VerifyPasswordResp, error)
}
type dexClient struct {
cc grpc.ClientConnInterface
}
func NewDexClient(cc grpc.ClientConnInterface) DexClient {
return &dexClient{cc}
}
func (c *dexClient) CreateClient(ctx context.Context, in *CreateClientReq, opts ...grpc.CallOption) (*CreateClientResp, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(CreateClientResp)
err := c.cc.Invoke(ctx, Dex_CreateClient_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *dexClient) UpdateClient(ctx context.Context, in *UpdateClientReq, opts ...grpc.CallOption) (*UpdateClientResp, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(UpdateClientResp)
err := c.cc.Invoke(ctx, Dex_UpdateClient_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *dexClient) DeleteClient(ctx context.Context, in *DeleteClientReq, opts ...grpc.CallOption) (*DeleteClientResp, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(DeleteClientResp)
err := c.cc.Invoke(ctx, Dex_DeleteClient_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *dexClient) CreatePassword(ctx context.Context, in *CreatePasswordReq, opts ...grpc.CallOption) (*CreatePasswordResp, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(CreatePasswordResp)
err := c.cc.Invoke(ctx, Dex_CreatePassword_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *dexClient) UpdatePassword(ctx context.Context, in *UpdatePasswordReq, opts ...grpc.CallOption) (*UpdatePasswordResp, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(UpdatePasswordResp)
err := c.cc.Invoke(ctx, Dex_UpdatePassword_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *dexClient) DeletePassword(ctx context.Context, in *DeletePasswordReq, opts ...grpc.CallOption) (*DeletePasswordResp, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(DeletePasswordResp)
err := c.cc.Invoke(ctx, Dex_DeletePassword_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *dexClient) ListPasswords(ctx context.Context, in *ListPasswordReq, opts ...grpc.CallOption) (*ListPasswordResp, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(ListPasswordResp)
err := c.cc.Invoke(ctx, Dex_ListPasswords_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *dexClient) GetVersion(ctx context.Context, in *VersionReq, opts ...grpc.CallOption) (*VersionResp, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(VersionResp)
err := c.cc.Invoke(ctx, Dex_GetVersion_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *dexClient) ListRefresh(ctx context.Context, in *ListRefreshReq, opts ...grpc.CallOption) (*ListRefreshResp, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(ListRefreshResp)
err := c.cc.Invoke(ctx, Dex_ListRefresh_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *dexClient) RevokeRefresh(ctx context.Context, in *RevokeRefreshReq, opts ...grpc.CallOption) (*RevokeRefreshResp, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(RevokeRefreshResp)
err := c.cc.Invoke(ctx, Dex_RevokeRefresh_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *dexClient) VerifyPassword(ctx context.Context, in *VerifyPasswordReq, opts ...grpc.CallOption) (*VerifyPasswordResp, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(VerifyPasswordResp)
err := c.cc.Invoke(ctx, Dex_VerifyPassword_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
// DexServer is the server API for Dex service.
// All implementations must embed UnimplementedDexServer
// for forward compatibility.
//
// Dex represents the dex gRPC service.
type DexServer interface {
// CreateClient creates a client.
CreateClient(context.Context, *CreateClientReq) (*CreateClientResp, error)
// UpdateClient updates an existing client
UpdateClient(context.Context, *UpdateClientReq) (*UpdateClientResp, error)
// DeleteClient deletes the provided client.
DeleteClient(context.Context, *DeleteClientReq) (*DeleteClientResp, error)
// CreatePassword creates a password.
CreatePassword(context.Context, *CreatePasswordReq) (*CreatePasswordResp, error)
// UpdatePassword modifies existing password.
UpdatePassword(context.Context, *UpdatePasswordReq) (*UpdatePasswordResp, error)
// DeletePassword deletes the password.
DeletePassword(context.Context, *DeletePasswordReq) (*DeletePasswordResp, error)
// ListPassword lists all password entries.
ListPasswords(context.Context, *ListPasswordReq) (*ListPasswordResp, error)
// GetVersion returns version information of the server.
GetVersion(context.Context, *VersionReq) (*VersionResp, error)
// ListRefresh lists all the refresh token entries for a particular user.
ListRefresh(context.Context, *ListRefreshReq) (*ListRefreshResp, error)
// RevokeRefresh revokes the refresh token for the provided user-client pair.
//
// Note that each user-client pair can have only one refresh token at a time.
RevokeRefresh(context.Context, *RevokeRefreshReq) (*RevokeRefreshResp, error)
// VerifyPassword returns whether a password matches a hash for a specific email or not.
VerifyPassword(context.Context, *VerifyPasswordReq) (*VerifyPasswordResp, error)
mustEmbedUnimplementedDexServer()
}
// UnimplementedDexServer must be embedded to have
// forward compatible implementations.
//
// NOTE: this should be embedded by value instead of pointer to avoid a nil
// pointer dereference when methods are called.
type UnimplementedDexServer struct{}
func (UnimplementedDexServer) CreateClient(context.Context, *CreateClientReq) (*CreateClientResp, error) {
return nil, status.Errorf(codes.Unimplemented, "method CreateClient not implemented")
}
func (UnimplementedDexServer) UpdateClient(context.Context, *UpdateClientReq) (*UpdateClientResp, error) {
return nil, status.Errorf(codes.Unimplemented, "method UpdateClient not implemented")
}
func (UnimplementedDexServer) DeleteClient(context.Context, *DeleteClientReq) (*DeleteClientResp, error) {
return nil, status.Errorf(codes.Unimplemented, "method DeleteClient not implemented")
}
func (UnimplementedDexServer) CreatePassword(context.Context, *CreatePasswordReq) (*CreatePasswordResp, error) {
return nil, status.Errorf(codes.Unimplemented, "method CreatePassword not implemented")
}
func (UnimplementedDexServer) UpdatePassword(context.Context, *UpdatePasswordReq) (*UpdatePasswordResp, error) {
return nil, status.Errorf(codes.Unimplemented, "method UpdatePassword not implemented")
}
func (UnimplementedDexServer) DeletePassword(context.Context, *DeletePasswordReq) (*DeletePasswordResp, error) {
return nil, status.Errorf(codes.Unimplemented, "method DeletePassword not implemented")
}
func (UnimplementedDexServer) ListPasswords(context.Context, *ListPasswordReq) (*ListPasswordResp, error) {
return nil, status.Errorf(codes.Unimplemented, "method ListPasswords not implemented")
}
func (UnimplementedDexServer) GetVersion(context.Context, *VersionReq) (*VersionResp, error) {
return nil, status.Errorf(codes.Unimplemented, "method GetVersion not implemented")
}
func (UnimplementedDexServer) ListRefresh(context.Context, *ListRefreshReq) (*ListRefreshResp, error) {
return nil, status.Errorf(codes.Unimplemented, "method ListRefresh not implemented")
}
func (UnimplementedDexServer) RevokeRefresh(context.Context, *RevokeRefreshReq) (*RevokeRefreshResp, error) {
return nil, status.Errorf(codes.Unimplemented, "method RevokeRefresh not implemented")
}
func (UnimplementedDexServer) VerifyPassword(context.Context, *VerifyPasswordReq) (*VerifyPasswordResp, error) {
return nil, status.Errorf(codes.Unimplemented, "method VerifyPassword not implemented")
}
func (UnimplementedDexServer) mustEmbedUnimplementedDexServer() {}
func (UnimplementedDexServer) testEmbeddedByValue() {}
// UnsafeDexServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to DexServer will
// result in compilation errors.
type UnsafeDexServer interface {
mustEmbedUnimplementedDexServer()
}
func RegisterDexServer(s grpc.ServiceRegistrar, srv DexServer) {
// If the following call pancis, it indicates UnimplementedDexServer was
// embedded by pointer and is nil. This will cause panics if an
// unimplemented method is ever invoked, so we test this at initialization
// time to prevent it from happening at runtime later due to I/O.
if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
t.testEmbeddedByValue()
}
s.RegisterService(&Dex_ServiceDesc, srv)
}
func _Dex_CreateClient_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(CreateClientReq)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(DexServer).CreateClient(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: Dex_CreateClient_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(DexServer).CreateClient(ctx, req.(*CreateClientReq))
}
return interceptor(ctx, in, info, handler)
}
func _Dex_UpdateClient_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(UpdateClientReq)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(DexServer).UpdateClient(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: Dex_UpdateClient_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(DexServer).UpdateClient(ctx, req.(*UpdateClientReq))
}
return interceptor(ctx, in, info, handler)
}
func _Dex_DeleteClient_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(DeleteClientReq)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(DexServer).DeleteClient(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: Dex_DeleteClient_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(DexServer).DeleteClient(ctx, req.(*DeleteClientReq))
}
return interceptor(ctx, in, info, handler)
}
func _Dex_CreatePassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(CreatePasswordReq)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(DexServer).CreatePassword(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: Dex_CreatePassword_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(DexServer).CreatePassword(ctx, req.(*CreatePasswordReq))
}
return interceptor(ctx, in, info, handler)
}
func _Dex_UpdatePassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(UpdatePasswordReq)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(DexServer).UpdatePassword(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: Dex_UpdatePassword_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(DexServer).UpdatePassword(ctx, req.(*UpdatePasswordReq))
}
return interceptor(ctx, in, info, handler)
}
func _Dex_DeletePassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(DeletePasswordReq)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(DexServer).DeletePassword(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: Dex_DeletePassword_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(DexServer).DeletePassword(ctx, req.(*DeletePasswordReq))
}
return interceptor(ctx, in, info, handler)
}
func _Dex_ListPasswords_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(ListPasswordReq)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(DexServer).ListPasswords(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: Dex_ListPasswords_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(DexServer).ListPasswords(ctx, req.(*ListPasswordReq))
}
return interceptor(ctx, in, info, handler)
}
func _Dex_GetVersion_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(VersionReq)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(DexServer).GetVersion(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: Dex_GetVersion_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(DexServer).GetVersion(ctx, req.(*VersionReq))
}
return interceptor(ctx, in, info, handler)
}
func _Dex_ListRefresh_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(ListRefreshReq)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(DexServer).ListRefresh(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: Dex_ListRefresh_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(DexServer).ListRefresh(ctx, req.(*ListRefreshReq))
}
return interceptor(ctx, in, info, handler)
}
func _Dex_RevokeRefresh_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(RevokeRefreshReq)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(DexServer).RevokeRefresh(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: Dex_RevokeRefresh_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(DexServer).RevokeRefresh(ctx, req.(*RevokeRefreshReq))
}
return interceptor(ctx, in, info, handler)
}
func _Dex_VerifyPassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(VerifyPasswordReq)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(DexServer).VerifyPassword(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: Dex_VerifyPassword_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(DexServer).VerifyPassword(ctx, req.(*VerifyPasswordReq))
}
return interceptor(ctx, in, info, handler)
}
// Dex_ServiceDesc is the grpc.ServiceDesc for Dex service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
var Dex_ServiceDesc = grpc.ServiceDesc{
ServiceName: "api.Dex",
HandlerType: (*DexServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "CreateClient",
Handler: _Dex_CreateClient_Handler,
},
{
MethodName: "UpdateClient",
Handler: _Dex_UpdateClient_Handler,
},
{
MethodName: "DeleteClient",
Handler: _Dex_DeleteClient_Handler,
},
{
MethodName: "CreatePassword",
Handler: _Dex_CreatePassword_Handler,
},
{
MethodName: "UpdatePassword",
Handler: _Dex_UpdatePassword_Handler,
},
{
MethodName: "DeletePassword",
Handler: _Dex_DeletePassword_Handler,
},
{
MethodName: "ListPasswords",
Handler: _Dex_ListPasswords_Handler,
},
{
MethodName: "GetVersion",
Handler: _Dex_GetVersion_Handler,
},
{
MethodName: "ListRefresh",
Handler: _Dex_ListRefresh_Handler,
},
{
MethodName: "RevokeRefresh",
Handler: _Dex_RevokeRefresh_Handler,
},
{
MethodName: "VerifyPassword",
Handler: _Dex_VerifyPassword_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "api/api.proto",
}
================================================
FILE: api/v2/api.pb.go
================================================
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.36.5
// protoc v5.29.3
// source: api/v2/api.proto
package api
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
unsafe "unsafe"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
// Client represents an OAuth2 client.
type Client struct {
state protoimpl.MessageState `protogen:"open.v1"`
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Secret string `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
RedirectUris []string `protobuf:"bytes,3,rep,name=redirect_uris,json=redirectUris,proto3" json:"redirect_uris,omitempty"`
TrustedPeers []string `protobuf:"bytes,4,rep,name=trusted_peers,json=trustedPeers,proto3" json:"trusted_peers,omitempty"`
Public bool `protobuf:"varint,5,opt,name=public,proto3" json:"public,omitempty"`
Name string `protobuf:"bytes,6,opt,name=name,proto3" json:"name,omitempty"`
LogoUrl string `protobuf:"bytes,7,opt,name=logo_url,json=logoUrl,proto3" json:"logo_url,omitempty"`
AllowedConnectors []string `protobuf:"bytes,8,rep,name=allowed_connectors,json=allowedConnectors,proto3" json:"allowed_connectors,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *Client) Reset() {
*x = Client{}
mi := &file_api_v2_api_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *Client) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*Client) ProtoMessage() {}
func (x *Client) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[0]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use Client.ProtoReflect.Descriptor instead.
func (*Client) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{0}
}
func (x *Client) GetId() string {
if x != nil {
return x.Id
}
return ""
}
func (x *Client) GetSecret() string {
if x != nil {
return x.Secret
}
return ""
}
func (x *Client) GetRedirectUris() []string {
if x != nil {
return x.RedirectUris
}
return nil
}
func (x *Client) GetTrustedPeers() []string {
if x != nil {
return x.TrustedPeers
}
return nil
}
func (x *Client) GetPublic() bool {
if x != nil {
return x.Public
}
return false
}
func (x *Client) GetName() string {
if x != nil {
return x.Name
}
return ""
}
func (x *Client) GetLogoUrl() string {
if x != nil {
return x.LogoUrl
}
return ""
}
func (x *Client) GetAllowedConnectors() []string {
if x != nil {
return x.AllowedConnectors
}
return nil
}
// ClientInfo represents an OAuth2 client without sensitive information.
type ClientInfo struct {
state protoimpl.MessageState `protogen:"open.v1"`
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
RedirectUris []string `protobuf:"bytes,2,rep,name=redirect_uris,json=redirectUris,proto3" json:"redirect_uris,omitempty"`
TrustedPeers []string `protobuf:"bytes,3,rep,name=trusted_peers,json=trustedPeers,proto3" json:"trusted_peers,omitempty"`
Public bool `protobuf:"varint,4,opt,name=public,proto3" json:"public,omitempty"`
Name string `protobuf:"bytes,5,opt,name=name,proto3" json:"name,omitempty"`
LogoUrl string `protobuf:"bytes,6,opt,name=logo_url,json=logoUrl,proto3" json:"logo_url,omitempty"`
AllowedConnectors []string `protobuf:"bytes,7,rep,name=allowed_connectors,json=allowedConnectors,proto3" json:"allowed_connectors,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ClientInfo) Reset() {
*x = ClientInfo{}
mi := &file_api_v2_api_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ClientInfo) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ClientInfo) ProtoMessage() {}
func (x *ClientInfo) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[1]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ClientInfo.ProtoReflect.Descriptor instead.
func (*ClientInfo) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{1}
}
func (x *ClientInfo) GetId() string {
if x != nil {
return x.Id
}
return ""
}
func (x *ClientInfo) GetRedirectUris() []string {
if x != nil {
return x.RedirectUris
}
return nil
}
func (x *ClientInfo) GetTrustedPeers() []string {
if x != nil {
return x.TrustedPeers
}
return nil
}
func (x *ClientInfo) GetPublic() bool {
if x != nil {
return x.Public
}
return false
}
func (x *ClientInfo) GetName() string {
if x != nil {
return x.Name
}
return ""
}
func (x *ClientInfo) GetLogoUrl() string {
if x != nil {
return x.LogoUrl
}
return ""
}
func (x *ClientInfo) GetAllowedConnectors() []string {
if x != nil {
return x.AllowedConnectors
}
return nil
}
// GetClientReq is a request to retrieve client details.
type GetClientReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
// The ID of the client.
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetClientReq) Reset() {
*x = GetClientReq{}
mi := &file_api_v2_api_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetClientReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetClientReq) ProtoMessage() {}
func (x *GetClientReq) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[2]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetClientReq.ProtoReflect.Descriptor instead.
func (*GetClientReq) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{2}
}
func (x *GetClientReq) GetId() string {
if x != nil {
return x.Id
}
return ""
}
// GetClientResp returns the client details.
type GetClientResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
Client *Client `protobuf:"bytes,1,opt,name=client,proto3" json:"client,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetClientResp) Reset() {
*x = GetClientResp{}
mi := &file_api_v2_api_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetClientResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetClientResp) ProtoMessage() {}
func (x *GetClientResp) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[3]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetClientResp.ProtoReflect.Descriptor instead.
func (*GetClientResp) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{3}
}
func (x *GetClientResp) GetClient() *Client {
if x != nil {
return x.Client
}
return nil
}
// CreateClientReq is a request to make a client.
type CreateClientReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
Client *Client `protobuf:"bytes,1,opt,name=client,proto3" json:"client,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *CreateClientReq) Reset() {
*x = CreateClientReq{}
mi := &file_api_v2_api_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *CreateClientReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*CreateClientReq) ProtoMessage() {}
func (x *CreateClientReq) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[4]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use CreateClientReq.ProtoReflect.Descriptor instead.
func (*CreateClientReq) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{4}
}
func (x *CreateClientReq) GetClient() *Client {
if x != nil {
return x.Client
}
return nil
}
// CreateClientResp returns the response from creating a client.
type CreateClientResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
AlreadyExists bool `protobuf:"varint,1,opt,name=already_exists,json=alreadyExists,proto3" json:"already_exists,omitempty"`
Client *Client `protobuf:"bytes,2,opt,name=client,proto3" json:"client,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *CreateClientResp) Reset() {
*x = CreateClientResp{}
mi := &file_api_v2_api_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *CreateClientResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*CreateClientResp) ProtoMessage() {}
func (x *CreateClientResp) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[5]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use CreateClientResp.ProtoReflect.Descriptor instead.
func (*CreateClientResp) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{5}
}
func (x *CreateClientResp) GetAlreadyExists() bool {
if x != nil {
return x.AlreadyExists
}
return false
}
func (x *CreateClientResp) GetClient() *Client {
if x != nil {
return x.Client
}
return nil
}
// DeleteClientReq is a request to delete a client.
type DeleteClientReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
// The ID of the client.
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *DeleteClientReq) Reset() {
*x = DeleteClientReq{}
mi := &file_api_v2_api_proto_msgTypes[6]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *DeleteClientReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*DeleteClientReq) ProtoMessage() {}
func (x *DeleteClientReq) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[6]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use DeleteClientReq.ProtoReflect.Descriptor instead.
func (*DeleteClientReq) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{6}
}
func (x *DeleteClientReq) GetId() string {
if x != nil {
return x.Id
}
return ""
}
// DeleteClientResp determines if the client is deleted successfully.
type DeleteClientResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
NotFound bool `protobuf:"varint,1,opt,name=not_found,json=notFound,proto3" json:"not_found,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *DeleteClientResp) Reset() {
*x = DeleteClientResp{}
mi := &file_api_v2_api_proto_msgTypes[7]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *DeleteClientResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*DeleteClientResp) ProtoMessage() {}
func (x *DeleteClientResp) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[7]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use DeleteClientResp.ProtoReflect.Descriptor instead.
func (*DeleteClientResp) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{7}
}
func (x *DeleteClientResp) GetNotFound() bool {
if x != nil {
return x.NotFound
}
return false
}
// UpdateClientReq is a request to update an existing client.
type UpdateClientReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
RedirectUris []string `protobuf:"bytes,2,rep,name=redirect_uris,json=redirectUris,proto3" json:"redirect_uris,omitempty"`
TrustedPeers []string `protobuf:"bytes,3,rep,name=trusted_peers,json=trustedPeers,proto3" json:"trusted_peers,omitempty"`
Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"`
LogoUrl string `protobuf:"bytes,5,opt,name=logo_url,json=logoUrl,proto3" json:"logo_url,omitempty"`
AllowedConnectors []string `protobuf:"bytes,6,rep,name=allowed_connectors,json=allowedConnectors,proto3" json:"allowed_connectors,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *UpdateClientReq) Reset() {
*x = UpdateClientReq{}
mi := &file_api_v2_api_proto_msgTypes[8]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *UpdateClientReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*UpdateClientReq) ProtoMessage() {}
func (x *UpdateClientReq) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[8]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use UpdateClientReq.ProtoReflect.Descriptor instead.
func (*UpdateClientReq) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{8}
}
func (x *UpdateClientReq) GetId() string {
if x != nil {
return x.Id
}
return ""
}
func (x *UpdateClientReq) GetRedirectUris() []string {
if x != nil {
return x.RedirectUris
}
return nil
}
func (x *UpdateClientReq) GetTrustedPeers() []string {
if x != nil {
return x.TrustedPeers
}
return nil
}
func (x *UpdateClientReq) GetName() string {
if x != nil {
return x.Name
}
return ""
}
func (x *UpdateClientReq) GetLogoUrl() string {
if x != nil {
return x.LogoUrl
}
return ""
}
func (x *UpdateClientReq) GetAllowedConnectors() []string {
if x != nil {
return x.AllowedConnectors
}
return nil
}
// UpdateClientResp returns the response from updating a client.
type UpdateClientResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
NotFound bool `protobuf:"varint,1,opt,name=not_found,json=notFound,proto3" json:"not_found,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *UpdateClientResp) Reset() {
*x = UpdateClientResp{}
mi := &file_api_v2_api_proto_msgTypes[9]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *UpdateClientResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*UpdateClientResp) ProtoMessage() {}
func (x *UpdateClientResp) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[9]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use UpdateClientResp.ProtoReflect.Descriptor instead.
func (*UpdateClientResp) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{9}
}
func (x *UpdateClientResp) GetNotFound() bool {
if x != nil {
return x.NotFound
}
return false
}
// ListClientReq is a request to enumerate clients.
type ListClientReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ListClientReq) Reset() {
*x = ListClientReq{}
mi := &file_api_v2_api_proto_msgTypes[10]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ListClientReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ListClientReq) ProtoMessage() {}
func (x *ListClientReq) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[10]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ListClientReq.ProtoReflect.Descriptor instead.
func (*ListClientReq) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{10}
}
// ListClientResp returns a list of clients.
type ListClientResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
Clients []*ClientInfo `protobuf:"bytes,1,rep,name=clients,proto3" json:"clients,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ListClientResp) Reset() {
*x = ListClientResp{}
mi := &file_api_v2_api_proto_msgTypes[11]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ListClientResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ListClientResp) ProtoMessage() {}
func (x *ListClientResp) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[11]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ListClientResp.ProtoReflect.Descriptor instead.
func (*ListClientResp) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{11}
}
func (x *ListClientResp) GetClients() []*ClientInfo {
if x != nil {
return x.Clients
}
return nil
}
// Password is an email for password mapping managed by the storage.
type Password struct {
state protoimpl.MessageState `protogen:"open.v1"`
Email string `protobuf:"bytes,1,opt,name=email,proto3" json:"email,omitempty"`
// Currently we do not accept plain text passwords. Could be an option in the future.
Hash []byte `protobuf:"bytes,2,opt,name=hash,proto3" json:"hash,omitempty"`
Username string `protobuf:"bytes,3,opt,name=username,proto3" json:"username,omitempty"`
UserId string `protobuf:"bytes,4,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *Password) Reset() {
*x = Password{}
mi := &file_api_v2_api_proto_msgTypes[12]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *Password) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*Password) ProtoMessage() {}
func (x *Password) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[12]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use Password.ProtoReflect.Descriptor instead.
func (*Password) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{12}
}
func (x *Password) GetEmail() string {
if x != nil {
return x.Email
}
return ""
}
func (x *Password) GetHash() []byte {
if x != nil {
return x.Hash
}
return nil
}
func (x *Password) GetUsername() string {
if x != nil {
return x.Username
}
return ""
}
func (x *Password) GetUserId() string {
if x != nil {
return x.UserId
}
return ""
}
// CreatePasswordReq is a request to make a password.
type CreatePasswordReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
Password *Password `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *CreatePasswordReq) Reset() {
*x = CreatePasswordReq{}
mi := &file_api_v2_api_proto_msgTypes[13]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *CreatePasswordReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*CreatePasswordReq) ProtoMessage() {}
func (x *CreatePasswordReq) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[13]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use CreatePasswordReq.ProtoReflect.Descriptor instead.
func (*CreatePasswordReq) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{13}
}
func (x *CreatePasswordReq) GetPassword() *Password {
if x != nil {
return x.Password
}
return nil
}
// CreatePasswordResp returns the response from creating a password.
type CreatePasswordResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
AlreadyExists bool `protobuf:"varint,1,opt,name=already_exists,json=alreadyExists,proto3" json:"already_exists,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *CreatePasswordResp) Reset() {
*x = CreatePasswordResp{}
mi := &file_api_v2_api_proto_msgTypes[14]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *CreatePasswordResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*CreatePasswordResp) ProtoMessage() {}
func (x *CreatePasswordResp) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[14]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use CreatePasswordResp.ProtoReflect.Descriptor instead.
func (*CreatePasswordResp) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{14}
}
func (x *CreatePasswordResp) GetAlreadyExists() bool {
if x != nil {
return x.AlreadyExists
}
return false
}
// UpdatePasswordReq is a request to modify an existing password.
type UpdatePasswordReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
// The email used to lookup the password. This field cannot be modified
Email string `protobuf:"bytes,1,opt,name=email,proto3" json:"email,omitempty"`
NewHash []byte `protobuf:"bytes,2,opt,name=new_hash,json=newHash,proto3" json:"new_hash,omitempty"`
NewUsername string `protobuf:"bytes,3,opt,name=new_username,json=newUsername,proto3" json:"new_username,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *UpdatePasswordReq) Reset() {
*x = UpdatePasswordReq{}
mi := &file_api_v2_api_proto_msgTypes[15]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *UpdatePasswordReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*UpdatePasswordReq) ProtoMessage() {}
func (x *UpdatePasswordReq) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[15]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use UpdatePasswordReq.ProtoReflect.Descriptor instead.
func (*UpdatePasswordReq) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{15}
}
func (x *UpdatePasswordReq) GetEmail() string {
if x != nil {
return x.Email
}
return ""
}
func (x *UpdatePasswordReq) GetNewHash() []byte {
if x != nil {
return x.NewHash
}
return nil
}
func (x *UpdatePasswordReq) GetNewUsername() string {
if x != nil {
return x.NewUsername
}
return ""
}
// UpdatePasswordResp returns the response from modifying an existing password.
type UpdatePasswordResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
NotFound bool `protobuf:"varint,1,opt,name=not_found,json=notFound,proto3" json:"not_found,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *UpdatePasswordResp) Reset() {
*x = UpdatePasswordResp{}
mi := &file_api_v2_api_proto_msgTypes[16]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *UpdatePasswordResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*UpdatePasswordResp) ProtoMessage() {}
func (x *UpdatePasswordResp) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[16]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use UpdatePasswordResp.ProtoReflect.Descriptor instead.
func (*UpdatePasswordResp) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{16}
}
func (x *UpdatePasswordResp) GetNotFound() bool {
if x != nil {
return x.NotFound
}
return false
}
// DeletePasswordReq is a request to delete a password.
type DeletePasswordReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
Email string `protobuf:"bytes,1,opt,name=email,proto3" json:"email,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *DeletePasswordReq) Reset() {
*x = DeletePasswordReq{}
mi := &file_api_v2_api_proto_msgTypes[17]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *DeletePasswordReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*DeletePasswordReq) ProtoMessage() {}
func (x *DeletePasswordReq) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[17]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use DeletePasswordReq.ProtoReflect.Descriptor instead.
func (*DeletePasswordReq) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{17}
}
func (x *DeletePasswordReq) GetEmail() string {
if x != nil {
return x.Email
}
return ""
}
// DeletePasswordResp returns the response from deleting a password.
type DeletePasswordResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
NotFound bool `protobuf:"varint,1,opt,name=not_found,json=notFound,proto3" json:"not_found,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *DeletePasswordResp) Reset() {
*x = DeletePasswordResp{}
mi := &file_api_v2_api_proto_msgTypes[18]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *DeletePasswordResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*DeletePasswordResp) ProtoMessage() {}
func (x *DeletePasswordResp) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[18]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use DeletePasswordResp.ProtoReflect.Descriptor instead.
func (*DeletePasswordResp) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{18}
}
func (x *DeletePasswordResp) GetNotFound() bool {
if x != nil {
return x.NotFound
}
return false
}
// ListPasswordReq is a request to enumerate passwords.
type ListPasswordReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ListPasswordReq) Reset() {
*x = ListPasswordReq{}
mi := &file_api_v2_api_proto_msgTypes[19]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ListPasswordReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ListPasswordReq) ProtoMessage() {}
func (x *ListPasswordReq) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[19]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ListPasswordReq.ProtoReflect.Descriptor instead.
func (*ListPasswordReq) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{19}
}
// ListPasswordResp returns a list of passwords.
type ListPasswordResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
Passwords []*Password `protobuf:"bytes,1,rep,name=passwords,proto3" json:"passwords,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ListPasswordResp) Reset() {
*x = ListPasswordResp{}
mi := &file_api_v2_api_proto_msgTypes[20]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ListPasswordResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ListPasswordResp) ProtoMessage() {}
func (x *ListPasswordResp) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[20]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ListPasswordResp.ProtoReflect.Descriptor instead.
func (*ListPasswordResp) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{20}
}
func (x *ListPasswordResp) GetPasswords() []*Password {
if x != nil {
return x.Passwords
}
return nil
}
// Connector is a strategy used by Dex for authenticating a user against another identity provider
type Connector struct {
state protoimpl.MessageState `protogen:"open.v1"`
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
Config []byte `protobuf:"bytes,4,opt,name=config,proto3" json:"config,omitempty"`
GrantTypes []string `protobuf:"bytes,5,rep,name=grant_types,json=grantTypes,proto3" json:"grant_types,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *Connector) Reset() {
*x = Connector{}
mi := &file_api_v2_api_proto_msgTypes[21]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *Connector) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*Connector) ProtoMessage() {}
func (x *Connector) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[21]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use Connector.ProtoReflect.Descriptor instead.
func (*Connector) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{21}
}
func (x *Connector) GetId() string {
if x != nil {
return x.Id
}
return ""
}
func (x *Connector) GetType() string {
if x != nil {
return x.Type
}
return ""
}
func (x *Connector) GetName() string {
if x != nil {
return x.Name
}
return ""
}
func (x *Connector) GetConfig() []byte {
if x != nil {
return x.Config
}
return nil
}
func (x *Connector) GetGrantTypes() []string {
if x != nil {
return x.GrantTypes
}
return nil
}
// CreateConnectorReq is a request to make a connector.
type CreateConnectorReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
Connector *Connector `protobuf:"bytes,1,opt,name=connector,proto3" json:"connector,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *CreateConnectorReq) Reset() {
*x = CreateConnectorReq{}
mi := &file_api_v2_api_proto_msgTypes[22]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *CreateConnectorReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*CreateConnectorReq) ProtoMessage() {}
func (x *CreateConnectorReq) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[22]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use CreateConnectorReq.ProtoReflect.Descriptor instead.
func (*CreateConnectorReq) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{22}
}
func (x *CreateConnectorReq) GetConnector() *Connector {
if x != nil {
return x.Connector
}
return nil
}
// CreateConnectorResp returns the response from creating a connector.
type CreateConnectorResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
AlreadyExists bool `protobuf:"varint,1,opt,name=already_exists,json=alreadyExists,proto3" json:"already_exists,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *CreateConnectorResp) Reset() {
*x = CreateConnectorResp{}
mi := &file_api_v2_api_proto_msgTypes[23]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *CreateConnectorResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*CreateConnectorResp) ProtoMessage() {}
func (x *CreateConnectorResp) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[23]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use CreateConnectorResp.ProtoReflect.Descriptor instead.
func (*CreateConnectorResp) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{23}
}
func (x *CreateConnectorResp) GetAlreadyExists() bool {
if x != nil {
return x.AlreadyExists
}
return false
}
// GrantTypes wraps a list of grant types to distinguish between
// "not specified" (no update) and "empty list" (unrestricted).
type GrantTypes struct {
state protoimpl.MessageState `protogen:"open.v1"`
GrantTypes []string `protobuf:"bytes,1,rep,name=grant_types,json=grantTypes,proto3" json:"grant_types,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GrantTypes) Reset() {
*x = GrantTypes{}
mi := &file_api_v2_api_proto_msgTypes[24]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GrantTypes) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GrantTypes) ProtoMessage() {}
func (x *GrantTypes) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[24]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GrantTypes.ProtoReflect.Descriptor instead.
func (*GrantTypes) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{24}
}
func (x *GrantTypes) GetGrantTypes() []string {
if x != nil {
return x.GrantTypes
}
return nil
}
// UpdateConnectorReq is a request to modify an existing connector.
type UpdateConnectorReq struct {
state protoimpl.MessageState `protogen:"open.v1"`
// The id used to lookup the connector. This field cannot be modified
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
NewType string `protobuf:"bytes,2,opt,name=new_type,json=newType,proto3" json:"new_type,omitempty"`
NewName string `protobuf:"bytes,3,opt,name=new_name,json=newName,proto3" json:"new_name,omitempty"`
NewConfig []byte `protobuf:"bytes,4,opt,name=new_config,json=newConfig,proto3" json:"new_config,omitempty"`
// If set, updates the connector's allowed grant types.
// An empty grant_types list means unrestricted (all grant types allowed).
// If not set (null), grant types are not modified.
NewGrantTypes *GrantTypes `protobuf:"bytes,5,opt,name=new_grant_types,json=newGrantTypes,proto3" json:"new_grant_types,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *UpdateConnectorReq) Reset() {
*x = UpdateConnectorReq{}
mi := &file_api_v2_api_proto_msgTypes[25]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *UpdateConnectorReq) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*UpdateConnectorReq) ProtoMessage() {}
func (x *UpdateConnectorReq) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[25]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use UpdateConnectorReq.ProtoReflect.Descriptor instead.
func (*UpdateConnectorReq) Descriptor() ([]byte, []int) {
return file_api_v2_api_proto_rawDescGZIP(), []int{25}
}
func (x *UpdateConnectorReq) GetId() string {
if x != nil {
return x.Id
}
return ""
}
func (x *UpdateConnectorReq) GetNewType() string {
if x != nil {
return x.NewType
}
return ""
}
func (x *UpdateConnectorReq) GetNewName() string {
if x != nil {
return x.NewName
}
return ""
}
func (x *UpdateConnectorReq) GetNewConfig() []byte {
if x != nil {
return x.NewConfig
}
return nil
}
func (x *UpdateConnectorReq) GetNewGrantTypes() *GrantTypes {
if x != nil {
return x.NewGrantTypes
}
return nil
}
// UpdateConnectorResp returns the response from modifying an existing connector.
type UpdateConnectorResp struct {
state protoimpl.MessageState `protogen:"open.v1"`
NotFound bool `protobuf:"varint,1,opt,name=not_found,json=notFound,proto3" json:"not_found,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *UpdateConnectorResp) Reset() {
*x = UpdateConnectorResp{}
mi := &file_api_v2_api_proto_msgTypes[26]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *UpdateConnectorResp) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*UpdateConnectorResp) ProtoMessage() {}
func (x *UpdateConnectorResp) ProtoReflect() protoreflect.Message {
mi := &file_api_v2_api_proto_msgTypes[26]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.Me
gitextract_0njidk3i/
├── .dockerignore
├── .editorconfig
├── .envrc
├── .github/
│ ├── .editorconfig
│ ├── CODE_OF_CONDUCT.md
│ ├── DCO
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug_report.yaml
│ │ ├── config.yml
│ │ └── feature_request.yaml
│ ├── PULL_REQUEST_TEMPLATE.md
│ ├── SECURITY.md
│ ├── dependabot.yaml
│ ├── release.yml
│ └── workflows/
│ ├── analysis-scorecard.yaml
│ ├── artifacts.yaml
│ ├── checks.yaml
│ ├── ci.yaml
│ ├── release.yaml
│ └── trivydb-cache.yaml
├── .gitignore
├── .gitpod.yml
├── .golangci.yaml
├── ADOPTERS.md
├── Dockerfile
├── LICENSE
├── MAINTAINERS
├── Makefile
├── README.md
├── api/
│ ├── api.pb.go
│ ├── api.proto
│ ├── api_grpc.pb.go
│ └── v2/
│ ├── api.pb.go
│ ├── api.proto
│ ├── api_grpc.pb.go
│ ├── go.mod
│ └── go.sum
├── cmd/
│ ├── dex/
│ │ ├── config.go
│ │ ├── config_test.go
│ │ ├── excluding_handler.go
│ │ ├── excluding_handler_test.go
│ │ ├── logger.go
│ │ ├── main.go
│ │ ├── serve.go
│ │ ├── serve_test.go
│ │ └── version.go
│ └── docker-entrypoint/
│ ├── main.go
│ └── main_test.go
├── config.dev.yaml
├── config.docker.yaml
├── config.yaml.dist
├── connector/
│ ├── atlassiancrowd/
│ │ ├── atlassiancrowd.go
│ │ └── atlassiancrowd_test.go
│ ├── authproxy/
│ │ ├── authproxy.go
│ │ └── authproxy_test.go
│ ├── bitbucketcloud/
│ │ ├── bitbucketcloud.go
│ │ └── bitbucketcloud_test.go
│ ├── connector.go
│ ├── gitea/
│ │ ├── gitea.go
│ │ └── gitea_test.go
│ ├── github/
│ │ ├── github.go
│ │ └── github_test.go
│ ├── gitlab/
│ │ ├── gitlab.go
│ │ ├── gitlab_test.go
│ │ └── testdata/
│ │ ├── rootCA.pem
│ │ ├── server.crt
│ │ └── server.key
│ ├── google/
│ │ ├── google.go
│ │ └── google_test.go
│ ├── keystone/
│ │ ├── keystone.go
│ │ └── keystone_test.go
│ ├── ldap/
│ │ ├── gen-certs.sh
│ │ ├── ldap.go
│ │ ├── ldap_test.go
│ │ └── testdata/
│ │ ├── certs/
│ │ │ ├── ca.crt
│ │ │ ├── ca.key
│ │ │ ├── dhparam.pem
│ │ │ ├── ldap.crt
│ │ │ └── ldap.key
│ │ └── schema.ldif
│ ├── linkedin/
│ │ └── linkedin.go
│ ├── microsoft/
│ │ ├── microsoft.go
│ │ └── microsoft_test.go
│ ├── mock/
│ │ └── connectortest.go
│ ├── oauth/
│ │ ├── oauth.go
│ │ └── oauth_test.go
│ ├── oidc/
│ │ ├── oidc.go
│ │ └── oidc_test.go
│ ├── openshift/
│ │ ├── openshift.go
│ │ └── openshift_test.go
│ └── saml/
│ ├── saml.go
│ ├── saml_test.go
│ ├── testdata/
│ │ ├── assertion-signed.tmpl
│ │ ├── assertion-signed.xml
│ │ ├── bad-ca.crt
│ │ ├── bad-ca.key
│ │ ├── bad-status.tmpl
│ │ ├── bad-status.xml
│ │ ├── ca.crt
│ │ ├── ca.key
│ │ ├── gen.sh
│ │ ├── good-resp.tmpl
│ │ ├── good-resp.xml
│ │ ├── idp-cert.pem
│ │ ├── idp-resp-signed-assertion.xml
│ │ ├── idp-resp-signed-assertion0.xml
│ │ ├── idp-resp-signed-message-and-assertion.xml
│ │ ├── idp-resp-signed-message.xml
│ │ ├── idp-resp.xml
│ │ ├── oam-ca.pem
│ │ ├── oam-resp.xml
│ │ ├── okta-ca.pem
│ │ ├── okta-resp.xml
│ │ ├── tampered-resp.xml
│ │ ├── two-assertions-first-signed.tmpl
│ │ └── two-assertions-first-signed.xml
│ └── types.go
├── docker-compose.override.yaml.dist
├── docker-compose.test.yaml
├── docker-compose.yaml
├── docs/
│ ├── README.md
│ └── enhancements/
│ ├── README.md
│ ├── _title-YYYY-MM-DD-#issue.md
│ ├── auth-sessions-2026-02-18.md
│ ├── cel-expressions-2026-02-28.md
│ ├── id-jag-2026-03-02#4600.md
│ └── token-exchange-2023-02-03-#2812.md
├── examples/
│ ├── .gitignore
│ ├── config-ad-kubelogin.yaml
│ ├── config-dev.yaml
│ ├── example-app/
│ │ ├── handlers.go
│ │ ├── handlers_device.go
│ │ ├── handlers_userinfo.go
│ │ ├── main.go
│ │ ├── static/
│ │ │ ├── app.js
│ │ │ ├── device.js
│ │ │ ├── style.css
│ │ │ └── token.js
│ │ ├── templates/
│ │ │ ├── device.html
│ │ │ ├── index.html
│ │ │ └── token.html
│ │ ├── templates.go
│ │ └── utils.go
│ ├── go.mod
│ ├── go.sum
│ ├── grpc-client/
│ │ ├── .gitignore
│ │ ├── README.md
│ │ ├── cert-destroy
│ │ ├── cert-gen
│ │ ├── client.go
│ │ ├── config.yaml
│ │ └── openssl.conf
│ ├── k8s/
│ │ ├── .gitignore
│ │ ├── dex.yaml
│ │ └── gencert.sh
│ ├── ldap/
│ │ ├── config-ldap.ldif
│ │ ├── config-ldap.yaml
│ │ └── docker-compose.yaml
│ └── oidc-conformance/
│ ├── config.yaml.tmpl
│ └── run.sh
├── flake.nix
├── go.mod
├── go.sum
├── pkg/
│ ├── cel/
│ │ ├── cel.go
│ │ ├── cel_test.go
│ │ ├── cost.go
│ │ ├── cost_test.go
│ │ ├── doc.go
│ │ ├── library/
│ │ │ ├── doc.go
│ │ │ ├── email.go
│ │ │ ├── email_test.go
│ │ │ ├── groups.go
│ │ │ └── groups_test.go
│ │ └── types.go
│ ├── featureflags/
│ │ ├── doc.go
│ │ ├── flag.go
│ │ └── set.go
│ ├── groups/
│ │ ├── doc.go
│ │ ├── groups.go
│ │ └── groups_test.go
│ └── httpclient/
│ ├── doc.go
│ ├── httpclient.go
│ ├── httpclient_test.go
│ ├── readme.md
│ └── testdata/
│ ├── rootCA.key
│ ├── rootCA.pem
│ ├── rootCA.srl
│ ├── server.crt
│ ├── server.csr
│ ├── server.csr.cnf
│ ├── server.key
│ └── v3.ext
├── scripts/
│ ├── git-version
│ ├── manifests/
│ │ ├── .editorconfig
│ │ └── crds/
│ │ ├── authcodes.yaml
│ │ ├── authrequests.yaml
│ │ ├── connectors.yaml
│ │ ├── devicerequests.yaml
│ │ ├── devicetokens.yaml
│ │ ├── oauth2clients.yaml
│ │ ├── offlinesessionses.yaml
│ │ ├── passwords.yaml
│ │ ├── refreshtokens.yaml
│ │ └── signingkeies.yaml
│ └── update-gomplate
├── server/
│ ├── api.go
│ ├── api_cache_test.go
│ ├── api_test.go
│ ├── deviceflowhandlers.go
│ ├── deviceflowhandlers_test.go
│ ├── doc.go
│ ├── errors.go
│ ├── errors_test.go
│ ├── handlers.go
│ ├── handlers_approval_test.go
│ ├── handlers_test.go
│ ├── internal/
│ │ ├── codec.go
│ │ ├── types.pb.go
│ │ └── types.proto
│ ├── introspectionhandler.go
│ ├── introspectionhandler_test.go
│ ├── mfa.go
│ ├── oauth2.go
│ ├── oauth2_test.go
│ ├── prompt.go
│ ├── prompt_test.go
│ ├── refreshhandlers.go
│ ├── refreshhandlers_test.go
│ ├── server.go
│ ├── server_test.go
│ ├── session.go
│ ├── session_test.go
│ ├── signer/
│ │ ├── local.go
│ │ ├── local_test.go
│ │ ├── mock.go
│ │ ├── rotation.go
│ │ ├── rotation_test.go
│ │ ├── signer.go
│ │ ├── utils.go
│ │ ├── vault.go
│ │ ├── vault_integration_test.go
│ │ └── vault_test.go
│ ├── templates.go
│ └── templates_test.go
├── storage/
│ ├── conformance/
│ │ ├── conformance.go
│ │ ├── gen_jwks.go
│ │ ├── jwks.go
│ │ └── transactions.go
│ ├── doc.go
│ ├── ent/
│ │ ├── client/
│ │ │ ├── authcode.go
│ │ │ ├── authrequest.go
│ │ │ ├── authsession.go
│ │ │ ├── client.go
│ │ │ ├── connector.go
│ │ │ ├── devicerequest.go
│ │ │ ├── devicetoken.go
│ │ │ ├── keys.go
│ │ │ ├── main.go
│ │ │ ├── offlinesession.go
│ │ │ ├── password.go
│ │ │ ├── refreshtoken.go
│ │ │ ├── types.go
│ │ │ ├── useridentity.go
│ │ │ └── utils.go
│ │ ├── db/
│ │ │ ├── authcode/
│ │ │ │ ├── authcode.go
│ │ │ │ └── where.go
│ │ │ ├── authcode.go
│ │ │ ├── authcode_create.go
│ │ │ ├── authcode_delete.go
│ │ │ ├── authcode_query.go
│ │ │ ├── authcode_update.go
│ │ │ ├── authrequest/
│ │ │ │ ├── authrequest.go
│ │ │ │ └── where.go
│ │ │ ├── authrequest.go
│ │ │ ├── authrequest_create.go
│ │ │ ├── authrequest_delete.go
│ │ │ ├── authrequest_query.go
│ │ │ ├── authrequest_update.go
│ │ │ ├── authsession/
│ │ │ │ ├── authsession.go
│ │ │ │ └── where.go
│ │ │ ├── authsession.go
│ │ │ ├── authsession_create.go
│ │ │ ├── authsession_delete.go
│ │ │ ├── authsession_query.go
│ │ │ ├── authsession_update.go
│ │ │ ├── client.go
│ │ │ ├── connector/
│ │ │ │ ├── connector.go
│ │ │ │ └── where.go
│ │ │ ├── connector.go
│ │ │ ├── connector_create.go
│ │ │ ├── connector_delete.go
│ │ │ ├── connector_query.go
│ │ │ ├── connector_update.go
│ │ │ ├── devicerequest/
│ │ │ │ ├── devicerequest.go
│ │ │ │ └── where.go
│ │ │ ├── devicerequest.go
│ │ │ ├── devicerequest_create.go
│ │ │ ├── devicerequest_delete.go
│ │ │ ├── devicerequest_query.go
│ │ │ ├── devicerequest_update.go
│ │ │ ├── devicetoken/
│ │ │ │ ├── devicetoken.go
│ │ │ │ └── where.go
│ │ │ ├── devicetoken.go
│ │ │ ├── devicetoken_create.go
│ │ │ ├── devicetoken_delete.go
│ │ │ ├── devicetoken_query.go
│ │ │ ├── devicetoken_update.go
│ │ │ ├── ent.go
│ │ │ ├── enttest/
│ │ │ │ └── enttest.go
│ │ │ ├── hook/
│ │ │ │ └── hook.go
│ │ │ ├── keys/
│ │ │ │ ├── keys.go
│ │ │ │ └── where.go
│ │ │ ├── keys.go
│ │ │ ├── keys_create.go
│ │ │ ├── keys_delete.go
│ │ │ ├── keys_query.go
│ │ │ ├── keys_update.go
│ │ │ ├── migrate/
│ │ │ │ ├── migrate.go
│ │ │ │ └── schema.go
│ │ │ ├── mutation.go
│ │ │ ├── oauth2client/
│ │ │ │ ├── oauth2client.go
│ │ │ │ └── where.go
│ │ │ ├── oauth2client.go
│ │ │ ├── oauth2client_create.go
│ │ │ ├── oauth2client_delete.go
│ │ │ ├── oauth2client_query.go
│ │ │ ├── oauth2client_update.go
│ │ │ ├── offlinesession/
│ │ │ │ ├── offlinesession.go
│ │ │ │ └── where.go
│ │ │ ├── offlinesession.go
│ │ │ ├── offlinesession_create.go
│ │ │ ├── offlinesession_delete.go
│ │ │ ├── offlinesession_query.go
│ │ │ ├── offlinesession_update.go
│ │ │ ├── password/
│ │ │ │ ├── password.go
│ │ │ │ └── where.go
│ │ │ ├── password.go
│ │ │ ├── password_create.go
│ │ │ ├── password_delete.go
│ │ │ ├── password_query.go
│ │ │ ├── password_update.go
│ │ │ ├── predicate/
│ │ │ │ └── predicate.go
│ │ │ ├── refreshtoken/
│ │ │ │ ├── refreshtoken.go
│ │ │ │ └── where.go
│ │ │ ├── refreshtoken.go
│ │ │ ├── refreshtoken_create.go
│ │ │ ├── refreshtoken_delete.go
│ │ │ ├── refreshtoken_query.go
│ │ │ ├── refreshtoken_update.go
│ │ │ ├── runtime/
│ │ │ │ └── runtime.go
│ │ │ ├── runtime.go
│ │ │ ├── tx.go
│ │ │ ├── useridentity/
│ │ │ │ ├── useridentity.go
│ │ │ │ └── where.go
│ │ │ ├── useridentity.go
│ │ │ ├── useridentity_create.go
│ │ │ ├── useridentity_delete.go
│ │ │ ├── useridentity_query.go
│ │ │ └── useridentity_update.go
│ │ ├── generate.go
│ │ ├── mysql.go
│ │ ├── mysql_test.go
│ │ ├── postgres.go
│ │ ├── postgres_test.go
│ │ ├── schema/
│ │ │ ├── authcode.go
│ │ │ ├── authrequest.go
│ │ │ ├── authsession.go
│ │ │ ├── client.go
│ │ │ ├── connector.go
│ │ │ ├── devicerequest.go
│ │ │ ├── devicetoken.go
│ │ │ ├── dialects.go
│ │ │ ├── keys.go
│ │ │ ├── offlinesession.go
│ │ │ ├── password.go
│ │ │ ├── refreshtoken.go
│ │ │ └── useridentity.go
│ │ ├── sqlite.go
│ │ ├── sqlite_test.go
│ │ ├── types.go
│ │ └── utils.go
│ ├── etcd/
│ │ ├── config.go
│ │ ├── etcd.go
│ │ ├── etcd_test.go
│ │ └── types.go
│ ├── health.go
│ ├── kubernetes/
│ │ ├── client.go
│ │ ├── client_test.go
│ │ ├── doc.go
│ │ ├── k8sapi/
│ │ │ ├── client.go
│ │ │ ├── crd_extensions.go
│ │ │ ├── doc.go
│ │ │ ├── extensions.go
│ │ │ ├── time.go
│ │ │ ├── unversioned.go
│ │ │ └── v1.go
│ │ ├── lock.go
│ │ ├── storage.go
│ │ ├── storage_test.go
│ │ ├── transport.go
│ │ └── types.go
│ ├── memory/
│ │ ├── memory.go
│ │ ├── memory_test.go
│ │ └── static_test.go
│ ├── sql/
│ │ ├── config.go
│ │ ├── config_test.go
│ │ ├── crud.go
│ │ ├── crud_test.go
│ │ ├── migrate.go
│ │ ├── migrate_test.go
│ │ ├── postgres_test.go
│ │ ├── sql.go
│ │ ├── sql_test.go
│ │ ├── sqlite.go
│ │ ├── sqlite_no_cgo.go
│ │ └── sqlite_test.go
│ ├── static.go
│ └── storage.go
└── web/
├── robots.txt
├── static/
│ └── main.css
├── templates/
│ ├── approval.html
│ ├── device.html
│ ├── device_success.html
│ ├── error.html
│ ├── footer.html
│ ├── header.html
│ ├── login.html
│ ├── oob.html
│ ├── password.html
│ └── totp_verify.html
├── themes/
│ ├── dark/
│ │ └── styles.css
│ └── light/
│ └── styles.css
└── web.go
Showing preview only (725K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (7658 symbols across 278 files)
FILE: api/api.pb.go
constant _ (line 19) | _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
constant _ (line 21) | _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
type Client (line 25) | type Client struct
method Reset (line 39) | func (x *Client) Reset() {
method String (line 46) | func (x *Client) String() string {
method ProtoMessage (line 50) | func (*Client) ProtoMessage() {}
method ProtoReflect (line 52) | func (x *Client) ProtoReflect() protoreflect.Message {
method Descriptor (line 65) | func (*Client) Descriptor() ([]byte, []int) {
method GetId (line 69) | func (x *Client) GetId() string {
method GetSecret (line 76) | func (x *Client) GetSecret() string {
method GetRedirectUris (line 83) | func (x *Client) GetRedirectUris() []string {
method GetTrustedPeers (line 90) | func (x *Client) GetTrustedPeers() []string {
method GetPublic (line 97) | func (x *Client) GetPublic() bool {
method GetName (line 104) | func (x *Client) GetName() string {
method GetLogoUrl (line 111) | func (x *Client) GetLogoUrl() string {
method GetAllowedConnectors (line 118) | func (x *Client) GetAllowedConnectors() []string {
type CreateClientReq (line 126) | type CreateClientReq struct
method Reset (line 133) | func (x *CreateClientReq) Reset() {
method String (line 140) | func (x *CreateClientReq) String() string {
method ProtoMessage (line 144) | func (*CreateClientReq) ProtoMessage() {}
method ProtoReflect (line 146) | func (x *CreateClientReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 159) | func (*CreateClientReq) Descriptor() ([]byte, []int) {
method GetClient (line 163) | func (x *CreateClientReq) GetClient() *Client {
type CreateClientResp (line 171) | type CreateClientResp struct
method Reset (line 179) | func (x *CreateClientResp) Reset() {
method String (line 186) | func (x *CreateClientResp) String() string {
method ProtoMessage (line 190) | func (*CreateClientResp) ProtoMessage() {}
method ProtoReflect (line 192) | func (x *CreateClientResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 205) | func (*CreateClientResp) Descriptor() ([]byte, []int) {
method GetAlreadyExists (line 209) | func (x *CreateClientResp) GetAlreadyExists() bool {
method GetClient (line 216) | func (x *CreateClientResp) GetClient() *Client {
type DeleteClientReq (line 224) | type DeleteClientReq struct
method Reset (line 232) | func (x *DeleteClientReq) Reset() {
method String (line 239) | func (x *DeleteClientReq) String() string {
method ProtoMessage (line 243) | func (*DeleteClientReq) ProtoMessage() {}
method ProtoReflect (line 245) | func (x *DeleteClientReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 258) | func (*DeleteClientReq) Descriptor() ([]byte, []int) {
method GetId (line 262) | func (x *DeleteClientReq) GetId() string {
type DeleteClientResp (line 270) | type DeleteClientResp struct
method Reset (line 277) | func (x *DeleteClientResp) Reset() {
method String (line 284) | func (x *DeleteClientResp) String() string {
method ProtoMessage (line 288) | func (*DeleteClientResp) ProtoMessage() {}
method ProtoReflect (line 290) | func (x *DeleteClientResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 303) | func (*DeleteClientResp) Descriptor() ([]byte, []int) {
method GetNotFound (line 307) | func (x *DeleteClientResp) GetNotFound() bool {
type UpdateClientReq (line 315) | type UpdateClientReq struct
method Reset (line 327) | func (x *UpdateClientReq) Reset() {
method String (line 334) | func (x *UpdateClientReq) String() string {
method ProtoMessage (line 338) | func (*UpdateClientReq) ProtoMessage() {}
method ProtoReflect (line 340) | func (x *UpdateClientReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 353) | func (*UpdateClientReq) Descriptor() ([]byte, []int) {
method GetId (line 357) | func (x *UpdateClientReq) GetId() string {
method GetRedirectUris (line 364) | func (x *UpdateClientReq) GetRedirectUris() []string {
method GetTrustedPeers (line 371) | func (x *UpdateClientReq) GetTrustedPeers() []string {
method GetName (line 378) | func (x *UpdateClientReq) GetName() string {
method GetLogoUrl (line 385) | func (x *UpdateClientReq) GetLogoUrl() string {
method GetAllowedConnectors (line 392) | func (x *UpdateClientReq) GetAllowedConnectors() []string {
type UpdateClientResp (line 400) | type UpdateClientResp struct
method Reset (line 407) | func (x *UpdateClientResp) Reset() {
method String (line 414) | func (x *UpdateClientResp) String() string {
method ProtoMessage (line 418) | func (*UpdateClientResp) ProtoMessage() {}
method ProtoReflect (line 420) | func (x *UpdateClientResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 433) | func (*UpdateClientResp) Descriptor() ([]byte, []int) {
method GetNotFound (line 437) | func (x *UpdateClientResp) GetNotFound() bool {
type Password (line 445) | type Password struct
method Reset (line 456) | func (x *Password) Reset() {
method String (line 463) | func (x *Password) String() string {
method ProtoMessage (line 467) | func (*Password) ProtoMessage() {}
method ProtoReflect (line 469) | func (x *Password) ProtoReflect() protoreflect.Message {
method Descriptor (line 482) | func (*Password) Descriptor() ([]byte, []int) {
method GetEmail (line 486) | func (x *Password) GetEmail() string {
method GetHash (line 493) | func (x *Password) GetHash() []byte {
method GetUsername (line 500) | func (x *Password) GetUsername() string {
method GetUserId (line 507) | func (x *Password) GetUserId() string {
type CreatePasswordReq (line 515) | type CreatePasswordReq struct
method Reset (line 522) | func (x *CreatePasswordReq) Reset() {
method String (line 529) | func (x *CreatePasswordReq) String() string {
method ProtoMessage (line 533) | func (*CreatePasswordReq) ProtoMessage() {}
method ProtoReflect (line 535) | func (x *CreatePasswordReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 548) | func (*CreatePasswordReq) Descriptor() ([]byte, []int) {
method GetPassword (line 552) | func (x *CreatePasswordReq) GetPassword() *Password {
type CreatePasswordResp (line 560) | type CreatePasswordResp struct
method Reset (line 567) | func (x *CreatePasswordResp) Reset() {
method String (line 574) | func (x *CreatePasswordResp) String() string {
method ProtoMessage (line 578) | func (*CreatePasswordResp) ProtoMessage() {}
method ProtoReflect (line 580) | func (x *CreatePasswordResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 593) | func (*CreatePasswordResp) Descriptor() ([]byte, []int) {
method GetAlreadyExists (line 597) | func (x *CreatePasswordResp) GetAlreadyExists() bool {
type UpdatePasswordReq (line 605) | type UpdatePasswordReq struct
method Reset (line 615) | func (x *UpdatePasswordReq) Reset() {
method String (line 622) | func (x *UpdatePasswordReq) String() string {
method ProtoMessage (line 626) | func (*UpdatePasswordReq) ProtoMessage() {}
method ProtoReflect (line 628) | func (x *UpdatePasswordReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 641) | func (*UpdatePasswordReq) Descriptor() ([]byte, []int) {
method GetEmail (line 645) | func (x *UpdatePasswordReq) GetEmail() string {
method GetNewHash (line 652) | func (x *UpdatePasswordReq) GetNewHash() []byte {
method GetNewUsername (line 659) | func (x *UpdatePasswordReq) GetNewUsername() string {
type UpdatePasswordResp (line 667) | type UpdatePasswordResp struct
method Reset (line 674) | func (x *UpdatePasswordResp) Reset() {
method String (line 681) | func (x *UpdatePasswordResp) String() string {
method ProtoMessage (line 685) | func (*UpdatePasswordResp) ProtoMessage() {}
method ProtoReflect (line 687) | func (x *UpdatePasswordResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 700) | func (*UpdatePasswordResp) Descriptor() ([]byte, []int) {
method GetNotFound (line 704) | func (x *UpdatePasswordResp) GetNotFound() bool {
type DeletePasswordReq (line 712) | type DeletePasswordReq struct
method Reset (line 719) | func (x *DeletePasswordReq) Reset() {
method String (line 726) | func (x *DeletePasswordReq) String() string {
method ProtoMessage (line 730) | func (*DeletePasswordReq) ProtoMessage() {}
method ProtoReflect (line 732) | func (x *DeletePasswordReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 745) | func (*DeletePasswordReq) Descriptor() ([]byte, []int) {
method GetEmail (line 749) | func (x *DeletePasswordReq) GetEmail() string {
type DeletePasswordResp (line 757) | type DeletePasswordResp struct
method Reset (line 764) | func (x *DeletePasswordResp) Reset() {
method String (line 771) | func (x *DeletePasswordResp) String() string {
method ProtoMessage (line 775) | func (*DeletePasswordResp) ProtoMessage() {}
method ProtoReflect (line 777) | func (x *DeletePasswordResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 790) | func (*DeletePasswordResp) Descriptor() ([]byte, []int) {
method GetNotFound (line 794) | func (x *DeletePasswordResp) GetNotFound() bool {
type ListPasswordReq (line 802) | type ListPasswordReq struct
method Reset (line 808) | func (x *ListPasswordReq) Reset() {
method String (line 815) | func (x *ListPasswordReq) String() string {
method ProtoMessage (line 819) | func (*ListPasswordReq) ProtoMessage() {}
method ProtoReflect (line 821) | func (x *ListPasswordReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 834) | func (*ListPasswordReq) Descriptor() ([]byte, []int) {
type ListPasswordResp (line 839) | type ListPasswordResp struct
method Reset (line 846) | func (x *ListPasswordResp) Reset() {
method String (line 853) | func (x *ListPasswordResp) String() string {
method ProtoMessage (line 857) | func (*ListPasswordResp) ProtoMessage() {}
method ProtoReflect (line 859) | func (x *ListPasswordResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 872) | func (*ListPasswordResp) Descriptor() ([]byte, []int) {
method GetPasswords (line 876) | func (x *ListPasswordResp) GetPasswords() []*Password {
type VersionReq (line 884) | type VersionReq struct
method Reset (line 890) | func (x *VersionReq) Reset() {
method String (line 897) | func (x *VersionReq) String() string {
method ProtoMessage (line 901) | func (*VersionReq) ProtoMessage() {}
method ProtoReflect (line 903) | func (x *VersionReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 916) | func (*VersionReq) Descriptor() ([]byte, []int) {
type VersionResp (line 921) | type VersionResp struct
method Reset (line 932) | func (x *VersionResp) Reset() {
method String (line 939) | func (x *VersionResp) String() string {
method ProtoMessage (line 943) | func (*VersionResp) ProtoMessage() {}
method ProtoReflect (line 945) | func (x *VersionResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 958) | func (*VersionResp) Descriptor() ([]byte, []int) {
method GetServer (line 962) | func (x *VersionResp) GetServer() string {
method GetApi (line 969) | func (x *VersionResp) GetApi() int32 {
type RefreshTokenRef (line 977) | type RefreshTokenRef struct
method Reset (line 988) | func (x *RefreshTokenRef) Reset() {
method String (line 995) | func (x *RefreshTokenRef) String() string {
method ProtoMessage (line 999) | func (*RefreshTokenRef) ProtoMessage() {}
method ProtoReflect (line 1001) | func (x *RefreshTokenRef) ProtoReflect() protoreflect.Message {
method Descriptor (line 1014) | func (*RefreshTokenRef) Descriptor() ([]byte, []int) {
method GetId (line 1018) | func (x *RefreshTokenRef) GetId() string {
method GetClientId (line 1025) | func (x *RefreshTokenRef) GetClientId() string {
method GetCreatedAt (line 1032) | func (x *RefreshTokenRef) GetCreatedAt() int64 {
method GetLastUsed (line 1039) | func (x *RefreshTokenRef) GetLastUsed() int64 {
type ListRefreshReq (line 1047) | type ListRefreshReq struct
method Reset (line 1055) | func (x *ListRefreshReq) Reset() {
method String (line 1062) | func (x *ListRefreshReq) String() string {
method ProtoMessage (line 1066) | func (*ListRefreshReq) ProtoMessage() {}
method ProtoReflect (line 1068) | func (x *ListRefreshReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 1081) | func (*ListRefreshReq) Descriptor() ([]byte, []int) {
method GetUserId (line 1085) | func (x *ListRefreshReq) GetUserId() string {
type ListRefreshResp (line 1093) | type ListRefreshResp struct
method Reset (line 1100) | func (x *ListRefreshResp) Reset() {
method String (line 1107) | func (x *ListRefreshResp) String() string {
method ProtoMessage (line 1111) | func (*ListRefreshResp) ProtoMessage() {}
method ProtoReflect (line 1113) | func (x *ListRefreshResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 1126) | func (*ListRefreshResp) Descriptor() ([]byte, []int) {
method GetRefreshTokens (line 1130) | func (x *ListRefreshResp) GetRefreshTokens() []*RefreshTokenRef {
type RevokeRefreshReq (line 1138) | type RevokeRefreshReq struct
method Reset (line 1147) | func (x *RevokeRefreshReq) Reset() {
method String (line 1154) | func (x *RevokeRefreshReq) String() string {
method ProtoMessage (line 1158) | func (*RevokeRefreshReq) ProtoMessage() {}
method ProtoReflect (line 1160) | func (x *RevokeRefreshReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 1173) | func (*RevokeRefreshReq) Descriptor() ([]byte, []int) {
method GetUserId (line 1177) | func (x *RevokeRefreshReq) GetUserId() string {
method GetClientId (line 1184) | func (x *RevokeRefreshReq) GetClientId() string {
type RevokeRefreshResp (line 1192) | type RevokeRefreshResp struct
method Reset (line 1200) | func (x *RevokeRefreshResp) Reset() {
method String (line 1207) | func (x *RevokeRefreshResp) String() string {
method ProtoMessage (line 1211) | func (*RevokeRefreshResp) ProtoMessage() {}
method ProtoReflect (line 1213) | func (x *RevokeRefreshResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 1226) | func (*RevokeRefreshResp) Descriptor() ([]byte, []int) {
method GetNotFound (line 1230) | func (x *RevokeRefreshResp) GetNotFound() bool {
type VerifyPasswordReq (line 1237) | type VerifyPasswordReq struct
method Reset (line 1245) | func (x *VerifyPasswordReq) Reset() {
method String (line 1252) | func (x *VerifyPasswordReq) String() string {
method ProtoMessage (line 1256) | func (*VerifyPasswordReq) ProtoMessage() {}
method ProtoReflect (line 1258) | func (x *VerifyPasswordReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 1271) | func (*VerifyPasswordReq) Descriptor() ([]byte, []int) {
method GetEmail (line 1275) | func (x *VerifyPasswordReq) GetEmail() string {
method GetPassword (line 1282) | func (x *VerifyPasswordReq) GetPassword() string {
type VerifyPasswordResp (line 1289) | type VerifyPasswordResp struct
method Reset (line 1297) | func (x *VerifyPasswordResp) Reset() {
method String (line 1304) | func (x *VerifyPasswordResp) String() string {
method ProtoMessage (line 1308) | func (*VerifyPasswordResp) ProtoMessage() {}
method ProtoReflect (line 1310) | func (x *VerifyPasswordResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 1323) | func (*VerifyPasswordResp) Descriptor() ([]byte, []int) {
method GetVerified (line 1327) | func (x *VerifyPasswordResp) GetVerified() bool {
method GetNotFound (line 1334) | func (x *VerifyPasswordResp) GetNotFound() bool {
function file_api_api_proto_rawDescGZIP (line 1519) | func file_api_api_proto_rawDescGZIP() []byte {
function init (line 1589) | func init() { file_api_api_proto_init() }
function file_api_api_proto_init (line 1590) | func file_api_api_proto_init() {
FILE: api/api_grpc.pb.go
constant _ (line 19) | _ = grpc.SupportPackageIsVersion9
constant Dex_CreateClient_FullMethodName (line 22) | Dex_CreateClient_FullMethodName = "/api.Dex/CreateClient"
constant Dex_UpdateClient_FullMethodName (line 23) | Dex_UpdateClient_FullMethodName = "/api.Dex/UpdateClient"
constant Dex_DeleteClient_FullMethodName (line 24) | Dex_DeleteClient_FullMethodName = "/api.Dex/DeleteClient"
constant Dex_CreatePassword_FullMethodName (line 25) | Dex_CreatePassword_FullMethodName = "/api.Dex/CreatePassword"
constant Dex_UpdatePassword_FullMethodName (line 26) | Dex_UpdatePassword_FullMethodName = "/api.Dex/UpdatePassword"
constant Dex_DeletePassword_FullMethodName (line 27) | Dex_DeletePassword_FullMethodName = "/api.Dex/DeletePassword"
constant Dex_ListPasswords_FullMethodName (line 28) | Dex_ListPasswords_FullMethodName = "/api.Dex/ListPasswords"
constant Dex_GetVersion_FullMethodName (line 29) | Dex_GetVersion_FullMethodName = "/api.Dex/GetVersion"
constant Dex_ListRefresh_FullMethodName (line 30) | Dex_ListRefresh_FullMethodName = "/api.Dex/ListRefresh"
constant Dex_RevokeRefresh_FullMethodName (line 31) | Dex_RevokeRefresh_FullMethodName = "/api.Dex/RevokeRefresh"
constant Dex_VerifyPassword_FullMethodName (line 32) | Dex_VerifyPassword_FullMethodName = "/api.Dex/VerifyPassword"
type DexClient (line 40) | type DexClient interface
type dexClient (line 67) | type dexClient struct
method CreateClient (line 75) | func (c *dexClient) CreateClient(ctx context.Context, in *CreateClient...
method UpdateClient (line 85) | func (c *dexClient) UpdateClient(ctx context.Context, in *UpdateClient...
method DeleteClient (line 95) | func (c *dexClient) DeleteClient(ctx context.Context, in *DeleteClient...
method CreatePassword (line 105) | func (c *dexClient) CreatePassword(ctx context.Context, in *CreatePass...
method UpdatePassword (line 115) | func (c *dexClient) UpdatePassword(ctx context.Context, in *UpdatePass...
method DeletePassword (line 125) | func (c *dexClient) DeletePassword(ctx context.Context, in *DeletePass...
method ListPasswords (line 135) | func (c *dexClient) ListPasswords(ctx context.Context, in *ListPasswor...
method GetVersion (line 145) | func (c *dexClient) GetVersion(ctx context.Context, in *VersionReq, op...
method ListRefresh (line 155) | func (c *dexClient) ListRefresh(ctx context.Context, in *ListRefreshRe...
method RevokeRefresh (line 165) | func (c *dexClient) RevokeRefresh(ctx context.Context, in *RevokeRefre...
method VerifyPassword (line 175) | func (c *dexClient) VerifyPassword(ctx context.Context, in *VerifyPass...
function NewDexClient (line 71) | func NewDexClient(cc grpc.ClientConnInterface) DexClient {
type DexServer (line 190) | type DexServer interface
type UnimplementedDexServer (line 223) | type UnimplementedDexServer struct
method CreateClient (line 225) | func (UnimplementedDexServer) CreateClient(context.Context, *CreateCli...
method UpdateClient (line 228) | func (UnimplementedDexServer) UpdateClient(context.Context, *UpdateCli...
method DeleteClient (line 231) | func (UnimplementedDexServer) DeleteClient(context.Context, *DeleteCli...
method CreatePassword (line 234) | func (UnimplementedDexServer) CreatePassword(context.Context, *CreateP...
method UpdatePassword (line 237) | func (UnimplementedDexServer) UpdatePassword(context.Context, *UpdateP...
method DeletePassword (line 240) | func (UnimplementedDexServer) DeletePassword(context.Context, *DeleteP...
method ListPasswords (line 243) | func (UnimplementedDexServer) ListPasswords(context.Context, *ListPass...
method GetVersion (line 246) | func (UnimplementedDexServer) GetVersion(context.Context, *VersionReq)...
method ListRefresh (line 249) | func (UnimplementedDexServer) ListRefresh(context.Context, *ListRefres...
method RevokeRefresh (line 252) | func (UnimplementedDexServer) RevokeRefresh(context.Context, *RevokeRe...
method VerifyPassword (line 255) | func (UnimplementedDexServer) VerifyPassword(context.Context, *VerifyP...
method mustEmbedUnimplementedDexServer (line 258) | func (UnimplementedDexServer) mustEmbedUnimplementedDexServer() {}
method testEmbeddedByValue (line 259) | func (UnimplementedDexServer) testEmbeddedByValue() {}
type UnsafeDexServer (line 264) | type UnsafeDexServer interface
function RegisterDexServer (line 268) | func RegisterDexServer(s grpc.ServiceRegistrar, srv DexServer) {
function _Dex_CreateClient_Handler (line 279) | func _Dex_CreateClient_Handler(srv interface{}, ctx context.Context, dec...
function _Dex_UpdateClient_Handler (line 297) | func _Dex_UpdateClient_Handler(srv interface{}, ctx context.Context, dec...
function _Dex_DeleteClient_Handler (line 315) | func _Dex_DeleteClient_Handler(srv interface{}, ctx context.Context, dec...
function _Dex_CreatePassword_Handler (line 333) | func _Dex_CreatePassword_Handler(srv interface{}, ctx context.Context, d...
function _Dex_UpdatePassword_Handler (line 351) | func _Dex_UpdatePassword_Handler(srv interface{}, ctx context.Context, d...
function _Dex_DeletePassword_Handler (line 369) | func _Dex_DeletePassword_Handler(srv interface{}, ctx context.Context, d...
function _Dex_ListPasswords_Handler (line 387) | func _Dex_ListPasswords_Handler(srv interface{}, ctx context.Context, de...
function _Dex_GetVersion_Handler (line 405) | func _Dex_GetVersion_Handler(srv interface{}, ctx context.Context, dec f...
function _Dex_ListRefresh_Handler (line 423) | func _Dex_ListRefresh_Handler(srv interface{}, ctx context.Context, dec ...
function _Dex_RevokeRefresh_Handler (line 441) | func _Dex_RevokeRefresh_Handler(srv interface{}, ctx context.Context, de...
function _Dex_VerifyPassword_Handler (line 459) | func _Dex_VerifyPassword_Handler(srv interface{}, ctx context.Context, d...
FILE: api/v2/api.pb.go
constant _ (line 19) | _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
constant _ (line 21) | _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
type Client (line 25) | type Client struct
method Reset (line 39) | func (x *Client) Reset() {
method String (line 46) | func (x *Client) String() string {
method ProtoMessage (line 50) | func (*Client) ProtoMessage() {}
method ProtoReflect (line 52) | func (x *Client) ProtoReflect() protoreflect.Message {
method Descriptor (line 65) | func (*Client) Descriptor() ([]byte, []int) {
method GetId (line 69) | func (x *Client) GetId() string {
method GetSecret (line 76) | func (x *Client) GetSecret() string {
method GetRedirectUris (line 83) | func (x *Client) GetRedirectUris() []string {
method GetTrustedPeers (line 90) | func (x *Client) GetTrustedPeers() []string {
method GetPublic (line 97) | func (x *Client) GetPublic() bool {
method GetName (line 104) | func (x *Client) GetName() string {
method GetLogoUrl (line 111) | func (x *Client) GetLogoUrl() string {
method GetAllowedConnectors (line 118) | func (x *Client) GetAllowedConnectors() []string {
type ClientInfo (line 126) | type ClientInfo struct
method Reset (line 139) | func (x *ClientInfo) Reset() {
method String (line 146) | func (x *ClientInfo) String() string {
method ProtoMessage (line 150) | func (*ClientInfo) ProtoMessage() {}
method ProtoReflect (line 152) | func (x *ClientInfo) ProtoReflect() protoreflect.Message {
method Descriptor (line 165) | func (*ClientInfo) Descriptor() ([]byte, []int) {
method GetId (line 169) | func (x *ClientInfo) GetId() string {
method GetRedirectUris (line 176) | func (x *ClientInfo) GetRedirectUris() []string {
method GetTrustedPeers (line 183) | func (x *ClientInfo) GetTrustedPeers() []string {
method GetPublic (line 190) | func (x *ClientInfo) GetPublic() bool {
method GetName (line 197) | func (x *ClientInfo) GetName() string {
method GetLogoUrl (line 204) | func (x *ClientInfo) GetLogoUrl() string {
method GetAllowedConnectors (line 211) | func (x *ClientInfo) GetAllowedConnectors() []string {
type GetClientReq (line 219) | type GetClientReq struct
method Reset (line 227) | func (x *GetClientReq) Reset() {
method String (line 234) | func (x *GetClientReq) String() string {
method ProtoMessage (line 238) | func (*GetClientReq) ProtoMessage() {}
method ProtoReflect (line 240) | func (x *GetClientReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 253) | func (*GetClientReq) Descriptor() ([]byte, []int) {
method GetId (line 257) | func (x *GetClientReq) GetId() string {
type GetClientResp (line 265) | type GetClientResp struct
method Reset (line 272) | func (x *GetClientResp) Reset() {
method String (line 279) | func (x *GetClientResp) String() string {
method ProtoMessage (line 283) | func (*GetClientResp) ProtoMessage() {}
method ProtoReflect (line 285) | func (x *GetClientResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 298) | func (*GetClientResp) Descriptor() ([]byte, []int) {
method GetClient (line 302) | func (x *GetClientResp) GetClient() *Client {
type CreateClientReq (line 310) | type CreateClientReq struct
method Reset (line 317) | func (x *CreateClientReq) Reset() {
method String (line 324) | func (x *CreateClientReq) String() string {
method ProtoMessage (line 328) | func (*CreateClientReq) ProtoMessage() {}
method ProtoReflect (line 330) | func (x *CreateClientReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 343) | func (*CreateClientReq) Descriptor() ([]byte, []int) {
method GetClient (line 347) | func (x *CreateClientReq) GetClient() *Client {
type CreateClientResp (line 355) | type CreateClientResp struct
method Reset (line 363) | func (x *CreateClientResp) Reset() {
method String (line 370) | func (x *CreateClientResp) String() string {
method ProtoMessage (line 374) | func (*CreateClientResp) ProtoMessage() {}
method ProtoReflect (line 376) | func (x *CreateClientResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 389) | func (*CreateClientResp) Descriptor() ([]byte, []int) {
method GetAlreadyExists (line 393) | func (x *CreateClientResp) GetAlreadyExists() bool {
method GetClient (line 400) | func (x *CreateClientResp) GetClient() *Client {
type DeleteClientReq (line 408) | type DeleteClientReq struct
method Reset (line 416) | func (x *DeleteClientReq) Reset() {
method String (line 423) | func (x *DeleteClientReq) String() string {
method ProtoMessage (line 427) | func (*DeleteClientReq) ProtoMessage() {}
method ProtoReflect (line 429) | func (x *DeleteClientReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 442) | func (*DeleteClientReq) Descriptor() ([]byte, []int) {
method GetId (line 446) | func (x *DeleteClientReq) GetId() string {
type DeleteClientResp (line 454) | type DeleteClientResp struct
method Reset (line 461) | func (x *DeleteClientResp) Reset() {
method String (line 468) | func (x *DeleteClientResp) String() string {
method ProtoMessage (line 472) | func (*DeleteClientResp) ProtoMessage() {}
method ProtoReflect (line 474) | func (x *DeleteClientResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 487) | func (*DeleteClientResp) Descriptor() ([]byte, []int) {
method GetNotFound (line 491) | func (x *DeleteClientResp) GetNotFound() bool {
type UpdateClientReq (line 499) | type UpdateClientReq struct
method Reset (line 511) | func (x *UpdateClientReq) Reset() {
method String (line 518) | func (x *UpdateClientReq) String() string {
method ProtoMessage (line 522) | func (*UpdateClientReq) ProtoMessage() {}
method ProtoReflect (line 524) | func (x *UpdateClientReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 537) | func (*UpdateClientReq) Descriptor() ([]byte, []int) {
method GetId (line 541) | func (x *UpdateClientReq) GetId() string {
method GetRedirectUris (line 548) | func (x *UpdateClientReq) GetRedirectUris() []string {
method GetTrustedPeers (line 555) | func (x *UpdateClientReq) GetTrustedPeers() []string {
method GetName (line 562) | func (x *UpdateClientReq) GetName() string {
method GetLogoUrl (line 569) | func (x *UpdateClientReq) GetLogoUrl() string {
method GetAllowedConnectors (line 576) | func (x *UpdateClientReq) GetAllowedConnectors() []string {
type UpdateClientResp (line 584) | type UpdateClientResp struct
method Reset (line 591) | func (x *UpdateClientResp) Reset() {
method String (line 598) | func (x *UpdateClientResp) String() string {
method ProtoMessage (line 602) | func (*UpdateClientResp) ProtoMessage() {}
method ProtoReflect (line 604) | func (x *UpdateClientResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 617) | func (*UpdateClientResp) Descriptor() ([]byte, []int) {
method GetNotFound (line 621) | func (x *UpdateClientResp) GetNotFound() bool {
type ListClientReq (line 629) | type ListClientReq struct
method Reset (line 635) | func (x *ListClientReq) Reset() {
method String (line 642) | func (x *ListClientReq) String() string {
method ProtoMessage (line 646) | func (*ListClientReq) ProtoMessage() {}
method ProtoReflect (line 648) | func (x *ListClientReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 661) | func (*ListClientReq) Descriptor() ([]byte, []int) {
type ListClientResp (line 666) | type ListClientResp struct
method Reset (line 673) | func (x *ListClientResp) Reset() {
method String (line 680) | func (x *ListClientResp) String() string {
method ProtoMessage (line 684) | func (*ListClientResp) ProtoMessage() {}
method ProtoReflect (line 686) | func (x *ListClientResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 699) | func (*ListClientResp) Descriptor() ([]byte, []int) {
method GetClients (line 703) | func (x *ListClientResp) GetClients() []*ClientInfo {
type Password (line 711) | type Password struct
method Reset (line 722) | func (x *Password) Reset() {
method String (line 729) | func (x *Password) String() string {
method ProtoMessage (line 733) | func (*Password) ProtoMessage() {}
method ProtoReflect (line 735) | func (x *Password) ProtoReflect() protoreflect.Message {
method Descriptor (line 748) | func (*Password) Descriptor() ([]byte, []int) {
method GetEmail (line 752) | func (x *Password) GetEmail() string {
method GetHash (line 759) | func (x *Password) GetHash() []byte {
method GetUsername (line 766) | func (x *Password) GetUsername() string {
method GetUserId (line 773) | func (x *Password) GetUserId() string {
type CreatePasswordReq (line 781) | type CreatePasswordReq struct
method Reset (line 788) | func (x *CreatePasswordReq) Reset() {
method String (line 795) | func (x *CreatePasswordReq) String() string {
method ProtoMessage (line 799) | func (*CreatePasswordReq) ProtoMessage() {}
method ProtoReflect (line 801) | func (x *CreatePasswordReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 814) | func (*CreatePasswordReq) Descriptor() ([]byte, []int) {
method GetPassword (line 818) | func (x *CreatePasswordReq) GetPassword() *Password {
type CreatePasswordResp (line 826) | type CreatePasswordResp struct
method Reset (line 833) | func (x *CreatePasswordResp) Reset() {
method String (line 840) | func (x *CreatePasswordResp) String() string {
method ProtoMessage (line 844) | func (*CreatePasswordResp) ProtoMessage() {}
method ProtoReflect (line 846) | func (x *CreatePasswordResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 859) | func (*CreatePasswordResp) Descriptor() ([]byte, []int) {
method GetAlreadyExists (line 863) | func (x *CreatePasswordResp) GetAlreadyExists() bool {
type UpdatePasswordReq (line 871) | type UpdatePasswordReq struct
method Reset (line 881) | func (x *UpdatePasswordReq) Reset() {
method String (line 888) | func (x *UpdatePasswordReq) String() string {
method ProtoMessage (line 892) | func (*UpdatePasswordReq) ProtoMessage() {}
method ProtoReflect (line 894) | func (x *UpdatePasswordReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 907) | func (*UpdatePasswordReq) Descriptor() ([]byte, []int) {
method GetEmail (line 911) | func (x *UpdatePasswordReq) GetEmail() string {
method GetNewHash (line 918) | func (x *UpdatePasswordReq) GetNewHash() []byte {
method GetNewUsername (line 925) | func (x *UpdatePasswordReq) GetNewUsername() string {
type UpdatePasswordResp (line 933) | type UpdatePasswordResp struct
method Reset (line 940) | func (x *UpdatePasswordResp) Reset() {
method String (line 947) | func (x *UpdatePasswordResp) String() string {
method ProtoMessage (line 951) | func (*UpdatePasswordResp) ProtoMessage() {}
method ProtoReflect (line 953) | func (x *UpdatePasswordResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 966) | func (*UpdatePasswordResp) Descriptor() ([]byte, []int) {
method GetNotFound (line 970) | func (x *UpdatePasswordResp) GetNotFound() bool {
type DeletePasswordReq (line 978) | type DeletePasswordReq struct
method Reset (line 985) | func (x *DeletePasswordReq) Reset() {
method String (line 992) | func (x *DeletePasswordReq) String() string {
method ProtoMessage (line 996) | func (*DeletePasswordReq) ProtoMessage() {}
method ProtoReflect (line 998) | func (x *DeletePasswordReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 1011) | func (*DeletePasswordReq) Descriptor() ([]byte, []int) {
method GetEmail (line 1015) | func (x *DeletePasswordReq) GetEmail() string {
type DeletePasswordResp (line 1023) | type DeletePasswordResp struct
method Reset (line 1030) | func (x *DeletePasswordResp) Reset() {
method String (line 1037) | func (x *DeletePasswordResp) String() string {
method ProtoMessage (line 1041) | func (*DeletePasswordResp) ProtoMessage() {}
method ProtoReflect (line 1043) | func (x *DeletePasswordResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 1056) | func (*DeletePasswordResp) Descriptor() ([]byte, []int) {
method GetNotFound (line 1060) | func (x *DeletePasswordResp) GetNotFound() bool {
type ListPasswordReq (line 1068) | type ListPasswordReq struct
method Reset (line 1074) | func (x *ListPasswordReq) Reset() {
method String (line 1081) | func (x *ListPasswordReq) String() string {
method ProtoMessage (line 1085) | func (*ListPasswordReq) ProtoMessage() {}
method ProtoReflect (line 1087) | func (x *ListPasswordReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 1100) | func (*ListPasswordReq) Descriptor() ([]byte, []int) {
type ListPasswordResp (line 1105) | type ListPasswordResp struct
method Reset (line 1112) | func (x *ListPasswordResp) Reset() {
method String (line 1119) | func (x *ListPasswordResp) String() string {
method ProtoMessage (line 1123) | func (*ListPasswordResp) ProtoMessage() {}
method ProtoReflect (line 1125) | func (x *ListPasswordResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 1138) | func (*ListPasswordResp) Descriptor() ([]byte, []int) {
method GetPasswords (line 1142) | func (x *ListPasswordResp) GetPasswords() []*Password {
type Connector (line 1150) | type Connector struct
method Reset (line 1161) | func (x *Connector) Reset() {
method String (line 1168) | func (x *Connector) String() string {
method ProtoMessage (line 1172) | func (*Connector) ProtoMessage() {}
method ProtoReflect (line 1174) | func (x *Connector) ProtoReflect() protoreflect.Message {
method Descriptor (line 1187) | func (*Connector) Descriptor() ([]byte, []int) {
method GetId (line 1191) | func (x *Connector) GetId() string {
method GetType (line 1198) | func (x *Connector) GetType() string {
method GetName (line 1205) | func (x *Connector) GetName() string {
method GetConfig (line 1212) | func (x *Connector) GetConfig() []byte {
method GetGrantTypes (line 1219) | func (x *Connector) GetGrantTypes() []string {
type CreateConnectorReq (line 1227) | type CreateConnectorReq struct
method Reset (line 1234) | func (x *CreateConnectorReq) Reset() {
method String (line 1241) | func (x *CreateConnectorReq) String() string {
method ProtoMessage (line 1245) | func (*CreateConnectorReq) ProtoMessage() {}
method ProtoReflect (line 1247) | func (x *CreateConnectorReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 1260) | func (*CreateConnectorReq) Descriptor() ([]byte, []int) {
method GetConnector (line 1264) | func (x *CreateConnectorReq) GetConnector() *Connector {
type CreateConnectorResp (line 1272) | type CreateConnectorResp struct
method Reset (line 1279) | func (x *CreateConnectorResp) Reset() {
method String (line 1286) | func (x *CreateConnectorResp) String() string {
method ProtoMessage (line 1290) | func (*CreateConnectorResp) ProtoMessage() {}
method ProtoReflect (line 1292) | func (x *CreateConnectorResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 1305) | func (*CreateConnectorResp) Descriptor() ([]byte, []int) {
method GetAlreadyExists (line 1309) | func (x *CreateConnectorResp) GetAlreadyExists() bool {
type GrantTypes (line 1318) | type GrantTypes struct
method Reset (line 1325) | func (x *GrantTypes) Reset() {
method String (line 1332) | func (x *GrantTypes) String() string {
method ProtoMessage (line 1336) | func (*GrantTypes) ProtoMessage() {}
method ProtoReflect (line 1338) | func (x *GrantTypes) ProtoReflect() protoreflect.Message {
method Descriptor (line 1351) | func (*GrantTypes) Descriptor() ([]byte, []int) {
method GetGrantTypes (line 1355) | func (x *GrantTypes) GetGrantTypes() []string {
type UpdateConnectorReq (line 1363) | type UpdateConnectorReq struct
method Reset (line 1378) | func (x *UpdateConnectorReq) Reset() {
method String (line 1385) | func (x *UpdateConnectorReq) String() string {
method ProtoMessage (line 1389) | func (*UpdateConnectorReq) ProtoMessage() {}
method ProtoReflect (line 1391) | func (x *UpdateConnectorReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 1404) | func (*UpdateConnectorReq) Descriptor() ([]byte, []int) {
method GetId (line 1408) | func (x *UpdateConnectorReq) GetId() string {
method GetNewType (line 1415) | func (x *UpdateConnectorReq) GetNewType() string {
method GetNewName (line 1422) | func (x *UpdateConnectorReq) GetNewName() string {
method GetNewConfig (line 1429) | func (x *UpdateConnectorReq) GetNewConfig() []byte {
method GetNewGrantTypes (line 1436) | func (x *UpdateConnectorReq) GetNewGrantTypes() *GrantTypes {
type UpdateConnectorResp (line 1444) | type UpdateConnectorResp struct
method Reset (line 1451) | func (x *UpdateConnectorResp) Reset() {
method String (line 1458) | func (x *UpdateConnectorResp) String() string {
method ProtoMessage (line 1462) | func (*UpdateConnectorResp) ProtoMessage() {}
method ProtoReflect (line 1464) | func (x *UpdateConnectorResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 1477) | func (*UpdateConnectorResp) Descriptor() ([]byte, []int) {
method GetNotFound (line 1481) | func (x *UpdateConnectorResp) GetNotFound() bool {
type DeleteConnectorReq (line 1489) | type DeleteConnectorReq struct
method Reset (line 1496) | func (x *DeleteConnectorReq) Reset() {
method String (line 1503) | func (x *DeleteConnectorReq) String() string {
method ProtoMessage (line 1507) | func (*DeleteConnectorReq) ProtoMessage() {}
method ProtoReflect (line 1509) | func (x *DeleteConnectorReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 1522) | func (*DeleteConnectorReq) Descriptor() ([]byte, []int) {
method GetId (line 1526) | func (x *DeleteConnectorReq) GetId() string {
type DeleteConnectorResp (line 1534) | type DeleteConnectorResp struct
method Reset (line 1541) | func (x *DeleteConnectorResp) Reset() {
method String (line 1548) | func (x *DeleteConnectorResp) String() string {
method ProtoMessage (line 1552) | func (*DeleteConnectorResp) ProtoMessage() {}
method ProtoReflect (line 1554) | func (x *DeleteConnectorResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 1567) | func (*DeleteConnectorResp) Descriptor() ([]byte, []int) {
method GetNotFound (line 1571) | func (x *DeleteConnectorResp) GetNotFound() bool {
type ListConnectorReq (line 1579) | type ListConnectorReq struct
method Reset (line 1585) | func (x *ListConnectorReq) Reset() {
method String (line 1592) | func (x *ListConnectorReq) String() string {
method ProtoMessage (line 1596) | func (*ListConnectorReq) ProtoMessage() {}
method ProtoReflect (line 1598) | func (x *ListConnectorReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 1611) | func (*ListConnectorReq) Descriptor() ([]byte, []int) {
type ListConnectorResp (line 1616) | type ListConnectorResp struct
method Reset (line 1623) | func (x *ListConnectorResp) Reset() {
method String (line 1630) | func (x *ListConnectorResp) String() string {
method ProtoMessage (line 1634) | func (*ListConnectorResp) ProtoMessage() {}
method ProtoReflect (line 1636) | func (x *ListConnectorResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 1649) | func (*ListConnectorResp) Descriptor() ([]byte, []int) {
method GetConnectors (line 1653) | func (x *ListConnectorResp) GetConnectors() []*Connector {
type VersionReq (line 1661) | type VersionReq struct
method Reset (line 1667) | func (x *VersionReq) Reset() {
method String (line 1674) | func (x *VersionReq) String() string {
method ProtoMessage (line 1678) | func (*VersionReq) ProtoMessage() {}
method ProtoReflect (line 1680) | func (x *VersionReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 1693) | func (*VersionReq) Descriptor() ([]byte, []int) {
type VersionResp (line 1698) | type VersionResp struct
method Reset (line 1709) | func (x *VersionResp) Reset() {
method String (line 1716) | func (x *VersionResp) String() string {
method ProtoMessage (line 1720) | func (*VersionResp) ProtoMessage() {}
method ProtoReflect (line 1722) | func (x *VersionResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 1735) | func (*VersionResp) Descriptor() ([]byte, []int) {
method GetServer (line 1739) | func (x *VersionResp) GetServer() string {
method GetApi (line 1746) | func (x *VersionResp) GetApi() int32 {
type DiscoveryReq (line 1754) | type DiscoveryReq struct
method Reset (line 1760) | func (x *DiscoveryReq) Reset() {
method String (line 1767) | func (x *DiscoveryReq) String() string {
method ProtoMessage (line 1771) | func (*DiscoveryReq) ProtoMessage() {}
method ProtoReflect (line 1773) | func (x *DiscoveryReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 1786) | func (*DiscoveryReq) Descriptor() ([]byte, []int) {
type DiscoveryResp (line 1791) | type DiscoveryResp struct
method Reset (line 1812) | func (x *DiscoveryResp) Reset() {
method String (line 1819) | func (x *DiscoveryResp) String() string {
method ProtoMessage (line 1823) | func (*DiscoveryResp) ProtoMessage() {}
method ProtoReflect (line 1825) | func (x *DiscoveryResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 1838) | func (*DiscoveryResp) Descriptor() ([]byte, []int) {
method GetIssuer (line 1842) | func (x *DiscoveryResp) GetIssuer() string {
method GetAuthorizationEndpoint (line 1849) | func (x *DiscoveryResp) GetAuthorizationEndpoint() string {
method GetTokenEndpoint (line 1856) | func (x *DiscoveryResp) GetTokenEndpoint() string {
method GetJwksUri (line 1863) | func (x *DiscoveryResp) GetJwksUri() string {
method GetUserinfoEndpoint (line 1870) | func (x *DiscoveryResp) GetUserinfoEndpoint() string {
method GetDeviceAuthorizationEndpoint (line 1877) | func (x *DiscoveryResp) GetDeviceAuthorizationEndpoint() string {
method GetIntrospectionEndpoint (line 1884) | func (x *DiscoveryResp) GetIntrospectionEndpoint() string {
method GetGrantTypesSupported (line 1891) | func (x *DiscoveryResp) GetGrantTypesSupported() []string {
method GetResponseTypesSupported (line 1898) | func (x *DiscoveryResp) GetResponseTypesSupported() []string {
method GetSubjectTypesSupported (line 1905) | func (x *DiscoveryResp) GetSubjectTypesSupported() []string {
method GetIdTokenSigningAlgValuesSupported (line 1912) | func (x *DiscoveryResp) GetIdTokenSigningAlgValuesSupported() []string {
method GetCodeChallengeMethodsSupported (line 1919) | func (x *DiscoveryResp) GetCodeChallengeMethodsSupported() []string {
method GetScopesSupported (line 1926) | func (x *DiscoveryResp) GetScopesSupported() []string {
method GetTokenEndpointAuthMethodsSupported (line 1933) | func (x *DiscoveryResp) GetTokenEndpointAuthMethodsSupported() []string {
method GetClaimsSupported (line 1940) | func (x *DiscoveryResp) GetClaimsSupported() []string {
type RefreshTokenRef (line 1948) | type RefreshTokenRef struct
method Reset (line 1959) | func (x *RefreshTokenRef) Reset() {
method String (line 1966) | func (x *RefreshTokenRef) String() string {
method ProtoMessage (line 1970) | func (*RefreshTokenRef) ProtoMessage() {}
method ProtoReflect (line 1972) | func (x *RefreshTokenRef) ProtoReflect() protoreflect.Message {
method Descriptor (line 1985) | func (*RefreshTokenRef) Descriptor() ([]byte, []int) {
method GetId (line 1989) | func (x *RefreshTokenRef) GetId() string {
method GetClientId (line 1996) | func (x *RefreshTokenRef) GetClientId() string {
method GetCreatedAt (line 2003) | func (x *RefreshTokenRef) GetCreatedAt() int64 {
method GetLastUsed (line 2010) | func (x *RefreshTokenRef) GetLastUsed() int64 {
type ListRefreshReq (line 2018) | type ListRefreshReq struct
method Reset (line 2026) | func (x *ListRefreshReq) Reset() {
method String (line 2033) | func (x *ListRefreshReq) String() string {
method ProtoMessage (line 2037) | func (*ListRefreshReq) ProtoMessage() {}
method ProtoReflect (line 2039) | func (x *ListRefreshReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 2052) | func (*ListRefreshReq) Descriptor() ([]byte, []int) {
method GetUserId (line 2056) | func (x *ListRefreshReq) GetUserId() string {
type ListRefreshResp (line 2064) | type ListRefreshResp struct
method Reset (line 2071) | func (x *ListRefreshResp) Reset() {
method String (line 2078) | func (x *ListRefreshResp) String() string {
method ProtoMessage (line 2082) | func (*ListRefreshResp) ProtoMessage() {}
method ProtoReflect (line 2084) | func (x *ListRefreshResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 2097) | func (*ListRefreshResp) Descriptor() ([]byte, []int) {
method GetRefreshTokens (line 2101) | func (x *ListRefreshResp) GetRefreshTokens() []*RefreshTokenRef {
type RevokeRefreshReq (line 2109) | type RevokeRefreshReq struct
method Reset (line 2118) | func (x *RevokeRefreshReq) Reset() {
method String (line 2125) | func (x *RevokeRefreshReq) String() string {
method ProtoMessage (line 2129) | func (*RevokeRefreshReq) ProtoMessage() {}
method ProtoReflect (line 2131) | func (x *RevokeRefreshReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 2144) | func (*RevokeRefreshReq) Descriptor() ([]byte, []int) {
method GetUserId (line 2148) | func (x *RevokeRefreshReq) GetUserId() string {
method GetClientId (line 2155) | func (x *RevokeRefreshReq) GetClientId() string {
type RevokeRefreshResp (line 2163) | type RevokeRefreshResp struct
method Reset (line 2171) | func (x *RevokeRefreshResp) Reset() {
method String (line 2178) | func (x *RevokeRefreshResp) String() string {
method ProtoMessage (line 2182) | func (*RevokeRefreshResp) ProtoMessage() {}
method ProtoReflect (line 2184) | func (x *RevokeRefreshResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 2197) | func (*RevokeRefreshResp) Descriptor() ([]byte, []int) {
method GetNotFound (line 2201) | func (x *RevokeRefreshResp) GetNotFound() bool {
type VerifyPasswordReq (line 2208) | type VerifyPasswordReq struct
method Reset (line 2216) | func (x *VerifyPasswordReq) Reset() {
method String (line 2223) | func (x *VerifyPasswordReq) String() string {
method ProtoMessage (line 2227) | func (*VerifyPasswordReq) ProtoMessage() {}
method ProtoReflect (line 2229) | func (x *VerifyPasswordReq) ProtoReflect() protoreflect.Message {
method Descriptor (line 2242) | func (*VerifyPasswordReq) Descriptor() ([]byte, []int) {
method GetEmail (line 2246) | func (x *VerifyPasswordReq) GetEmail() string {
method GetPassword (line 2253) | func (x *VerifyPasswordReq) GetPassword() string {
type VerifyPasswordResp (line 2260) | type VerifyPasswordResp struct
method Reset (line 2268) | func (x *VerifyPasswordResp) Reset() {
method String (line 2275) | func (x *VerifyPasswordResp) String() string {
method ProtoMessage (line 2279) | func (*VerifyPasswordResp) ProtoMessage() {}
method ProtoReflect (line 2281) | func (x *VerifyPasswordResp) ProtoReflect() protoreflect.Message {
method Descriptor (line 2294) | func (*VerifyPasswordResp) Descriptor() ([]byte, []int) {
method GetVerified (line 2298) | func (x *VerifyPasswordResp) GetVerified() bool {
method GetNotFound (line 2305) | func (x *VerifyPasswordResp) GetNotFound() bool {
function file_api_v2_api_proto_rawDescGZIP (line 2640) | func file_api_v2_api_proto_rawDescGZIP() []byte {
function init (line 2746) | func init() { file_api_v2_api_proto_init() }
function file_api_v2_api_proto_init (line 2747) | func file_api_v2_api_proto_init() {
FILE: api/v2/api_grpc.pb.go
constant _ (line 19) | _ = grpc.SupportPackageIsVersion9
constant Dex_GetClient_FullMethodName (line 22) | Dex_GetClient_FullMethodName = "/api.Dex/GetClient"
constant Dex_CreateClient_FullMethodName (line 23) | Dex_CreateClient_FullMethodName = "/api.Dex/CreateClient"
constant Dex_UpdateClient_FullMethodName (line 24) | Dex_UpdateClient_FullMethodName = "/api.Dex/UpdateClient"
constant Dex_DeleteClient_FullMethodName (line 25) | Dex_DeleteClient_FullMethodName = "/api.Dex/DeleteClient"
constant Dex_ListClients_FullMethodName (line 26) | Dex_ListClients_FullMethodName = "/api.Dex/ListClients"
constant Dex_CreatePassword_FullMethodName (line 27) | Dex_CreatePassword_FullMethodName = "/api.Dex/CreatePassword"
constant Dex_UpdatePassword_FullMethodName (line 28) | Dex_UpdatePassword_FullMethodName = "/api.Dex/UpdatePassword"
constant Dex_DeletePassword_FullMethodName (line 29) | Dex_DeletePassword_FullMethodName = "/api.Dex/DeletePassword"
constant Dex_ListPasswords_FullMethodName (line 30) | Dex_ListPasswords_FullMethodName = "/api.Dex/ListPasswords"
constant Dex_CreateConnector_FullMethodName (line 31) | Dex_CreateConnector_FullMethodName = "/api.Dex/CreateConnector"
constant Dex_UpdateConnector_FullMethodName (line 32) | Dex_UpdateConnector_FullMethodName = "/api.Dex/UpdateConnector"
constant Dex_DeleteConnector_FullMethodName (line 33) | Dex_DeleteConnector_FullMethodName = "/api.Dex/DeleteConnector"
constant Dex_ListConnectors_FullMethodName (line 34) | Dex_ListConnectors_FullMethodName = "/api.Dex/ListConnectors"
constant Dex_GetVersion_FullMethodName (line 35) | Dex_GetVersion_FullMethodName = "/api.Dex/GetVersion"
constant Dex_GetDiscovery_FullMethodName (line 36) | Dex_GetDiscovery_FullMethodName = "/api.Dex/GetDiscovery"
constant Dex_ListRefresh_FullMethodName (line 37) | Dex_ListRefresh_FullMethodName = "/api.Dex/ListRefresh"
constant Dex_RevokeRefresh_FullMethodName (line 38) | Dex_RevokeRefresh_FullMethodName = "/api.Dex/RevokeRefresh"
constant Dex_VerifyPassword_FullMethodName (line 39) | Dex_VerifyPassword_FullMethodName = "/api.Dex/VerifyPassword"
type DexClient (line 47) | type DexClient interface
type dexClient (line 88) | type dexClient struct
method GetClient (line 96) | func (c *dexClient) GetClient(ctx context.Context, in *GetClientReq, o...
method CreateClient (line 106) | func (c *dexClient) CreateClient(ctx context.Context, in *CreateClient...
method UpdateClient (line 116) | func (c *dexClient) UpdateClient(ctx context.Context, in *UpdateClient...
method DeleteClient (line 126) | func (c *dexClient) DeleteClient(ctx context.Context, in *DeleteClient...
method ListClients (line 136) | func (c *dexClient) ListClients(ctx context.Context, in *ListClientReq...
method CreatePassword (line 146) | func (c *dexClient) CreatePassword(ctx context.Context, in *CreatePass...
method UpdatePassword (line 156) | func (c *dexClient) UpdatePassword(ctx context.Context, in *UpdatePass...
method DeletePassword (line 166) | func (c *dexClient) DeletePassword(ctx context.Context, in *DeletePass...
method ListPasswords (line 176) | func (c *dexClient) ListPasswords(ctx context.Context, in *ListPasswor...
method CreateConnector (line 186) | func (c *dexClient) CreateConnector(ctx context.Context, in *CreateCon...
method UpdateConnector (line 196) | func (c *dexClient) UpdateConnector(ctx context.Context, in *UpdateCon...
method DeleteConnector (line 206) | func (c *dexClient) DeleteConnector(ctx context.Context, in *DeleteCon...
method ListConnectors (line 216) | func (c *dexClient) ListConnectors(ctx context.Context, in *ListConnec...
method GetVersion (line 226) | func (c *dexClient) GetVersion(ctx context.Context, in *VersionReq, op...
method GetDiscovery (line 236) | func (c *dexClient) GetDiscovery(ctx context.Context, in *DiscoveryReq...
method ListRefresh (line 246) | func (c *dexClient) ListRefresh(ctx context.Context, in *ListRefreshRe...
method RevokeRefresh (line 256) | func (c *dexClient) RevokeRefresh(ctx context.Context, in *RevokeRefre...
method VerifyPassword (line 266) | func (c *dexClient) VerifyPassword(ctx context.Context, in *VerifyPass...
function NewDexClient (line 92) | func NewDexClient(cc grpc.ClientConnInterface) DexClient {
type DexServer (line 281) | type DexServer interface
type UnimplementedDexServer (line 328) | type UnimplementedDexServer struct
method GetClient (line 330) | func (UnimplementedDexServer) GetClient(context.Context, *GetClientReq...
method CreateClient (line 333) | func (UnimplementedDexServer) CreateClient(context.Context, *CreateCli...
method UpdateClient (line 336) | func (UnimplementedDexServer) UpdateClient(context.Context, *UpdateCli...
method DeleteClient (line 339) | func (UnimplementedDexServer) DeleteClient(context.Context, *DeleteCli...
method ListClients (line 342) | func (UnimplementedDexServer) ListClients(context.Context, *ListClient...
method CreatePassword (line 345) | func (UnimplementedDexServer) CreatePassword(context.Context, *CreateP...
method UpdatePassword (line 348) | func (UnimplementedDexServer) UpdatePassword(context.Context, *UpdateP...
method DeletePassword (line 351) | func (UnimplementedDexServer) DeletePassword(context.Context, *DeleteP...
method ListPasswords (line 354) | func (UnimplementedDexServer) ListPasswords(context.Context, *ListPass...
method CreateConnector (line 357) | func (UnimplementedDexServer) CreateConnector(context.Context, *Create...
method UpdateConnector (line 360) | func (UnimplementedDexServer) UpdateConnector(context.Context, *Update...
method DeleteConnector (line 363) | func (UnimplementedDexServer) DeleteConnector(context.Context, *Delete...
method ListConnectors (line 366) | func (UnimplementedDexServer) ListConnectors(context.Context, *ListCon...
method GetVersion (line 369) | func (UnimplementedDexServer) GetVersion(context.Context, *VersionReq)...
method GetDiscovery (line 372) | func (UnimplementedDexServer) GetDiscovery(context.Context, *Discovery...
method ListRefresh (line 375) | func (UnimplementedDexServer) ListRefresh(context.Context, *ListRefres...
method RevokeRefresh (line 378) | func (UnimplementedDexServer) RevokeRefresh(context.Context, *RevokeRe...
method VerifyPassword (line 381) | func (UnimplementedDexServer) VerifyPassword(context.Context, *VerifyP...
method mustEmbedUnimplementedDexServer (line 384) | func (UnimplementedDexServer) mustEmbedUnimplementedDexServer() {}
method testEmbeddedByValue (line 385) | func (UnimplementedDexServer) testEmbeddedByValue() {}
type UnsafeDexServer (line 390) | type UnsafeDexServer interface
function RegisterDexServer (line 394) | func RegisterDexServer(s grpc.ServiceRegistrar, srv DexServer) {
function _Dex_GetClient_Handler (line 405) | func _Dex_GetClient_Handler(srv interface{}, ctx context.Context, dec fu...
function _Dex_CreateClient_Handler (line 423) | func _Dex_CreateClient_Handler(srv interface{}, ctx context.Context, dec...
function _Dex_UpdateClient_Handler (line 441) | func _Dex_UpdateClient_Handler(srv interface{}, ctx context.Context, dec...
function _Dex_DeleteClient_Handler (line 459) | func _Dex_DeleteClient_Handler(srv interface{}, ctx context.Context, dec...
function _Dex_ListClients_Handler (line 477) | func _Dex_ListClients_Handler(srv interface{}, ctx context.Context, dec ...
function _Dex_CreatePassword_Handler (line 495) | func _Dex_CreatePassword_Handler(srv interface{}, ctx context.Context, d...
function _Dex_UpdatePassword_Handler (line 513) | func _Dex_UpdatePassword_Handler(srv interface{}, ctx context.Context, d...
function _Dex_DeletePassword_Handler (line 531) | func _Dex_DeletePassword_Handler(srv interface{}, ctx context.Context, d...
function _Dex_ListPasswords_Handler (line 549) | func _Dex_ListPasswords_Handler(srv interface{}, ctx context.Context, de...
function _Dex_CreateConnector_Handler (line 567) | func _Dex_CreateConnector_Handler(srv interface{}, ctx context.Context, ...
function _Dex_UpdateConnector_Handler (line 585) | func _Dex_UpdateConnector_Handler(srv interface{}, ctx context.Context, ...
function _Dex_DeleteConnector_Handler (line 603) | func _Dex_DeleteConnector_Handler(srv interface{}, ctx context.Context, ...
function _Dex_ListConnectors_Handler (line 621) | func _Dex_ListConnectors_Handler(srv interface{}, ctx context.Context, d...
function _Dex_GetVersion_Handler (line 639) | func _Dex_GetVersion_Handler(srv interface{}, ctx context.Context, dec f...
function _Dex_GetDiscovery_Handler (line 657) | func _Dex_GetDiscovery_Handler(srv interface{}, ctx context.Context, dec...
function _Dex_ListRefresh_Handler (line 675) | func _Dex_ListRefresh_Handler(srv interface{}, ctx context.Context, dec ...
function _Dex_RevokeRefresh_Handler (line 693) | func _Dex_RevokeRefresh_Handler(srv interface{}, ctx context.Context, de...
function _Dex_VerifyPassword_Handler (line 711) | func _Dex_VerifyPassword_Handler(srv interface{}, ctx context.Context, d...
FILE: cmd/dex/config.go
function configUnmarshaller (line 27) | func configUnmarshaller(b []byte, v interface{}) error {
type Config (line 37) | type Config struct
method Validate (line 88) | func (c Config) Validate() error {
method validateMFA (line 135) | func (c Config) validateMFA() error {
type MFAConfig (line 78) | type MFAConfig struct
type password (line 179) | type password
method UnmarshalJSON (line 181) | func (p *password) UnmarshalJSON(b []byte) error {
type OAuth2 (line 232) | type OAuth2 struct
type PKCE (line 250) | type PKCE struct
type Web (line 258) | type Web struct
type ClientRemoteIP (line 271) | type ClientRemoteIP struct
method ParseTrustedProxies (line 276) | func (cr *ClientRemoteIP) ParseTrustedProxies() ([]netip.Prefix, error) {
type Headers (line 293) | type Headers struct
method ToHTTPHeader (line 316) | func (h *Headers) ToHTTPHeader() http.Header {
type Telemetry (line 340) | type Telemetry struct
type GRPC (line 347) | type GRPC struct
type Storage (line 359) | type Storage struct
method UnmarshalJSON (line 422) | func (s *Storage) UnmarshalJSON(b []byte) error {
type StorageConfig (line 365) | type StorageConfig interface
function getORMBasedSQLStorage (line 381) | func getORMBasedSQLStorage(normal, entBased func() StorageConfig) func()...
function expandEnvInMap (line 392) | func expandEnvInMap(m map[string]interface{}) {
type Signer (line 469) | type Signer struct
method UnmarshalJSON (line 489) | func (s *Signer) UnmarshalJSON(b []byte) error {
type SignerConfig (line 475) | type SignerConfig interface
type Connector (line 538) | type Connector struct
method UnmarshalJSON (line 549) | func (c *Connector) UnmarshalJSON(b []byte) error {
function ToStorageConnector (line 604) | func ToStorageConnector(c Connector) (storage.Connector, error) {
type Expiry (line 620) | type Expiry struct
type Logger (line 638) | type Logger struct
type RefreshToken (line 652) | type RefreshToken struct
type Sessions (line 660) | type Sessions struct
type MFAAuthenticator (line 672) | type MFAAuthenticator struct
type TOTPConfig (line 683) | type TOTPConfig struct
FILE: cmd/dex/config_test.go
function boolPtr (line 22) | func boolPtr(v bool) *bool {
function TestValidConfiguration (line 26) | func TestValidConfiguration(t *testing.T) {
function TestInvalidConfiguration (line 53) | func TestInvalidConfiguration(t *testing.T) {
function TestUnmarshalConfig (line 69) | func TestUnmarshalConfig(t *testing.T) {
function TestUnmarshalConfigWithEnvNoExpand (line 269) | func TestUnmarshalConfigWithEnvNoExpand(t *testing.T) {
function TestUnmarshalConfigWithEnvExpand (line 281) | func TestUnmarshalConfigWithEnvExpand(t *testing.T) {
function checkUnmarshalConfigWithEnv (line 297) | func checkUnmarshalConfigWithEnv(t *testing.T, dexExpandEnv string, want...
function TestSignerConfigUnmarshal (line 482) | func TestSignerConfigUnmarshal(t *testing.T) {
FILE: cmd/dex/excluding_handler.go
type excludingHandler (line 12) | type excludingHandler struct
method Enabled (line 28) | func (h *excludingHandler) Enabled(ctx context.Context, level slog.Lev...
method Handle (line 32) | func (h *excludingHandler) Handle(ctx context.Context, record slog.Rec...
method WithAttrs (line 44) | func (h *excludingHandler) WithAttrs(attrs []slog.Attr) slog.Handler {
method WithGroup (line 54) | func (h *excludingHandler) WithGroup(name string) slog.Handler {
function newExcludingHandler (line 17) | func newExcludingHandler(inner slog.Handler, fields []string) slog.Handl...
FILE: cmd/dex/excluding_handler_test.go
function TestExcludingHandler (line 11) | func TestExcludingHandler(t *testing.T) {
function TestExcludingHandlerWithAttrs (line 92) | func TestExcludingHandlerWithAttrs(t *testing.T) {
function TestExcludingHandlerEnabled (line 115) | func TestExcludingHandlerEnabled(t *testing.T) {
function TestExcludingHandlerNilFields (line 127) | func TestExcludingHandlerNilFields(t *testing.T) {
FILE: cmd/dex/logger.go
function newLogger (line 15) | func newLogger(level slog.Level, format string, excludeFields []string) ...
type requestContextHandler (line 37) | type requestContextHandler struct
method Enabled (line 47) | func (h requestContextHandler) Enabled(ctx context.Context, level slog...
method Handle (line 51) | func (h requestContextHandler) Handle(ctx context.Context, record slog...
method WithAttrs (line 63) | func (h requestContextHandler) WithAttrs(attrs []slog.Attr) slog.Handl...
method WithGroup (line 67) | func (h requestContextHandler) WithGroup(name string) slog.Handler {
function newRequestContextHandler (line 41) | func newRequestContextHandler(handler slog.Handler) slog.Handler {
FILE: cmd/dex/main.go
function commandRoot (line 10) | func commandRoot() *cobra.Command {
function main (line 23) | func main() {
FILE: cmd/dex/serve.go
type serveOptions (line 45) | type serveOptions struct
function commandServe (line 65) | func commandServe() *cobra.Command {
function runServe (line 93) | func runServe(options serveOptions) error {
function applyConfigOverrides (line 620) | func applyConfigOverrides(options serveOptions, config *Config) {
function pprofHandler (line 656) | func pprofHandler(router *http.ServeMux) {
function newTLSReloader (line 666) | func newTLSReloader(logger *slog.Logger, certFile, keyFile, caFile strin...
function loadTLSConfig (line 751) | func loadTLSConfig(certFile, keyFile, caFile string, baseConfig *tls.Con...
function recordBuildInfo (line 775) | func recordBuildInfo() {
function parseSessionConfig (line 779) | func parseSessionConfig(s *Sessions) (*server.SessionConfig, error) {
function buildMFAProviders (line 820) | func buildMFAProviders(authenticators []MFAAuthenticator, logger *slog.L...
FILE: cmd/dex/serve_test.go
function TestNewLogger (line 10) | func TestNewLogger(t *testing.T) {
FILE: cmd/dex/version.go
function commandVersion (line 12) | func commandVersion() *cobra.Command {
FILE: cmd/docker-entrypoint/main.go
function main (line 16) | func main() {
function realExec (line 31) | func realExec(args ...string) error {
function realWhich (line 44) | func realWhich(path string) string {
function realGomplate (line 52) | func realGomplate(path string) (string, error) {
function run (line 71) | func run(args []string, execFunc func(...string) error, whichFunc func(s...
function hasSuffixes (line 97) | func hasSuffixes(s string, suffixes ...string) bool {
FILE: cmd/docker-entrypoint/main_test.go
type execArgs (line 8) | type execArgs struct
function TestRun (line 13) | func TestRun(t *testing.T) {
function execArgsMatch (line 94) | func execArgsMatch(wantExecArgs execArgs, gomplate bool, gotExecArgs []s...
FILE: connector/atlassiancrowd/atlassiancrowd.go
type Config (line 38) | type Config struct
method Open (line 83) | func (c *Config) Open(id string, logger *slog.Logger) (connector.Conne...
type crowdUser (line 55) | type crowdUser struct
type crowdGroups (line 62) | type crowdGroups struct
type crowdAuthentication (line 68) | type crowdAuthentication struct
type crowdAuthenticationError (line 77) | type crowdAuthenticationError struct
type crowdConnector (line 95) | type crowdConnector struct
method Login (line 104) | func (c *crowdConnector) Login(ctx context.Context, s connector.Scopes...
method Refresh (line 149) | func (c *crowdConnector) Refresh(ctx context.Context, s connector.Scop...
method Prompt (line 182) | func (c *crowdConnector) Prompt() string {
method crowdAPIClient (line 186) | func (c *crowdConnector) crowdAPIClient() *http.Client {
method authenticateWithPassword (line 203) | func (c *crowdConnector) authenticateWithPassword(ctx context.Context,...
method authenticateUser (line 250) | func (c *crowdConnector) authenticateUser(ctx context.Context, client ...
method user (line 287) | func (c *crowdConnector) user(ctx context.Context, client *http.Client...
method groups (line 322) | func (c *crowdConnector) groups(ctx context.Context, client *http.Clie...
method identityFromCrowdUser (line 361) | func (c *crowdConnector) identityFromCrowdUser(user crowdUser) connect...
method getGroups (line 386) | func (c *crowdConnector) getGroups(ctx context.Context, client *http.C...
method crowdUserManagementRequest (line 406) | func (c *crowdConnector) crowdUserManagementRequest(ctx context.Contex...
method validateCrowdResponse (line 432) | func (c *crowdConnector) validateCrowdResponse(resp *http.Response) ([...
type refreshData (line 100) | type refreshData struct
FILE: connector/atlassiancrowd/atlassiancrowd_test.go
function TestUserGroups (line 16) | func TestUserGroups(t *testing.T) {
function TestUserGroupsWithFiltering (line 32) | func TestUserGroupsWithFiltering(t *testing.T) {
function TestUserLoginFlow (line 49) | func TestUserLoginFlow(t *testing.T) {
function TestUserPassword (line 79) | func TestUserPassword(t *testing.T) {
function TestIdentityFromCrowdUser (line 102) | func TestIdentityFromCrowdUser(t *testing.T) {
type TestServerResponse (line 144) | type TestServerResponse struct
function newTestCrowdConnector (line 149) | func newTestCrowdConnector(baseURL string) crowdConnector {
function newTestServer (line 156) | func newTestServer(responses map[string]TestServerResponse) *httptest.Se...
function newClient (line 166) | func newClient() *http.Client {
function expectNil (line 173) | func expectNil(t *testing.T, a interface{}) {
function expectEquals (line 179) | func expectEquals(t *testing.T, a interface{}, b interface{}) {
FILE: connector/authproxy/authproxy.go
type Config (line 21) | type Config struct
method Open (line 32) | func (c *Config) Open(id string, logger *slog.Logger) (connector.Conne...
type callback (line 75) | type callback struct
method LoginURL (line 88) | func (m *callback) LoginURL(s connector.Scopes, callbackURL, state str...
method HandleCallback (line 101) | func (m *callback) HandleCallback(s connector.Scopes, _ []byte, r *htt...
FILE: connector/authproxy/authproxy_test.go
constant testEmail (line 13) | testEmail = "testuser@example.com"
constant testGroup1 (line 14) | testGroup1 = "group1"
constant testGroup2 (line 15) | testGroup2 = "group2"
constant testGroup3 (line 16) | testGroup3 = "group 3"
constant testGroup4 (line 17) | testGroup4 = "group 4"
constant testStaticGroup1 (line 18) | testStaticGroup1 = "static1"
constant testStaticGroup2 (line 19) | testStaticGroup2 = "static 2"
constant testUsername (line 20) | testUsername = "Test User"
constant testPreferredUsername (line 21) | testPreferredUsername = "testuser"
constant testUserID (line 22) | testUserID = "1234567890"
function TestUser (line 27) | func TestUser(t *testing.T) {
function TestExtraHeaders (line 50) | func TestExtraHeaders(t *testing.T) {
function TestSingleGroup (line 75) | func TestSingleGroup(t *testing.T) {
function TestMultipleGroup (line 96) | func TestMultipleGroup(t *testing.T) {
function TestMultipleGroupWithCustomSeparator (line 120) | func TestMultipleGroupWithCustomSeparator(t *testing.T) {
function TestStaticGroup (line 146) | func TestStaticGroup(t *testing.T) {
function expectNil (line 174) | func expectNil(t *testing.T, a interface{}) {
function expectEquals (line 180) | func expectEquals(t *testing.T, a interface{}, b interface{}) {
FILE: connector/bitbucketcloud/bitbucketcloud.go
constant apiURL (line 23) | apiURL = "https://api.bitbucket.org/2.0"
constant legacyAPIURL (line 25) | legacyAPIURL = "https://api.bitbucket.org/1.0"
constant scopeAccount (line 27) | scopeAccount = "account"
constant scopeEmail (line 29) | scopeEmail = "email"
constant scopeTeams (line 32) | scopeTeams = "team"
type Config (line 36) | type Config struct
method Open (line 45) | func (c *Config) Open(id string, logger *slog.Logger) (connector.Conne...
type connectorData (line 60) | type connectorData struct
type bitbucketConnector (line 71) | type bitbucketConnector struct
method groupsRequired (line 88) | func (b *bitbucketConnector) groupsRequired(groupScope bool) bool {
method oauth2Config (line 92) | func (b *bitbucketConnector) oauth2Config(scopes connector.Scopes) *oa...
method LoginURL (line 114) | func (b *bitbucketConnector) LoginURL(scopes connector.Scopes, callbac...
method HandleCallback (line 134) | func (b *bitbucketConnector) HandleCallback(s connector.Scopes, connDa...
method Refresh (line 219) | func (b *bitbucketConnector) Refresh(ctx context.Context, s connector....
method user (line 293) | func (b *bitbucketConnector) user(ctx context.Context, client *http.Cl...
method userEmail (line 328) | func (b *bitbucketConnector) userEmail(ctx context.Context, client *ht...
method getGroups (line 353) | func (b *bitbucketConnector) getGroups(ctx context.Context, client *ht...
method userWorkspaces (line 385) | func (b *bitbucketConnector) userWorkspaces(ctx context.Context, clien...
method userTeamGroups (line 423) | func (b *bitbucketConnector) userTeamGroups(ctx context.Context, clien...
type oauth2Error (line 122) | type oauth2Error struct
method Error (line 127) | func (e *oauth2Error) Error() string {
type tokenNotifyFunc (line 192) | type tokenNotifyFunc
type notifyRefreshTokenSource (line 195) | type notifyRefreshTokenSource struct
method Token (line 205) | func (s *notifyRefreshTokenSource) Token() (*oauth2.Token, error) {
type pagedResponse (line 273) | type pagedResponse struct
type user (line 283) | type user struct
type userEmail (line 313) | type userEmail struct
type userEmailResponse (line 319) | type userEmailResponse struct
type workspaceSlug (line 372) | type workspaceSlug struct
type workspace (line 376) | type workspace struct
type userWorkspacesResponse (line 380) | type userWorkspacesResponse struct
type group (line 419) | type group struct
function get (line 443) | func get(ctx context.Context, client *http.Client, apiURL string, v inte...
FILE: connector/bitbucketcloud/bitbucketcloud_test.go
function TestUserGroups (line 16) | func TestUserGroups(t *testing.T) {
function TestUserWithoutTeams (line 63) | func TestUserWithoutTeams(t *testing.T) {
function TestUsernameIncludedInFederatedIdentity (line 77) | func TestUsernameIncludedInFederatedIdentity(t *testing.T) {
function newTestServer (line 113) | func newTestServer(responses map[string]interface{}) *httptest.Server {
function newClient (line 120) | func newClient() *http.Client {
function expectNil (line 127) | func expectNil(t *testing.T, a interface{}) {
function expectEquals (line 133) | func expectEquals(t *testing.T, a interface{}, b interface{}) {
FILE: connector/connector.go
type UserNotInRequiredGroupsError (line 13) | type UserNotInRequiredGroupsError struct
method Error (line 18) | func (e *UserNotInRequiredGroupsError) Error() string {
type Connector (line 26) | type Connector interface
type Scopes (line 29) | type Scopes struct
type Identity (line 38) | type Identity struct
type PasswordConnector (line 58) | type PasswordConnector interface
type CallbackConnector (line 65) | type CallbackConnector interface
type SAMLConnector (line 91) | type SAMLConnector interface
type RefreshConnector (line 109) | type RefreshConnector interface
type TokenIdentityConnector (line 116) | type TokenIdentityConnector interface
FILE: connector/gitea/gitea.go
type Config (line 22) | type Config struct
method Open (line 54) | func (c *Config) Open(id string, logger *slog.Logger) (connector.Conne...
type Org (line 33) | type Org struct
type giteaUser (line 45) | type giteaUser struct
type connectorData (line 70) | type connectorData struct
type giteaConnector (line 81) | type giteaConnector struct
method oauth2Config (line 95) | func (c *giteaConnector) oauth2Config(_ connector.Scopes) *oauth2.Conf...
method LoginURL (line 105) | func (c *giteaConnector) LoginURL(scopes connector.Scopes, callbackURL...
method HandleCallback (line 124) | func (c *giteaConnector) HandleCallback(s connector.Scopes, connData [...
method Refresh (line 219) | func (c *giteaConnector) Refresh(ctx context.Context, s connector.Scop...
method getGroups (line 278) | func (c *giteaConnector) getGroups(ctx context.Context, client *http.C...
method groupsForOrgs (line 294) | func (c *giteaConnector) groupsForOrgs(ctx context.Context, client *ht...
method userGroups (line 335) | func (c *giteaConnector) userGroups(ctx context.Context, client *http....
method user (line 394) | func (c *giteaConnector) user(ctx context.Context, client *http.Client...
method groupsRequired (line 422) | func (c *giteaConnector) groupsRequired() bool {
type oauth2Error (line 112) | type oauth2Error struct
method Error (line 117) | func (e *oauth2Error) Error() string {
type tokenNotifyFunc (line 192) | type tokenNotifyFunc
type notifyRefreshTokenSource (line 195) | type notifyRefreshTokenSource struct
method Token (line 205) | func (s *notifyRefreshTokenSource) Token() (*oauth2.Token, error) {
function formatTeamName (line 289) | func formatTeamName(org string, team string) string {
type organization (line 324) | type organization struct
type team (line 329) | type team struct
FILE: connector/gitea/gitea_test.go
function TestUsernameIncludedInFederatedIdentity (line 16) | func TestUsernameIncludedInFederatedIdentity(t *testing.T) {
function newTestServer (line 47) | func newTestServer(responses map[string]interface{}) *httptest.Server {
function newClient (line 55) | func newClient() *http.Client {
function expectNil (line 62) | func expectNil(t *testing.T, a interface{}) {
function expectEquals (line 68) | func expectEquals(t *testing.T, a interface{}, b interface{}) {
FILE: connector/github/github.go
constant apiURL (line 25) | apiURL = "https://api.github.com"
constant scopeEmail (line 27) | scopeEmail = "user:email"
constant scopeOrgs (line 30) | scopeOrgs = "read:org"
constant githubAPIVersion (line 32) | githubAPIVersion = "2022-11-28"
type Config (line 43) | type Config struct
method Open (line 71) | func (c *Config) Open(id string, logger *slog.Logger) (connector.Conne...
type Org (line 58) | type Org struct
type connectorData (line 131) | type connectorData struct
type githubConnector (line 141) | type githubConnector struct
method groupsRequired (line 169) | func (c *githubConnector) groupsRequired(groupScope bool) bool {
method oauth2Config (line 173) | func (c *githubConnector) oauth2Config(scopes connector.Scopes) *oauth...
method LoginURL (line 199) | func (c *githubConnector) LoginURL(scopes connector.Scopes, callbackUR...
method HandleCallback (line 219) | func (c *githubConnector) HandleCallback(s connector.Scopes, connData ...
method Refresh (line 282) | func (c *githubConnector) Refresh(ctx context.Context, s connector.Sco...
method getGroups (line 319) | func (c *githubConnector) getGroups(ctx context.Context, client *http....
method groupsForOrgs (line 345) | func (c *githubConnector) groupsForOrgs(ctx context.Context, client *h...
method userGroups (line 380) | func (c *githubConnector) userGroups(ctx context.Context, client *http...
method userOrgs (line 405) | func (c *githubConnector) userOrgs(ctx context.Context, client *http.C...
method userOrgTeams (line 432) | func (c *githubConnector) userOrgTeams(ctx context.Context, client *ht...
method user (line 530) | func (c *githubConnector) user(ctx context.Context, client *http.Clien...
method userEmail (line 564) | func (c *githubConnector) userEmail(ctx context.Context, client *http....
method isPreferredEmailDomain (line 629) | func (c *githubConnector) isPreferredEmailDomain(domain string) bool {
method userInOrg (line 653) | func (c *githubConnector) userInOrg(ctx context.Context, client *http....
method teamsForOrg (line 700) | func (c *githubConnector) teamsForOrg(ctx context.Context, client *htt...
method teamGroupClaims (line 729) | func (c *githubConnector) teamGroupClaims(t team) []string {
type oauth2Error (line 207) | type oauth2Error struct
method Error (line 212) | func (e *oauth2Error) Error() string {
function formatTeamName (line 333) | func formatTeamName(org string, team string) string {
function get (line 461) | func get(ctx context.Context, client *http.Client, apiURL string, v inte...
function getPagination (line 495) | func getPagination(apiURL string, resp *http.Response) string {
type user (line 519) | type user struct
type userEmail (line 551) | type userEmail struct
type team (line 686) | type team struct
type org (line 692) | type org struct
FILE: connector/github/github_test.go
type testResponse (line 20) | type testResponse struct
function TestUserGroups (line 26) | func TestUserGroups(t *testing.T) {
function TestUserGroupsWithoutOrgs (line 68) | func TestUserGroupsWithoutOrgs(t *testing.T) {
function TestUserGroupsWithTeamNameFieldConfig (line 82) | func TestUserGroupsWithTeamNameFieldConfig(t *testing.T) {
function TestUserGroupsWithTeamNameAndSlugFieldConfig (line 105) | func TestUserGroupsWithTeamNameAndSlugFieldConfig(t *testing.T) {
function TestUsernameIncludedInFederatedIdentity (line 130) | func TestUsernameIncludedInFederatedIdentity(t *testing.T) {
function TestLoginUsedAsIDWhenConfigured (line 171) | func TestLoginUsedAsIDWhenConfigured(t *testing.T) {
function TestPreferredEmailDomainConfigured (line 203) | func TestPreferredEmailDomainConfigured(t *testing.T) {
function TestPreferredEmailDomainConfiguredWithGlob (line 245) | func TestPreferredEmailDomainConfiguredWithGlob(t *testing.T) {
function TestPreferredEmailDomainConfigured_UserHasNoPreferredDomainEmail (line 287) | func TestPreferredEmailDomainConfigured_UserHasNoPreferredDomainEmail(t ...
function TestPreferredEmailDomainNotConfigured (line 319) | func TestPreferredEmailDomainNotConfigured(t *testing.T) {
function TestPreferredEmailDomainConfigured_Error_BothPrimaryAndPreferredDomainEmailNotFound (line 356) | func TestPreferredEmailDomainConfigured_Error_BothPrimaryAndPreferredDom...
function Test_isPreferredEmailDomain (line 393) | func Test_isPreferredEmailDomain(t *testing.T) {
function Test_Open_PreferredDomainConfig (line 452) | func Test_Open_PreferredDomainConfig(t *testing.T) {
function TestGetSendsAPIVersionHeader (line 488) | func TestGetSendsAPIVersionHeader(t *testing.T) {
function newTestServer (line 503) | func newTestServer(responses map[string]testResponse) *httptest.Server {
function newClient (line 523) | func newClient() *http.Client {
function expectNil (line 530) | func expectNil(t *testing.T, a interface{}) {
function expectNotNil (line 536) | func expectNotNil(t *testing.T, a interface{}, msg string) {
function expectEquals (line 542) | func expectEquals(t *testing.T, a interface{}, b interface{}) {
FILE: connector/gitlab/gitlab.go
constant scopeUser (line 25) | scopeUser = "read_user"
constant scopeOpenID (line 28) | scopeOpenID = "openid"
type Config (line 32) | type Config struct
method Open (line 53) | func (c *Config) Open(id string, logger *slog.Logger) (connector.Conne...
type gitlabUser (line 43) | type gitlabUser struct
type connectorData (line 83) | type connectorData struct
type gitlabConnector (line 95) | type gitlabConnector struct
method oauth2Config (line 110) | func (c *gitlabConnector) oauth2Config(scopes connector.Scopes) *oauth...
method LoginURL (line 126) | func (c *gitlabConnector) LoginURL(scopes connector.Scopes, callbackUR...
method HandleCallback (line 145) | func (c *gitlabConnector) HandleCallback(s connector.Scopes, connData ...
method identity (line 166) | func (c *gitlabConnector) identity(ctx context.Context, s connector.Sc...
method Refresh (line 211) | func (c *gitlabConnector) Refresh(ctx context.Context, s connector.Sco...
method TokenIdentity (line 255) | func (c *gitlabConnector) TokenIdentity(ctx context.Context, _, subjec...
method groupsRequired (line 275) | func (c *gitlabConnector) groupsRequired(groupScope bool) bool {
method user (line 282) | func (c *gitlabConnector) user(ctx context.Context, client *http.Clien...
method userGroups (line 320) | func (c *gitlabConnector) userGroups(ctx context.Context, client *http...
method setGroupsPermission (line 352) | func (c *gitlabConnector) setGroupsPermission(u userInfo) []string {
method getGroups (line 400) | func (c *gitlabConnector) getGroups(ctx context.Context, client *http....
type oauth2Error (line 133) | type oauth2Error struct
method Error (line 138) | func (e *oauth2Error) Error() string {
type userInfo (line 309) | type userInfo struct
FILE: connector/gitlab/gitlab_test.go
function readValidRootCAData (line 22) | func readValidRootCAData(t *testing.T) []byte {
function newLocalHTTPSTestServer (line 31) | func newLocalHTTPSTestServer(t *testing.T, handler http.Handler) *httpte...
function TestOpenWithRootCADataCreatesHTTPClient (line 44) | func TestOpenWithRootCADataCreatesHTTPClient(t *testing.T) {
function TestOpenWithInvalidRootCADataReturnsError (line 79) | func TestOpenWithInvalidRootCADataReturnsError(t *testing.T) {
function TestHandleCallbackCustomRootCADataEnablesTLSRequests (line 95) | func TestHandleCallbackCustomRootCADataEnablesTLSRequests(t *testing.T) {
function TestHandleCallbackWithoutRootCADataFailsTLS (line 139) | func TestHandleCallbackWithoutRootCADataFailsTLS(t *testing.T) {
function TestUserGroups (line 179) | func TestUserGroups(t *testing.T) {
function TestUserGroupsWithFiltering (line 197) | func TestUserGroupsWithFiltering(t *testing.T) {
function TestUserGroupsWithoutOrgs (line 214) | func TestUserGroupsWithoutOrgs(t *testing.T) {
function TestUsernameIncludedInFederatedIdentity (line 230) | func TestUsernameIncludedInFederatedIdentity(t *testing.T) {
function TestLoginUsedAsIDWhenConfigured (line 266) | func TestLoginUsedAsIDWhenConfigured(t *testing.T) {
function TestLoginWithTeamWhitelisted (line 293) | func TestLoginWithTeamWhitelisted(t *testing.T) {
function TestLoginWithTeamNonWhitelisted (line 320) | func TestLoginWithTeamNonWhitelisted(t *testing.T) {
function TestRefresh (line 346) | func TestRefresh(t *testing.T) {
function TestRefreshWithEmptyConnectorData (line 387) | func TestRefreshWithEmptyConnectorData(t *testing.T) {
function TestGroupsWithPermission (line 415) | func TestGroupsWithPermission(t *testing.T) {
function newTestServer (line 456) | func newTestServer(responses map[string]interface{}) *httptest.Server {
function newClient (line 464) | func newClient() *http.Client {
function expectNil (line 471) | func expectNil(t *testing.T, a interface{}) {
function expectNotNil (line 477) | func expectNotNil(t *testing.T, a interface{}, msg string) {
function expectEquals (line 483) | func expectEquals(t *testing.T, a interface{}, b interface{}) {
function TestTokenIdentity (line 489) | func TestTokenIdentity(t *testing.T) {
FILE: connector/google/google.go
constant issuerURL (line 28) | issuerURL = "https://accounts.google.com"
constant wildcardDomainToAdminEmail (line 29) | wildcardDomainToAdminEmail = "*"
type Config (line 33) | type Config struct
method Open (line 70) | func (c *Config) Open(id string, logger *slog.Logger) (conn connector....
type googleConnector (line 151) | type googleConnector struct
method Close (line 166) | func (c *googleConnector) Close() error {
method LoginURL (line 171) | func (c *googleConnector) LoginURL(s connector.Scopes, callbackURL, st...
method HandleCallback (line 204) | func (c *googleConnector) HandleCallback(s connector.Scopes, connData ...
method Refresh (line 217) | func (c *googleConnector) Refresh(ctx context.Context, s connector.Sco...
method createIdentity (line 230) | func (c *googleConnector) createIdentity(ctx context.Context, identity...
method getGroups (line 293) | func (c *googleConnector) getGroups(email string, fetchTransitiveGroup...
method findAdminService (line 340) | func (c *googleConnector) findAdminService(domain string) (*admin.Serv...
method extractDomainFromEmail (line 356) | func (c *googleConnector) extractDomainFromEmail(email string) string {
type oauth2Error (line 192) | type oauth2Error struct
method Error (line 197) | func (e *oauth2Error) Error() string {
function getCredentialsFromFilePath (line 369) | func getCredentialsFromFilePath(serviceAccountFilePath string) ([]byte, ...
function getCredentialsFromDefault (line 381) | func getCredentialsFromDefault(ctx context.Context, email string, logger...
function createServiceWithMetadataServer (line 401) | func createServiceWithMetadataServer(ctx context.Context, adminEmail str...
function createDirectoryService (line 427) | func createDirectoryService(serviceAccountFilePath, email string, logger...
FILE: connector/google/google_test.go
function testSetup (line 38) | func testSetup() *httptest.Server {
function newConnector (line 53) | func newConnector(config *Config) (*googleConnector, error) {
function tempServiceAccountKey (line 67) | func tempServiceAccountKey() (string, error) {
function TestOpen (line 84) | func TestOpen(t *testing.T) {
function TestGetGroups (line 174) | func TestGetGroups(t *testing.T) {
function TestDomainToAdminEmailConfig (line 244) | func TestDomainToAdminEmailConfig(t *testing.T) {
function mockGCEMetadataServer (line 303) | func mockGCEMetadataServer() *httptest.Server {
function TestGCEWorkloadIdentity (line 329) | func TestGCEWorkloadIdentity(t *testing.T) {
function TestPromptTypeConfig (line 396) | func TestPromptTypeConfig(t *testing.T) {
FILE: connector/keystone/keystone.go
type conn (line 23) | type conn struct
method Close (line 137) | func (p *conn) Close() error { return nil }
method Login (line 139) | func (p *conn) Login(ctx context.Context, scopes connector.Scopes, use...
method Prompt (line 183) | func (p *conn) Prompt() string { return "username" }
method Refresh (line 185) | func (p *conn) Refresh(
method getTokenResponse (line 209) | func (p *conn) getTokenResponse(ctx context.Context, username, pass st...
method getAdminToken (line 241) | func (p *conn) getAdminToken(ctx context.Context) (string, error) {
method checkIfUserExists (line 252) | func (p *conn) checkIfUserExists(ctx context.Context, userID string, t...
method getUser (line 257) | func (p *conn) getUser(ctx context.Context, userID string, token strin...
method getUserGroups (line 291) | func (p *conn) getUserGroups(ctx context.Context, userID string, token...
type userKeystone (line 32) | type userKeystone struct
type domainKeystone (line 38) | type domainKeystone struct
type Config (line 56) | type Config struct
method Open (line 112) | func (c *Config) Open(id string, logger *slog.Logger) (connector.Conne...
type loginRequestData (line 63) | type loginRequestData struct
type auth (line 67) | type auth struct
type identity (line 71) | type identity struct
type password (line 76) | type password struct
type user (line 80) | type user struct
type token (line 86) | type token struct
type tokenResponse (line 90) | type tokenResponse struct
type group (line 94) | type group struct
type groupsResponse (line 99) | type groupsResponse struct
type userResponse (line 103) | type userResponse struct
FILE: connector/keystone/keystone_test.go
constant invalidPass (line 18) | invalidPass = "WRONG_PASS"
constant testUser (line 20) | testUser = "test_user"
constant testPass (line 21) | testPass = "test_pass"
constant testEmail (line 22) | testEmail = "test@example.com"
constant testGroup (line 23) | testGroup = "test_group"
constant testDomainAltName (line 24) | testDomainAltName = "altdomain"
constant testDomainID (line 25) | testDomainID = "default"
constant testDomainName (line 26) | testDomainName = "Default"
type userReq (line 40) | type userReq struct
type domainResponse (line 49) | type domainResponse struct
type domainsResponse (line 53) | type domainsResponse struct
type groupResponse (line 57) | type groupResponse struct
function getAdminToken (line 63) | func getAdminToken(t *testing.T, adminName, adminPass string) (token, id...
function getOrCreateDomain (line 112) | func getOrCreateDomain(t *testing.T, token, domainName string) string {
function createUser (line 186) | func createUser(t *testing.T, token, domainID, userName, userEmail, user...
function deleteResource (line 232) | func deleteResource(t *testing.T, token, id, uri string) {
function createGroup (line 249) | func createGroup(t *testing.T, token, description, name string) string {
function addUserToGroup (line 290) | func addUserToGroup(t *testing.T, token, groupID, userID string) error {
function TestIncorrectCredentialsLogin (line 308) | func TestIncorrectCredentialsLogin(t *testing.T) {
function TestValidUserLogin (line 331) | func TestValidUserLogin(t *testing.T) {
function TestUseRefreshToken (line 477) | func TestUseRefreshToken(t *testing.T) {
function TestUseRefreshTokenUserDeleted (line 505) | func TestUseRefreshTokenUserDeleted(t *testing.T) {
function TestUseRefreshTokenGroupsChanged (line 535) | func TestUseRefreshTokenGroupsChanged(t *testing.T) {
function TestNoGroupsInScope (line 572) | func TestNoGroupsInScope(t *testing.T) {
function setupVariables (line 602) | func setupVariables(t *testing.T) {
function expectEquals (line 633) | func expectEquals(t *testing.T, a interface{}, b interface{}) {
FILE: connector/ldap/ldap.go
type UsernameAttributes (line 66) | type UsernameAttributes
method UnmarshalJSON (line 68) | func (u *UsernameAttributes) UnmarshalJSON(data []byte) error {
type UserMatcher (line 85) | type UserMatcher struct
type Config (line 93) | type Config struct
method Open (line 238) | func (c *Config) Open(id string, logger *slog.Logger) (connector.Conne...
method OpenConnector (line 253) | func (c *Config) OpenConnector(logger *slog.Logger) (interface {
method openConnector (line 262) | func (c *Config) openConnector(logger *slog.Logger) (*ldapConnector, e...
function scopeString (line 191) | func scopeString(i int) string {
function parseScope (line 204) | func parseScope(s string) (int, bool) {
function userMatchers (line 220) | func userMatchers(c *Config, logger *slog.Logger) []UserMatcher {
type refreshData (line 247) | type refreshData struct
type ldapConnector (line 336) | type ldapConnector struct
method do (line 352) | func (c *ldapConnector) do(_ context.Context, f func(c *ldap.Conn) err...
method getAttrs (line 393) | func (c *ldapConnector) getAttrs(e ldap.Entry, name string) []string {
method getAttr (line 408) | func (c *ldapConnector) getAttr(e ldap.Entry, name string) string {
method identityFromEntry (line 415) | func (c *ldapConnector) identityFromEntry(user ldap.Entry) (ident conn...
method userEntry (line 452) | func (c *ldapConnector) userEntry(conn *ldap.Conn, username string) (u...
method Login (line 517) | func (c *ldapConnector) Login(ctx context.Context, s connector.Scopes,...
method Refresh (line 597) | func (c *ldapConnector) Refresh(ctx context.Context, s connector.Scope...
method groups (line 638) | func (c *ldapConnector) groups(ctx context.Context, user ldap.Entry) (...
method queryGroups (line 723) | func (c *ldapConnector) queryGroups(ctx context.Context, memberAttr, d...
method Prompt (line 760) | func (c *ldapConnector) Prompt() string {
FILE: connector/ldap/ldap_test.go
type connectionMethod (line 16) | type connectionMethod
constant connectStartTLS (line 19) | connectStartTLS connectionMethod = iota
constant connectLDAPS (line 20) | connectLDAPS
constant connectLDAP (line 21) | connectLDAP
constant connectInsecureSkipVerify (line 22) | connectInsecureSkipVerify
type subtest (line 26) | type subtest struct
function TestQuery (line 42) | func TestQuery(t *testing.T) {
function TestQueryWithEmailSuffix (line 102) | func TestQueryWithEmailSuffix(t *testing.T) {
function TestUserFilter (line 138) | func TestUserFilter(t *testing.T) {
function TestUsernameWithMultipleAttributes (line 187) | func TestUsernameWithMultipleAttributes(t *testing.T) {
function TestGroupQuery (line 224) | func TestGroupQuery(t *testing.T) {
function TestGroupsOnUserEntity (line 272) | func TestGroupsOnUserEntity(t *testing.T) {
function TestGroupFilter (line 318) | func TestGroupFilter(t *testing.T) {
function TestGroupToUserMatchers (line 367) | func TestGroupToUserMatchers(t *testing.T) {
function TestDeprecatedGroupToUserMatcher (line 423) | func TestDeprecatedGroupToUserMatcher(t *testing.T) {
function TestStartTLS (line 468) | func TestStartTLS(t *testing.T) {
function TestInsecureSkipVerify (line 492) | func TestInsecureSkipVerify(t *testing.T) {
function TestLDAPS (line 516) | func TestLDAPS(t *testing.T) {
function TestUsernamePrompt (line 540) | func TestUsernamePrompt(t *testing.T) {
function TestUsernameAttributesUnmarshal (line 565) | func TestUsernameAttributesUnmarshal(t *testing.T) {
function TestNestedGroups (line 595) | func TestNestedGroups(t *testing.T) {
function getenv (line 645) | func getenv(key, defaultVal string) string {
function runTests (line 656) | func runTests(t *testing.T, connMethod connectionMethod, config *Config,...
FILE: connector/linkedin/linkedin.go
constant apiURL (line 19) | apiURL = "https://api.linkedin.com/v2"
constant authURL (line 20) | authURL = "https://www.linkedin.com/oauth/v2/authorization"
constant tokenURL (line 21) | tokenURL = "https://www.linkedin.com/oauth/v2/accessToken"
type Config (line 25) | type Config struct
method Open (line 32) | func (c *Config) Open(id string, logger *slog.Logger) (connector.Conne...
type connectorData (line 48) | type connectorData struct
type linkedInConnector (line 57) | type linkedInConnector struct
method LoginURL (line 63) | func (c *linkedInConnector) LoginURL(scopes connector.Scopes, callback...
method HandleCallback (line 73) | func (c *linkedInConnector) HandleCallback(s connector.Scopes, connDat...
method Refresh (line 110) | func (c *linkedInConnector) Refresh(ctx context.Context, s connector.S...
method primaryEmail (line 158) | func (c *linkedInConnector) primaryEmail(ctx context.Context, client *...
method profile (line 194) | func (c *linkedInConnector) profile(ctx context.Context, client *http....
type profile (line 132) | type profile struct
method fullname (line 149) | func (p profile) fullname() string {
type emailresp (line 139) | type emailresp struct
type oauth2Error (line 230) | type oauth2Error struct
method Error (line 235) | func (e *oauth2Error) Error() string {
FILE: connector/microsoft/microsoft.go
type GroupNameFormat (line 26) | type GroupNameFormat
constant GroupID (line 30) | GroupID GroupNameFormat = "id"
constant GroupName (line 31) | GroupName GroupNameFormat = "name"
constant scopeUser (line 36) | scopeUser = "user.read"
constant scopeGroups (line 39) | scopeGroups = "directory.read.all"
constant scopeOfflineAccess (line 42) | scopeOfflineAccess = "offline_access"
type Config (line 46) | type Config struct
method Open (line 69) | func (c *Config) Open(id string, logger *slog.Logger) (connector.Conne...
type connectorData (line 114) | type connectorData struct
type microsoftConnector (line 125) | type microsoftConnector struct
method isOrgTenant (line 143) | func (c *microsoftConnector) isOrgTenant() bool {
method groupsRequired (line 147) | func (c *microsoftConnector) groupsRequired(groupScope bool) bool {
method oauth2Config (line 151) | func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oa...
method LoginURL (line 178) | func (c *microsoftConnector) LoginURL(scopes connector.Scopes, callbac...
method HandleCallback (line 194) | func (c *microsoftConnector) HandleCallback(s connector.Scopes, connDa...
method Refresh (line 278) | func (c *microsoftConnector) Refresh(ctx context.Context, s connector....
method user (line 358) | func (c *microsoftConnector) user(ctx context.Context, client *http.Cl...
method getGroups (line 391) | func (c *microsoftConnector) getGroups(ctx context.Context, client *ht...
method getGroupIDs (line 415) | func (c *microsoftConnector) getGroupIDs(ctx context.Context, client *...
method getGroupNames (line 438) | func (c *microsoftConnector) getGroupNames(ctx context.Context, client...
method post (line 468) | func (c *microsoftConnector) post(ctx context.Context, client *http.Cl...
type tokenNotifyFunc (line 251) | type tokenNotifyFunc
type notifyRefreshTokenSource (line 254) | type notifyRefreshTokenSource struct
method Token (line 264) | func (s *notifyRefreshTokenSource) Token() (*oauth2.Token, error) {
type user (line 352) | type user struct
type group (line 387) | type group struct
type graphError (line 503) | type graphError struct
method Error (line 508) | func (e *graphError) Error() string {
function newGraphError (line 512) | func newGraphError(r io.Reader) error {
type oauth2Error (line 523) | type oauth2Error struct
method Error (line 528) | func (e *oauth2Error) Error() string {
FILE: connector/microsoft/microsoft_test.go
type testResponse (line 17) | type testResponse struct
constant tenant (line 22) | tenant = "9b1c3439-a67e-4e92-bb0d-0571d44ca965"
constant clientID (line 23) | clientID = "a115ebf3-6020-4384-8eb1-c0c42e667b6f"
function TestLoginURL (line 31) | func TestLoginURL(t *testing.T) {
function TestLoginURLWithOptions (line 58) | func TestLoginURLWithOptions(t *testing.T) {
function TestUserIdentityFromGraphAPI (line 83) | func TestUserIdentityFromGraphAPI(t *testing.T) {
function TestUserGroupsFromGraphAPI (line 105) | func TestUserGroupsFromGraphAPI(t *testing.T) {
function TestUserNotInRequiredGroupFromGraphAPI (line 123) | func TestUserNotInRequiredGroupFromGraphAPI(t *testing.T) {
function newTestServer (line 156) | func newTestServer(responses map[string]testResponse) *httptest.Server {
function expectNil (line 170) | func expectNil(t *testing.T, a interface{}) {
function expectEquals (line 176) | func expectEquals(t *testing.T, a interface{}, b interface{}) {
FILE: connector/mock/connectortest.go
function NewCallbackConnector (line 17) | func NewCallbackConnector(logger *slog.Logger) connector.Connector {
type Callback (line 38) | type Callback struct
method LoginURL (line 45) | func (m *Callback) LoginURL(s connector.Scopes, callbackURL, state str...
method HandleCallback (line 59) | func (m *Callback) HandleCallback(s connector.Scopes, connData []byte,...
method Refresh (line 64) | func (m *Callback) Refresh(ctx context.Context, s connector.Scopes, id...
method TokenIdentity (line 68) | func (m *Callback) TokenIdentity(ctx context.Context, subjectTokenType...
type CallbackConfig (line 73) | type CallbackConfig struct
method Open (line 76) | func (c *CallbackConfig) Open(id string, logger *slog.Logger) (connect...
type PasswordConfig (line 83) | type PasswordConfig struct
method Open (line 89) | func (c *PasswordConfig) Open(id string, logger *slog.Logger) (connect...
type passwordConnector (line 104) | type passwordConnector struct
method Close (line 110) | func (p passwordConnector) Close() error { return nil }
method Login (line 112) | func (p passwordConnector) Login(ctx context.Context, s connector.Scop...
method Prompt (line 125) | func (p passwordConnector) Prompt() string { return "" }
method Refresh (line 127) | func (p passwordConnector) Refresh(_ context.Context, _ connector.Scop...
FILE: connector/oauth/oauth.go
type oauthConnector (line 21) | type oauthConnector struct
method LoginURL (line 121) | func (c *oauthConnector) LoginURL(scopes connector.Scopes, callbackURL...
method HandleCallback (line 137) | func (c *oauthConnector) HandleCallback(s connector.Scopes, _ []byte, ...
method addGroupsFromMap (line 216) | func (c *oauthConnector) addGroupsFromMap(groups map[string]struct{}, ...
method addGroupsFromToken (line 236) | func (c *oauthConnector) addGroupsFromToken(groups map[string]struct{}...
type connectorData (line 39) | type connectorData struct
type Config (line 43) | type Config struct
method Open (line 63) | func (c *Config) Open(id string, logger *slog.Logger) (connector.Conne...
function decode (line 256) | func decode(seg string) ([]byte, error) {
FILE: connector/oauth/oauth_test.go
function TestOpen (line 22) | func TestOpen(t *testing.T) {
function TestLoginURL (line 44) | func TestLoginURL(t *testing.T) {
function TestHandleCallBackForGroupsInUserInfo (line 70) | func TestHandleCallBackForGroupsInUserInfo(t *testing.T) {
function TestHandleCallBackForGroupMapsInUserInfo (line 103) | func TestHandleCallBackForGroupMapsInUserInfo(t *testing.T) {
function TestHandleCallBackForGroupsInToken (line 139) | func TestHandleCallBackForGroupsInToken(t *testing.T) {
function TestHandleCallbackForNumericUserID (line 171) | func TestHandleCallbackForNumericUserID(t *testing.T) {
function testSetup (line 199) | func testSetup(t *testing.T, tokenClaims map[string]interface{}, userInf...
function newToken (line 235) | func newToken(key *jose.JSONWebKey, claims map[string]interface{}) (stri...
function newConnector (line 256) | func newConnector(t *testing.T, serverURL string) *oauthConnector {
function newRequestWithAuthCode (line 288) | func newRequestWithAuthCode(t *testing.T, serverURL string, code string)...
FILE: connector/oidc/oidc.go
constant codeChallengeMethodPlain (line 25) | codeChallengeMethodPlain = "plain"
constant codeChallengeMethodS256 (line 26) | codeChallengeMethodS256 = "S256"
function contains (line 29) | func contains(arr []string, item string) bool {
type Config (line 39) | type Config struct
method Open (line 266) | func (c *Config) Open(id string, logger *slog.Logger) (conn connector....
type ProviderDiscoveryOverrides (line 129) | type ProviderDiscoveryOverrides struct
method Empty (line 141) | func (o *ProviderDiscoveryOverrides) Empty() bool {
function getProvider (line 145) | func getProvider(ctx context.Context, issuer string, overrides ProviderD...
type NewGroupFromClaims (line 190) | type NewGroupFromClaims struct
type FilterGroupClaims (line 207) | type FilterGroupClaims struct
type ModifyGroupNames (line 212) | type ModifyGroupNames struct
type connectorData (line 226) | type connectorData struct
function knownBrokenAuthHeaderProvider (line 234) | func knownBrokenAuthHeaderProvider(issuerURL string) bool {
type PKCEChallengeData (line 247) | type PKCEChallengeData struct
function getAuthCodeOptionForCodeChallenge (line 253) | func getAuthCodeOptionForCodeChallenge(codeVerifier, codeChallengeMethod...
type oidcConnector (line 387) | type oidcConnector struct
method Close (line 414) | func (c *oidcConnector) Close() error {
method LoginURL (line 419) | func (c *oidcConnector) LoginURL(s connector.Scopes, callbackURL, stat...
method HandleCallback (line 476) | func (c *oidcConnector) HandleCallback(s connector.Scopes, connData []...
method Refresh (line 504) | func (c *oidcConnector) Refresh(ctx context.Context, s connector.Scope...
method TokenIdentity (line 524) | func (c *oidcConnector) TokenIdentity(ctx context.Context, subjectToke...
method createIdentity (line 536) | func (c *oidcConnector) createIdentity(ctx context.Context, identity c...
type oauth2Error (line 456) | type oauth2Error struct
method Error (line 461) | func (e *oauth2Error) Error() string {
type caller (line 468) | type caller
constant createCaller (line 471) | createCaller caller = iota
constant refreshCaller (line 472) | refreshCaller
constant exchangeCaller (line 473) | exchangeCaller
FILE: connector/oidc/oidc_test.go
function TestKnownBrokenAuthHeaderProvider (line 27) | func TestKnownBrokenAuthHeaderProvider(t *testing.T) {
function TestHandleCallback (line 47) | func TestHandleCallback(t *testing.T) {
function TestRefresh (line 592) | func TestRefresh(t *testing.T) {
function TestTokenIdentity (line 672) | func TestTokenIdentity(t *testing.T) {
function TestPromptType (line 752) | func TestPromptType(t *testing.T) {
function TestProviderOverride (line 786) | func TestProviderOverride(t *testing.T) {
function setupServer (line 837) | func setupServer(tok map[string]interface{}, idTokenDesired bool) (*http...
function newToken (line 908) | func newToken(key *jose.JSONWebKey, claims map[string]interface{}) (stri...
function newConnector (line 931) | func newConnector(config Config) (*oidcConnector, error) {
function newRequestWithAuthCode (line 946) | func newRequestWithAuthCode(serverURL string, code string) (*http.Reques...
function n (line 959) | func n(pub *rsa.PublicKey) string {
function e (line 963) | func e(pub *rsa.PublicKey) string {
function encode (line 969) | func encode(payload []byte) string {
function expectEquals (line 974) | func expectEquals(t *testing.T, a interface{}, b interface{}) {
FILE: connector/openshift/openshift.go
constant wellKnownURLPath (line 21) | wellKnownURLPath = "/.well-known/oauth-authorization-server"
constant usersURLPath (line 22) | usersURLPath = "/apis/user.openshift.io/v1/users/~"
type Config (line 26) | type Config struct
method Open (line 65) | func (c *Config) Open(id string, logger *slog.Logger) (conn connector....
method OpenWithHTTPClient (line 81) | func (c *Config) OpenWithHTTPClient(id string, logger *slog.Logger,
type openshiftConnector (line 41) | type openshiftConnector struct
method Close (line 135) | func (c *openshiftConnector) Close() error {
method LoginURL (line 141) | func (c *openshiftConnector) LoginURL(scopes connector.Scopes, callbac...
method HandleCallback (line 162) | func (c *openshiftConnector) HandleCallback(s connector.Scopes,
method Refresh (line 184) | func (c *openshiftConnector) Refresh(ctx context.Context, s connector....
method identity (line 198) | func (c *openshiftConnector) identity(ctx context.Context, s connector...
method user (line 235) | func (c *openshiftConnector) user(ctx context.Context, client *http.Cl...
type user (line 55) | type user struct
type oauth2Error (line 149) | type oauth2Error struct
method Error (line 154) | func (e *oauth2Error) Error() string {
function validateAllowedGroups (line 264) | func validateAllowedGroups(userGroups, allowedGroups []string) bool {
FILE: connector/openshift/openshift_test.go
function TestOpen (line 22) | func TestOpen(t *testing.T) {
function TestGetUser (line 56) | func TestGetUser(t *testing.T) {
function TestVerifySingleGroupFn (line 87) | func TestVerifySingleGroupFn(t *testing.T) {
function TestVerifySingleGroupFailureFn (line 96) | func TestVerifySingleGroupFailureFn(t *testing.T) {
function TestVerifyMultipleGroupFn (line 105) | func TestVerifyMultipleGroupFn(t *testing.T) {
function TestVerifyGroup (line 114) | func TestVerifyGroup(t *testing.T) {
function TestCallbackIdentity (line 145) | func TestCallbackIdentity(t *testing.T) {
function TestRefreshIdentity (line 189) | func TestRefreshIdentity(t *testing.T) {
function TestRefreshIdentityFailure (line 228) | func TestRefreshIdentityFailure(t *testing.T) {
function newTestServer (line 261) | func newTestServer(responses map[string]interface{}) *httptest.Server {
function expectNil (line 282) | func expectNil(t *testing.T, a interface{}) {
function expectEquals (line 288) | func expectEquals(t *testing.T, a interface{}, b interface{}) {
function expectNotNil (line 294) | func expectNotNil(t *testing.T, a interface{}) {
FILE: connector/saml/saml.go
constant bindingRedirect (line 30) | bindingRedirect = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
constant bindingPOST (line 31) | bindingPOST = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
constant nameIDFormatEmailAddress (line 33) | nameIDFormatEmailAddress = "urn:oasis:names:tc:SAML:1.1:nameid-format:em...
constant nameIDFormatUnspecified (line 34) | nameIDFormatUnspecified = "urn:oasis:names:tc:SAML:1.1:nameid-format:un...
constant nameIDFormatX509Subject (line 35) | nameIDFormatX509Subject = "urn:oasis:names:tc:SAML:1.1:nameid-format:X5...
constant nameIDFormatWindowsDN (line 36) | nameIDFormatWindowsDN = "urn:oasis:names:tc:SAML:1.1:nameid-format:Wi...
constant nameIDFormatEncrypted (line 37) | nameIDFormatEncrypted = "urn:oasis:names:tc:SAML:2.0:nameid-format:en...
constant nameIDFormatEntity (line 38) | nameIDFormatEntity = "urn:oasis:names:tc:SAML:2.0:nameid-format:en...
constant nameIDFormatKerberos (line 39) | nameIDFormatKerberos = "urn:oasis:names:tc:SAML:2.0:nameid-format:ke...
constant nameIDFormatPersistent (line 40) | nameIDFormatPersistent = "urn:oasis:names:tc:SAML:2.0:nameid-format:pe...
constant nameIDformatTransient (line 41) | nameIDformatTransient = "urn:oasis:names:tc:SAML:2.0:nameid-format:tr...
constant statusCodeSuccess (line 44) | statusCodeSuccess = "urn:oasis:names:tc:SAML:2.0:status:Success"
constant subjectConfirmationMethodBearer (line 47) | subjectConfirmationMethodBearer = "urn:oasis:names:tc:SAML:2.0:cm:bearer"
constant allowedClockDrift (line 50) | allowedClockDrift = time.Duration(30) * time.Second
type Config (line 71) | type Config struct
method Open (line 124) | func (c *Config) Open(id string, logger *slog.Logger) (connector.Conne...
method openConnector (line 129) | func (c *Config) openConnector(logger *slog.Logger) (*provider, error) {
type certStore (line 114) | type certStore struct
method Certificates (line 118) | func (c certStore) Certificates() (roots []*x509.Certificate, err erro...
type provider (line 240) | type provider struct
method POSTData (line 295) | func (p *provider) POSTData(s connector.Scopes, id string) (action, va...
method HandlePOST (line 332) | func (p *provider) HandlePOST(s connector.Scopes, samlResponse, inResp...
method Refresh (line 493) | func (p *provider) Refresh(ctx context.Context, s connector.Scopes, id...
method validateStatus (line 521) | func (p *provider) validateStatus(status *status) error {
method validateSubject (line 550) | func (p *provider) validateSubject(subject *subject, inResponseTo stri...
method validateConditions (line 604) | func (p *provider) validateConditions(conditions *conditions) error {
type cachedIdentity (line 268) | type cachedIdentity struct
function marshalCachedIdentity (line 278) | func marshalCachedIdentity(ident connector.Identity) (connector.Identity...
function verifyResponseSig (line 659) | func verifyResponseSig(validator *dsig.ValidationContext, data []byte) (...
function before (line 705) | func before(now, notBefore time.Time) bool {
function after (line 711) | func after(now, notOnOrAfter time.Time) bool {
FILE: connector/saml/saml_test.go
type responseTest (line 41) | type responseTest struct
method run (line 407) | func (r responseTest) run(t *testing.T) {
function TestGoodResponse (line 64) | func TestGoodResponse(t *testing.T) {
function TestGroups (line 83) | func TestGroups(t *testing.T) {
function TestGroupsWhitelist (line 104) | func TestGroupsWhitelist(t *testing.T) {
function TestGroupsWhitelistWithFiltering (line 126) | func TestGroupsWhitelistWithFiltering(t *testing.T) {
function TestGroupsWhitelistEmpty (line 149) | func TestGroupsWhitelistEmpty(t *testing.T) {
function TestGroupsWhitelistDisallowed (line 171) | func TestGroupsWhitelistDisallowed(t *testing.T) {
function TestGroupsWhitelistDisallowedNoGroupsOnIdent (line 194) | func TestGroupsWhitelistDisallowedNoGroupsOnIdent(t *testing.T) {
function TestOkta (line 218) | func TestOkta(t *testing.T) {
function TestBadStatus (line 237) | func TestBadStatus(t *testing.T) {
function TestInvalidCA (line 251) | func TestInvalidCA(t *testing.T) {
function TestUnsignedResponse (line 265) | func TestUnsignedResponse(t *testing.T) {
function TestExpiredAssertion (line 279) | func TestExpiredAssertion(t *testing.T) {
function TestAssertionSignedNotResponse (line 296) | func TestAssertionSignedNotResponse(t *testing.T) {
function TestInvalidSubjectInResponseTo (line 315) | func TestInvalidSubjectInResponseTo(t *testing.T) {
function TestInvalidSubjectRecipient (line 329) | func TestInvalidSubjectRecipient(t *testing.T) {
function TestInvalidAssertionAudience (line 343) | func TestInvalidAssertionAudience(t *testing.T) {
function TestTwoAssertionFirstSigned (line 362) | func TestTwoAssertionFirstSigned(t *testing.T) {
function TestTamperedResponseNameID (line 381) | func TestTamperedResponseNameID(t *testing.T) {
function loadCert (line 395) | func loadCert(ca string) (*x509.Certificate, error) {
function TestConfigCAData (line 476) | func TestConfigCAData(t *testing.T) {
function runVerify (line 564) | func runVerify(t *testing.T, ca string, resp string, shouldSucceed bool) {
function TestVerify (line 589) | func TestVerify(t *testing.T) {
function TestVerifyUnsignedMessageAndSignedAssertionWithRootXmlNs (line 593) | func TestVerifyUnsignedMessageAndSignedAssertionWithRootXmlNs(t *testing...
function TestVerifySignedMessageAndUnsignedAssertion (line 597) | func TestVerifySignedMessageAndUnsignedAssertion(t *testing.T) {
function TestVerifyUnsignedMessageAndSignedAssertion (line 601) | func TestVerifyUnsignedMessageAndSignedAssertion(t *testing.T) {
function TestVerifySignedMessageAndSignedAssertion (line 605) | func TestVerifySignedMessageAndSignedAssertion(t *testing.T) {
function TestVerifyUnsignedMessageAndUnsignedAssertion (line 609) | func TestVerifyUnsignedMessageAndUnsignedAssertion(t *testing.T) {
function TestSAMLRefresh (line 613) | func TestSAMLRefresh(t *testing.T) {
FILE: connector/saml/types.go
constant timeFormat (line 10) | timeFormat = "2006-01-02T15:04:05Z"
type xmlTime (line 12) | type xmlTime
method MarshalXMLAttr (line 14) | func (t xmlTime) MarshalXMLAttr(name xml.Name) (xml.Attr, error) {
method UnmarshalXMLAttr (line 21) | func (t *xmlTime) UnmarshalXMLAttr(attr xml.Attr) error {
type samlVersion (line 30) | type samlVersion struct
method MarshalXMLAttr (line 32) | func (s samlVersion) MarshalXMLAttr(name xml.Name) (xml.Attr, error) {
method UnmarshalXMLAttr (line 39) | func (s *samlVersion) UnmarshalXMLAttr(attr xml.Attr) error {
type authnRequest (line 46) | type authnRequest struct
type subject (line 71) | type subject struct
type nameID (line 80) | type nameID struct
type subjectConfirmationData (line 87) | type subjectConfirmationData struct
type subjectConfirmation (line 96) | type subjectConfirmation struct
type audience (line 103) | type audience struct
type audienceRestriction (line 108) | type audienceRestriction struct
type conditions (line 114) | type conditions struct
type statusCode (line 123) | type statusCode struct
type statusMessage (line 129) | type statusMessage struct
type status (line 135) | type status struct
type issuer (line 142) | type issuer struct
type nameIDPolicy (line 147) | type nameIDPolicy struct
type requestAuthnContext (line 153) | type requestAuthnContext struct
type authnContextClassRef (line 159) | type authnContextClassRef struct
type response (line 164) | type response struct
type assertion (line 181) | type assertion struct
type attributeStatement (line 197) | type attributeStatement struct
method get (line 203) | func (a *attributeStatement) get(name string) (s string, ok bool) {
method all (line 215) | func (a *attributeStatement) all(name string) (s []string, ok bool) {
method names (line 228) | func (a *attributeStatement) names() []string {
method String (line 238) | func (a *attributeStatement) String() string {
type attribute (line 249) | type attribute struct
method String (line 265) | func (a attribute) String() string {
type attributeValue (line 260) | type attributeValue struct
FILE: examples/example-app/handlers.go
method handleIndex (line 13) | func (a *app) handleIndex(w http.ResponseWriter, r *http.Request) {
method handleLogin (line 20) | func (a *app) handleLogin(w http.ResponseWriter, r *http.Request) {
method handleCallback (line 87) | func (a *app) handleCallback(w http.ResponseWriter, r *http.Request) {
FILE: examples/example-app/handlers_device.go
method handleDeviceLogin (line 14) | func (a *app) handleDeviceLogin(w http.ResponseWriter, r *http.Request) {
method handleDevicePage (line 104) | func (a *app) handleDevicePage(w http.ResponseWriter, r *http.Request) {
method handleDevicePoll (line 124) | func (a *app) handleDevicePoll(w http.ResponseWriter, r *http.Request) {
method handleDeviceResult (line 262) | func (a *app) handleDeviceResult(w http.ResponseWriter, r *http.Request) {
FILE: examples/example-app/handlers_userinfo.go
method handleUserInfo (line 10) | func (a *app) handleUserInfo(w http.ResponseWriter, r *http.Request) {
FILE: examples/example-app/main.go
constant exampleAppState (line 18) | exampleAppState = "I wish to wash my irish wristwatch"
function init (line 25) | func init() {
type app (line 30) | type app struct
function cmd (line 60) | func cmd() *cobra.Command {
function main (line 183) | func main() {
FILE: examples/example-app/static/app.js
function addCrossClient (line 22) | function addCrossClient(value) {
function addCustomScope (line 46) | function addCustomScope(scope) {
FILE: examples/example-app/static/device.js
function pollForToken (line 42) | async function pollForToken() {
function showError (line 81) | function showError(message) {
function startPolling (line 92) | function startPolling() {
function stopPolling (line 97) | function stopPolling() {
FILE: examples/example-app/static/token.js
function syntaxHighlight (line 14) | function syntaxHighlight(json) {
function copyPublicKey (line 36) | function copyPublicKey() {
function fallbackCopy (line 55) | function fallbackCopy(text) {
function showCopyFeedback (line 72) | function showCopyFeedback(message) {
function fetchUserInfo (line 91) | async function fetchUserInfo(event) {
FILE: examples/example-app/templates.go
constant dexLogoDataURI (line 27) | dexLogoDataURI = "/static/dex-glyph-color.svg"
function init (line 36) | func init() {
function renderIndex (line 61) | func renderIndex(w http.ResponseWriter, data indexPageData) {
function renderDevice (line 65) | func renderDevice(w http.ResponseWriter, data devicePageData) {
type indexPageData (line 69) | type indexPageData struct
type devicePageData (line 74) | type devicePageData struct
type tokenTmplData (line 83) | type tokenTmplData struct
function generateJWTIOLink (line 94) | func generateJWTIOLink(token string, provider *oidc.Provider, ctx contex...
function getPublicKeyPEM (line 100) | func getPublicKeyPEM(provider *oidc.Provider) string {
function renderToken (line 163) | func renderToken(w http.ResponseWriter, ctx context.Context, provider *o...
function renderTemplate (line 177) | func renderTemplate(w http.ResponseWriter, tmpl *template.Template, data...
FILE: examples/example-app/utils.go
function generateSessionID (line 24) | func generateSessionID() string {
function buildScopes (line 34) | func buildScopes(baseScopes []string, crossClients []string) []string {
method oauth2Config (line 48) | func (a *app) oauth2Config(scopes []string) *oauth2.Config {
function uniqueStrings (line 58) | func uniqueStrings(values []string) []string {
function httpClientForRootCAs (line 65) | func httpClientForRootCAs(rootCAs string) (*http.Client, error) {
type debugTransport (line 88) | type debugTransport struct
method RoundTrip (line 92) | func (d debugTransport) RoundTrip(req *http.Request) (*http.Response, ...
function encodeToken (line 113) | func encodeToken(idToken *oidc.IDToken) (string, error) {
function parseAndRenderToken (line 126) | func parseAndRenderToken(w http.ResponseWriter, r *http.Request, a *app,...
FILE: examples/grpc-client/client.go
function newDexClient (line 18) | func newDexClient(hostAndPort, caPath, clientCrt, clientKey string) (api...
function createPassword (line 46) | func createPassword(cli api.DexClient) error {
function createAndListClients (line 128) | func createAndListClients(cli api.DexClient) error {
function main (line 179) | func main() {
FILE: pkg/cel/cel.go
type EnvironmentVersion (line 18) | type EnvironmentVersion
constant EnvironmentV1 (line 22) | EnvironmentV1 EnvironmentVersion = 1
type CompilationResult (line 26) | type CompilationResult struct
type CompilerOption (line 35) | type CompilerOption
type compilerConfig (line 37) | type compilerConfig struct
function defaultCompilerConfig (line 42) | func defaultCompilerConfig() *compilerConfig {
function WithCostBudget (line 50) | func WithCostBudget(budget uint64) CompilerOption {
function WithVersion (line 59) | func WithVersion(v EnvironmentVersion) CompilerOption {
type Compiler (line 66) | type Compiler struct
method CompileBool (line 129) | func (c *Compiler) CompileBool(expression string) (*CompilationResult,...
method CompileString (line 134) | func (c *Compiler) CompileString(expression string) (*CompilationResul...
method CompileStringList (line 139) | func (c *Compiler) CompileStringList(expression string) (*CompilationR...
method Compile (line 144) | func (c *Compiler) Compile(expression string) (*CompilationResult, err...
method compile (line 148) | func (c *Compiler) compile(expression string, expectedType *cel.Type) ...
function NewCompiler (line 76) | func NewCompiler(variables []VariableDeclaration, opts ...CompilerOption...
function Eval (line 195) | func Eval(ctx context.Context, result *CompilationResult, variables map[...
function EvalBool (line 205) | func EvalBool(ctx context.Context, result *CompilationResult, variables ...
function EvalString (line 220) | func EvalString(ctx context.Context, result *CompilationResult, variable...
FILE: pkg/cel/cel_test.go
function TestCompileBool (line 15) | func TestCompileBool(t *testing.T) {
function TestCompileString (line 53) | func TestCompileString(t *testing.T) {
function TestCompileStringList (line 86) | func TestCompileStringList(t *testing.T) {
function TestCompile (line 98) | func TestCompile(t *testing.T) {
function TestCompileErrors (line 116) | func TestCompileErrors(t *testing.T) {
function TestCompileRejectsUnknownFields (line 142) | func TestCompileRejectsUnknownFields(t *testing.T) {
function TestMaxExpressionLength (line 162) | func TestMaxExpressionLength(t *testing.T) {
function TestEvalBool (line 172) | func TestEvalBool(t *testing.T) {
function TestEvalString (line 218) | func TestEvalString(t *testing.T) {
function TestEvalWithIdentityAndRequest (line 234) | func TestEvalWithIdentityAndRequest(t *testing.T) {
function TestNewCompilerWithVariables (line 264) | func TestNewCompilerWithVariables(t *testing.T) {
FILE: pkg/cel/cost.go
constant DefaultCostBudget (line 12) | DefaultCostBudget uint64 = 10_000_000
constant MaxExpressionLength (line 15) | MaxExpressionLength = 10_240
constant DefaultStringMaxLength (line 19) | DefaultStringMaxLength = 256
constant DefaultListMaxLength (line 23) | DefaultListMaxLength = 100
type CostEstimate (line 26) | type CostEstimate struct
method EstimateCost (line 33) | func (c *Compiler) EstimateCost(result *CompilationResult) (CostEstimate...
type defaultCostEstimator (line 45) | type defaultCostEstimator struct
method EstimateSize (line 47) | func (defaultCostEstimator) EstimateSize(element checker.AstNode) *che...
method EstimateCallCost (line 85) | func (defaultCostEstimator) EstimateCallCost(function, overloadID stri...
FILE: pkg/cel/cost_test.go
function TestEstimateCost (line 12) | func TestEstimateCost(t *testing.T) {
function TestCompileTimeCostAcceptsSimpleExpressions (line 45) | func TestCompileTimeCostAcceptsSimpleExpressions(t *testing.T) {
function TestCompileTimeCostRejection (line 76) | func TestCompileTimeCostRejection(t *testing.T) {
FILE: pkg/cel/library/email.go
type Email (line 22) | type Email struct
method CompileOptions (line 24) | func (Email) CompileOptions() []cel.EnvOption {
method ProgramOptions (line 43) | func (Email) ProgramOptions() []cel.ProgramOption {
function emailDomainImpl (line 47) | func emailDomainImpl(arg ref.Val) ref.Val {
function emailLocalPartImpl (line 61) | func emailLocalPartImpl(arg ref.Val) ref.Val {
FILE: pkg/cel/library/email_test.go
function TestEmailDomain (line 13) | func TestEmailDomain(t *testing.T) {
function TestEmailLocalPart (line 55) | func TestEmailLocalPart(t *testing.T) {
function TestEmailDomainWithIdentityVariable (line 93) | func TestEmailDomainWithIdentityVariable(t *testing.T) {
FILE: pkg/cel/library/groups.go
type Groups (line 23) | type Groups struct
method CompileOptions (line 25) | func (Groups) CompileOptions() []cel.EnvOption {
method ProgramOptions (line 44) | func (Groups) ProgramOptions() []cel.ProgramOption {
function groupMatchesImpl (line 48) | func groupMatchesImpl(lhs, rhs ref.Val) ref.Val {
function groupFilterImpl (line 82) | func groupFilterImpl(lhs, rhs ref.Val) ref.Val {
FILE: pkg/cel/library/groups_test.go
function TestGroupMatches (line 14) | func TestGroupMatches(t *testing.T) {
function TestGroupMatchesInvalidPattern (line 71) | func TestGroupMatchesInvalidPattern(t *testing.T) {
function TestGroupFilter (line 86) | func TestGroupFilter(t *testing.T) {
FILE: pkg/cel/types.go
type VariableDeclaration (line 11) | type VariableDeclaration struct
type IdentityVal (line 19) | type IdentityVal struct
type RequestVal (line 29) | type RequestVal struct
constant identityTypeName (line 38) | identityTypeName = "cel.IdentityVal"
constant requestTypeName (line 41) | requestTypeName = "cel.RequestVal"
function IdentityVariables (line 51) | func IdentityVariables() []VariableDeclaration {
function RequestVariables (line 63) | func RequestVariables() []VariableDeclaration {
function ClaimsVariable (line 74) | func ClaimsVariable() []VariableDeclaration {
function IdentityFromConnector (line 81) | func IdentityFromConnector(id connector.Identity) IdentityVal {
type RequestContext (line 94) | type RequestContext struct
function RequestFromContext (line 102) | func RequestFromContext(rc RequestContext) RequestVal {
FILE: pkg/featureflags/flag.go
type flag (line 9) | type flag struct
method env (line 14) | func (f *flag) env() string {
method Enabled (line 18) | func (f *flag) Enabled() bool {
function newFlag (line 31) | func newFlag(s string, d bool) *flag {
FILE: pkg/groups/groups.go
function Filter (line 5) | func Filter(given, required []string) []string {
FILE: pkg/groups/groups_test.go
function TestFilter (line 11) | func TestFilter(t *testing.T) {
FILE: pkg/httpclient/httpclient.go
function extractCAs (line 14) | func extractCAs(input []string) [][]byte {
function NewHTTPClient (line 34) | func NewHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Cli...
FILE: pkg/httpclient/httpclient_test.go
function TestRootCAs (line 18) | func TestRootCAs(t *testing.T) {
function TestInsecureSkipVerify (line 52) | func TestInsecureSkipVerify(t *testing.T) {
function NewLocalHTTPSTestServer (line 74) | func NewLocalHTTPSTestServer(handler http.Handler) (*httptest.Server, er...
FILE: server/api.go
constant apiVersion (line 21) | apiVersion = 3
constant recCost (line 26) | recCost = 12
constant upBoundCost (line 31) | upBoundCost = 16
function NewAPI (line 35) | func NewAPI(s storage.Storage, logger *slog.Logger, version string, serv...
type dexAPI (line 44) | type dexAPI struct
method GetClient (line 53) | func (d dexAPI) GetClient(ctx context.Context, req *api.GetClientReq) ...
method CreateClient (line 73) | func (d dexAPI) CreateClient(ctx context.Context, req *api.CreateClien...
method UpdateClient (line 108) | func (d dexAPI) UpdateClient(ctx context.Context, req *api.UpdateClien...
method DeleteClient (line 141) | func (d dexAPI) DeleteClient(ctx context.Context, req *api.DeleteClien...
method ListClients (line 153) | func (d dexAPI) ListClients(ctx context.Context, req *api.ListClientRe...
method CreatePassword (line 195) | func (d dexAPI) CreatePassword(ctx context.Context, req *api.CreatePas...
method UpdatePassword (line 227) | func (d dexAPI) UpdatePassword(ctx context.Context, req *api.UpdatePas...
method DeletePassword (line 264) | func (d dexAPI) DeletePassword(ctx context.Context, req *api.DeletePas...
method GetVersion (line 280) | func (d dexAPI) GetVersion(ctx context.Context, req *api.VersionReq) (...
method GetDiscovery (line 287) | func (d dexAPI) GetDiscovery(ctx context.Context, req *api.DiscoveryRe...
method ListPasswords (line 301) | func (d dexAPI) ListPasswords(ctx context.Context, req *api.ListPasswo...
method VerifyPassword (line 323) | func (d dexAPI) VerifyPassword(ctx context.Context, req *api.VerifyPas...
method ListRefresh (line 354) | func (d dexAPI) ListRefresh(ctx context.Context, req *api.ListRefreshR...
method RevokeRefresh (line 388) | func (d dexAPI) RevokeRefresh(ctx context.Context, req *api.RevokeRefr...
method CreateConnector (line 439) | func (d dexAPI) CreateConnector(ctx context.Context, req *api.CreateCo...
method UpdateConnector (line 494) | func (d dexAPI) UpdateConnector(ctx context.Context, req *api.UpdateCo...
method DeleteConnector (line 558) | func (d dexAPI) DeleteConnector(ctx context.Context, req *api.DeleteCo...
method ListConnectors (line 579) | func (d dexAPI) ListConnectors(ctx context.Context, req *api.ListConne...
function checkCost (line 181) | func checkCost(hash []byte) error {
function defaultTo (line 607) | func defaultTo[T comparable](v, def T) T {
FILE: server/api_cache_test.go
function TestConnectorCacheInvalidation (line 14) | func TestConnectorCacheInvalidation(t *testing.T) {
FILE: server/api_test.go
type apiClient (line 23) | type apiClient struct
function newLogger (line 31) | func newLogger(t *testing.T) *slog.Logger {
function newAPI (line 36) | func newAPI(t *testing.T, s storage.Storage, logger *slog.Logger) *apiCl...
function TestPassword (line 64) | func TestPassword(t *testing.T) {
function TestCheckCost (line 174) | func TestCheckCost(t *testing.T) {
function TestRefreshToken (line 227) | func TestRefreshToken(t *testing.T) {
function TestUpdateClient (line 336) | func TestUpdateClient(t *testing.T) {
function TestCreateConnector (line 491) | func TestCreateConnector(t *testing.T) {
function TestUpdateConnector (line 541) | func TestUpdateConnector(t *testing.T) {
function TestUpdateConnectorGrantTypes (line 609) | func TestUpdateConnectorGrantTypes(t *testing.T) {
function TestDeleteConnector (line 708) | func TestDeleteConnector(t *testing.T) {
function TestListConnectors (line 752) | func TestListConnectors(t *testing.T) {
function TestMissingConnectorsCRUDFeatureFlag (line 794) | func TestMissingConnectorsCRUDFeatureFlag(t *testing.T) {
function TestListClients (line 831) | func TestListClients(t *testing.T) {
FILE: server/deviceflowhandlers.go
type deviceCodeResponse (line 17) | type deviceCodeResponse struct
method getDeviceVerificationURI (line 32) | func (s *Server) getDeviceVerificationURI() string {
method handleDeviceExchange (line 36) | func (s *Server) handleDeviceExchange(w http.ResponseWriter, r *http.Req...
method handleDeviceCode (line 57) | func (s *Server) handleDeviceCode(w http.ResponseWriter, r *http.Request) {
method handleDeviceTokenDeprecated (line 180) | func (s *Server) handleDeviceTokenDeprecated(w http.ResponseWriter, r *h...
method handleDeviceToken (line 205) | func (s *Server) handleDeviceToken(w http.ResponseWriter, r *http.Reques...
method handleDeviceCallback (line 287) | func (s *Server) handleDeviceCallback(w http.ResponseWriter, r *http.Req...
method verifyUserCode (line 401) | func (s *Server) verifyUserCode(w http.ResponseWriter, r *http.Request) {
FILE: server/deviceflowhandlers_test.go
function TestDeviceVerificationURI (line 18) | func TestDeviceVerificationURI(t *testing.T) {
function TestHandleDeviceCode (line 41) | func TestHandleDeviceCode(t *testing.T) {
function TestDeviceCallback (line 147) | func TestDeviceCallback(t *testing.T) {
function TestDeviceTokenResponse (line 445) | func TestDeviceTokenResponse(t *testing.T) {
function expectJSONErrorResponse (line 734) | func expectJSONErrorResponse(testCase string, body []byte, expectedError...
function TestVerifyCodeResponse (line 745) | func TestVerifyCodeResponse(t *testing.T) {
FILE: server/errors.go
constant ErrMsgLoginError (line 10) | ErrMsgLoginError = "Login error. Please contact your administrator or tr...
constant ErrMsgAuthenticationFailed (line 13) | ErrMsgAuthenticationFailed = "Authentication failed. Please contact your...
constant ErrMsgInternalServerError (line 16) | ErrMsgInternalServerError = "Internal server error. Please contact your ...
constant ErrMsgDatabaseError (line 19) | ErrMsgDatabaseError = "A database error occurred. Please try again later."
constant ErrMsgInvalidRequest (line 22) | ErrMsgInvalidRequest = "Invalid request. Please try again."
constant ErrMsgMethodNotAllowed (line 25) | ErrMsgMethodNotAllowed = "Method not allowed."
constant ErrMsgNotInRequiredGroups (line 29) | ErrMsgNotInRequiredGroups = "You are not a member of any of the required...
FILE: server/errors_test.go
function TestErrorMessagesDoNotLeakInternalDetails (line 16) | func TestErrorMessagesDoNotLeakInternalDetails(t *testing.T) {
function TestLoginErrorMessageIsSafe (line 147) | func TestLoginErrorMessageIsSafe(t *testing.T) {
function TestCallbackErrorMessageIsSafe (line 170) | func TestCallbackErrorMessageIsSafe(t *testing.T) {
function TestDeviceCallbackMethodError (line 192) | func TestDeviceCallbackMethodError(t *testing.T) {
function TestRenderErrorSafeMessages (line 214) | func TestRenderErrorSafeMessages(t *testing.T) {
function TestTokenErrorDoesNotLeakDetails (line 277) | func TestTokenErrorDoesNotLeakDetails(t *testing.T) {
FILE: server/handlers.go
constant codeChallengeMethodPlain (line 32) | codeChallengeMethodPlain = "plain"
constant codeChallengeMethodS256 (line 33) | codeChallengeMethodS256 = "S256"
method handlePublicKeys (line 36) | func (s *Server) handlePublicKeys(w http.ResponseWriter, r *http.Request) {
type discovery (line 76) | type discovery struct
method discoveryHandler (line 94) | func (s *Server) discoveryHandler(ctx context.Context) (http.HandlerFunc...
method constructDiscovery (line 109) | func (s *Server) constructDiscovery(ctx context.Context) discovery {
method grantTypeFromAuthRequest (line 147) | func (s *Server) grantTypeFromAuthRequest(r *http.Request) string {
method handleAuthorization (line 162) | func (s *Server) handleAuthorization(w http.ResponseWriter, r *http.Requ...
function filterConnectors (line 247) | func filterConnectors(connectors []storage.Connector, allowedConnectors ...
function isConnectorAllowed (line 268) | func isConnectorAllowed(allowedConnectors []string, connectorID string) ...
method getClientWithAuthError (line 283) | func (s *Server) getClientWithAuthError(ctx context.Context, clientID st...
method handleConnectorLogin (line 296) | func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Req...
method handlePasswordLogin (line 501) | func (s *Server) handlePasswordLogin(w http.ResponseWriter, r *http.Requ...
method handleConnectorCallback (line 605) | func (s *Server) handleConnectorCallback(w http.ResponseWriter, r *http....
method finalizeLogin (line 718) | func (s *Server) finalizeLogin(ctx context.Context, identity connector.I...
method handleApproval (line 882) | func (s *Server) handleApproval(w http.ResponseWriter, r *http.Request) {
method sendCodeResponse (line 976) | func (s *Server) sendCodeResponse(w http.ResponseWriter, r *http.Request...
function scopesCoveredByConsent (line 1123) | func scopesCoveredByConsent(approved, requested []string) bool {
method withClientFromStorage (line 1141) | func (s *Server) withClientFromStorage(w http.ResponseWriter, r *http.Re...
method handleToken (line 1183) | func (s *Server) handleToken(w http.ResponseWriter, r *http.Request) {
method calculateCodeChallenge (line 1221) | func (s *Server) calculateCodeChallenge(codeVerifier, codeChallengeMetho...
method handleAuthCode (line 1234) | func (s *Server) handleAuthCode(w http.ResponseWriter, r *http.Request, ...
method exchangeAuthCode (line 1294) | func (s *Server) exchangeAuthCode(ctx context.Context, w http.ResponseWr...
method handleUserInfo (line 1454) | func (s *Server) handleUserInfo(w http.ResponseWriter, r *http.Request) {
method handlePasswordGrant (line 1485) | func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Requ...
method handleTokenExchange (line 1726) | func (s *Server) handleTokenExchange(w http.ResponseWriter, r *http.Requ...
method handleClientCredentialsGrant (line 1817) | func (s *Server) handleClientCredentialsGrant(w http.ResponseWriter, r *...
type accessTokenResponse (line 1919) | type accessTokenResponse struct
method toAccessTokenResponse (line 1929) | func (s *Server) toAccessTokenResponse(idToken, accessToken, refreshToke...
method writeAccessToken (line 1939) | func (s *Server) writeAccessToken(w http.ResponseWriter, resp *accessTok...
method renderError (line 1956) | func (s *Server) renderError(r *http.Request, w http.ResponseWriter, sta...
method tokenErrHelper (line 1962) | func (s *Server) tokenErrHelper(w http.ResponseWriter, typ string, descr...
function usernamePrompt (line 1970) | func usernamePrompt(conn connector.PasswordConnector) string {
FILE: server/handlers_approval_test.go
type getAuthRequestErrorStorage (line 21) | type getAuthRequestErrorStorage struct
method GetAuthRequest (line 26) | func (s *getAuthRequestErrorStorage) GetAuthRequest(context.Context, s...
function TestHandleApprovalGetAuthRequestErrorGET (line 30) | func TestHandleApprovalGetAuthRequestErrorGET(t *testing.T) {
function TestHandleApprovalGetAuthRequestNotFoundGET (line 45) | func TestHandleApprovalGetAuthRequestNotFoundGET(t *testing.T) {
function TestHandleApprovalGetAuthRequestNotFoundPOST (line 59) | func TestHandleApprovalGetAuthRequestNotFoundPOST(t *testing.T) {
function TestHandleApprovalDoubleSubmitPOST (line 75) | func TestHandleApprovalDoubleSubmitPOST(t *testing.T) {
FILE: server/handlers_test.go
function boolPtr (line 32) | func boolPtr(v bool) *bool {
function TestHandleHealth (line 36) | func TestHandleHealth(t *testing.T) {
function TestHandleDiscovery (line 47) | func TestHandleDiscovery(t *testing.T) {
function TestHandleHealthFailure (line 115) | func TestHandleHealthFailure(t *testing.T) {
type emptyStorage (line 139) | type emptyStorage struct
method GetAuthRequest (line 143) | func (*emptyStorage) GetAuthRequest(context.Context, string) (storage....
function TestHandleInvalidOAuth2Callbacks (line 147) | func TestHandleInvalidOAuth2Callbacks(t *testing.T) {
function TestHandleInvalidSAMLCallbacks (line 172) | func TestHandleInvalidSAMLCallbacks(t *testing.T) {
function TestHandleAuthCode (line 204) | func TestHandleAuthCode(t *testing.T) {
function mockConnectorDataTestStorage (line 300) | func mockConnectorDataTestStorage(t *testing.T, s storage.Storage) {
function TestHandlePassword (line 336) | func TestHandlePassword(t *testing.T) {
function TestHandlePassword_LocalPasswordDBClaims (line 416) | func TestHandlePassword_LocalPasswordDBClaims(t *testing.T) {
function setSessionsEnabled (line 501) | func setSessionsEnabled(t *testing.T, enabled bool) {
function TestFinalizeLoginCreatesUserIdentity (line 510) | func TestFinalizeLoginCreatesUserIdentity(t *testing.T) {
function TestFinalizeLoginUpdatesUserIdentity (line 559) | func TestFinalizeLoginUpdatesUserIdentity(t *testing.T) {
function TestFinalizeLoginSkipsUserIdentityWhenDisabled (line 623) | func TestFinalizeLoginSkipsUserIdentityWhenDisabled(t *testing.T) {
function TestSkipApprovalWithExistingConsent (line 667) | func TestSkipApprovalWithExistingConsent(t *testing.T) {
function TestConsentPersistedOnApproval (line 775) | func TestConsentPersistedOnApproval(t *testing.T) {
function TestScopesCoveredByConsent (line 832) | func TestScopesCoveredByConsent(t *testing.T) {
function TestHandlePasswordLoginWithSkipApproval (line 891) | func TestHandlePasswordLoginWithSkipApproval(t *testing.T) {
function TestHandleClientCredentials (line 1044) | func TestHandleClientCredentials(t *testing.T) {
function TestHandleConnectorCallbackWithSkipApproval (line 1214) | func TestHandleConnectorCallbackWithSkipApproval(t *testing.T) {
function TestHandleTokenExchange (line 1352) | func TestHandleTokenExchange(t *testing.T) {
function TestHandleTokenExchangeConnectorGrantTypeRestriction (line 1456) | func TestHandleTokenExchangeConnectorGrantTypeRestriction(t *testing.T) {
function TestHandleAuthorizationConnectorGrantTypeFiltering (line 1496) | func TestHandleAuthorizationConnectorGrantTypeFiltering(t *testing.T) {
function TestHandleConnectorLoginGrantTypeRejection (line 1587) | func TestHandleConnectorLoginGrantTypeRejection(t *testing.T) {
function setNonEmpty (line 1618) | func setNonEmpty(vals url.Values, key, value string) {
function registerTestConnector (line 1625) | func registerTestConnector(t *testing.T, s *Server, connID string, c con...
function TestConnectorDataPersistence (line 1647) | func TestConnectorDataPersistence(t *testing.T) {
type mockSAMLRefreshConnector (line 1723) | type mockSAMLRefreshConnector struct
method POSTData (line 1727) | func (m *mockSAMLRefreshConnector) POSTData(s connector.Scopes, reques...
method HandlePOST (line 1731) | func (m *mockSAMLRefreshConnector) HandlePOST(s connector.Scopes, saml...
method Refresh (line 1735) | func (m *mockSAMLRefreshConnector) Refresh(ctx context.Context, s conn...
function TestFilterConnectors (line 1739) | func TestFilterConnectors(t *testing.T) {
function TestIsConnectorAllowed (line 1795) | func TestIsConnectorAllowed(t *testing.T) {
function TestHandleAuthorizationWithAllowedConnectors (line 1836) | func TestHandleAuthorizationWithAllowedConnectors(t *testing.T) {
function TestHandleAuthorizationWithNoMatchingConnectors (line 1866) | func TestHandleAuthorizationWithNoMatchingConnectors(t *testing.T) {
function TestHandleAuthorizationWithoutAllowedConnectors (line 1891) | func TestHandleAuthorizationWithoutAllowedConnectors(t *testing.T) {
FILE: server/internal/codec.go
function Marshal (line 10) | func Marshal(message proto.Message) (string, error) {
function Unmarshal (line 19) | func Unmarshal(s string, message proto.Message) error {
FILE: server/internal/types.pb.go
constant _ (line 21) | _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
constant _ (line 23) | _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
type RefreshToken (line 27) | type RefreshToken struct
method Reset (line 35) | func (x *RefreshToken) Reset() {
method String (line 42) | func (x *RefreshToken) String() string {
method ProtoMessage (line 46) | func (*RefreshToken) ProtoMessage() {}
method ProtoReflect (line 48) | func (x *RefreshToken) ProtoReflect() protoreflect.Message {
method Descriptor (line 61) | func (*RefreshToken) Descriptor() ([]byte, []int) {
method GetRefreshId (line 65) | func (x *RefreshToken) GetRefreshId() string {
method GetToken (line 72) | func (x *RefreshToken) GetToken() string {
type IDTokenSubject (line 81) | type IDTokenSubject struct
method Reset (line 89) | func (x *IDTokenSubject) Reset() {
method String (line 96) | func (x *IDTokenSubject) String() string {
method ProtoMessage (line 100) | func (*IDTokenSubject) ProtoMessage() {}
method ProtoReflect (line 102) | func (x *IDTokenSubject) ProtoReflect() protoreflect.Message {
method Descriptor (line 115) | func (*IDTokenSubject) Descriptor() ([]byte, []int) {
method GetUserId (line 119) | func (x *IDTokenSubject) GetUserId() string {
method GetConnId (line 126) | func (x *IDTokenSubject) GetConnId() string {
function file_server_internal_types_proto_rawDescGZIP (line 158) | func file_server_internal_types_proto_rawDescGZIP() []byte {
function init (line 178) | func init() { file_server_internal_types_proto_init() }
function file_server_internal_types_proto_init (line 179) | func file_server_internal_types_proto_init() {
FILE: server/introspectionhandler.go
type Introspection (line 17) | type Introspection struct
type IntrospectionExtra (line 82) | type IntrospectionExtra struct
type TokenTypeEnum (line 96) | type TokenTypeEnum
method String (line 103) | func (t TokenTypeEnum) String() string {
constant AccessToken (line 99) | AccessToken TokenTypeEnum = iota
constant RefreshToken (line 100) | RefreshToken
type introspectionError (line 114) | type introspectionError struct
method Error (line 120) | func (e *introspectionError) Error() string {
method Is (line 124) | func (e *introspectionError) Is(tgt error) bool {
function newIntrospectInactiveTokenError (line 135) | func newIntrospectInactiveTokenError() *introspectionError {
function newIntrospectInternalServerError (line 139) | func newIntrospectInternalServerError() *introspectionError {
function newIntrospectBadRequestError (line 143) | func newIntrospectBadRequestError(desc string) *introspectionError {
method guessTokenType (line 147) | func (s *Server) guessTokenType(ctx context.Context, token string) (Toke...
method getTokenFromRequest (line 168) | func (s *Server) getTokenFromRequest(r *http.Request) (string, TokenType...
method introspectRefreshToken (line 196) | func (s *Server) introspectRefreshToken(ctx context.Context, token strin...
method introspectAccessToken (line 247) | func (s *Server) introspectAccessToken(ctx context.Context, token string...
method handleIntrospect (line 289) | func (s *Server) handleIntrospect(w http.ResponseWriter, r *http.Request) {
method introspectErrHelper (line 330) | func (s *Server) introspectErrHelper(w http.ResponseWriter, typ string, ...
function introspectInactiveErr (line 342) | func introspectInactiveErr(w http.ResponseWriter) {
FILE: server/introspectionhandler_test.go
function toJSON (line 21) | func toJSON(a interface{}) string {
function mockTestStorage (line 30) | func mockTestStorage(t *testing.T, s storage.Storage) {
function getIntrospectionValue (line 110) | func getIntrospectionValue(issuerURL url.URL, issuedAt time.Time, expiry...
function TestGetTokenFromRequestSuccess (line 137) | func TestGetTokenFromRequestSuccess(t *testing.T) {
function TestGetTokenFromRequestFailure (line 206) | func TestGetTokenFromRequestFailure(t *testing.T) {
function TestHandleIntrospect (line 242) | func TestHandleIntrospect(t *testing.T) {
function TestIntrospectErrHelper (line 365) | func TestIntrospectErrHelper(t *testing.T) {
FILE: server/mfa.go
type MFAProvider (line 22) | type MFAProvider interface
type TOTPProvider (line 31) | type TOTPProvider struct
method EnabledForConnectorType (line 45) | func (p *TOTPProvider) EnabledForConnectorType(connectorType string) b...
method Type (line 53) | func (p *TOTPProvider) Type() string { return "TOTP" }
method generate (line 55) | func (p *TOTPProvider) generate(connID, email string) (*otp.Key, error) {
function NewTOTPProvider (line 37) | func NewTOTPProvider(issuer string, connectorTypes []string) *TOTPProvid...
method handleMFAVerify (line 62) | func (s *Server) handleMFAVerify(w http.ResponseWriter, r *http.Request) {
method renderTOTPPage (line 251) | func (s *Server) renderTOTPPage(secret *storage.MFASecret, lastFail bool...
method sendCodeOrRedirectToApproval (line 271) | func (s *Server) sendCodeOrRedirectToApproval(w http.ResponseWriter, r *...
function generateTOTPQRCode (line 302) | func generateTOTPQRCode(keyURL string) (string, error) {
method mfaChainForClient (line 324) | func (s *Server) mfaChainForClient(ctx context.Context, clientID, connec...
method getConnectorType (line 358) | func (s *Server) getConnectorType(ctx context.Context, connectorID strin...
FILE: server/oauth2.go
type displayedAuthErr (line 36) | type displayedAuthErr struct
method Error (line 41) | func (err *displayedAuthErr) Error() string {
function newDisplayedErr (line 45) | func newDisplayedErr(status int, format string, a ...interface{}) *displ...
method redirectWithError (line 51) | func (s *Server) redirectWithError(w http.ResponseWriter, r *http.Reques...
type redirectedAuthErr (line 62) | type redirectedAuthErr struct
method Error (line 69) | func (err *redirectedAuthErr) Error() string {
method Handler (line 73) | func (err *redirectedAuthErr) Handler() http.Handler {
function tokenErr (line 104) | func tokenErr(w http.ResponseWriter, typ, description string, statusCode...
constant errInvalidRequest (line 121) | errInvalidRequest = "invalid_request"
constant errUnauthorizedClient (line 122) | errUnauthorizedClient = "unauthorized_client"
constant errAccessDenied (line 123) | errAccessDenied = "access_denied"
constant errUnsupportedResponseType (line 124) | errUnsupportedResponseType = "unsupported_response_type"
constant errRequestNotSupported (line 125) | errRequestNotSupported = "request_not_supported"
constant errInvalidScope (line 126) | errInvalidScope = "invalid_scope"
constant errServerError (line 127) | errServerError = "server_error"
constant errTemporarilyUnavailable (line 128) | errTemporarilyUnavailable = "temporarily_unavailable"
constant errUnsupportedGrantType (line 129) | errUnsupportedGrantType = "unsupported_grant_type"
constant errInvalidGrant (line 130) | errInvalidGrant = "invalid_grant"
constant errInvalidClient (line 131) | errInvalidClient = "invalid_client"
constant errInactiveToken (line 132) | errInactiveToken = "inactive_token"
constant errLoginRequired (line 133) | errLoginRequired = "login_required"
constant errInteractionRequired (line 134) | errInteractionRequired = "interaction_required"
constant errConsentRequired (line 135) | errConsentRequired = "consent_required"
constant scopeOfflineAccess (line 139) | scopeOfflineAccess = "offline_access"
constant scopeOpenID (line 140) | scopeOpenID = "openid"
constant scopeGroups (line 141) | scopeGroups = "groups"
constant scopeEmail (line 142) | scopeEmail = "email"
constant scopeProfile (line 143) | scopeProfile = "profile"
constant scopeFederatedID (line 144) | scopeFederatedID = "federated:id"
constant scopeCrossClientPrefix (line 145) | scopeCrossClientPrefix = "audience:server:client_id:"
constant deviceCallbackURI (line 149) | deviceCallbackURI = "/device/callback"
constant redirectURIOOB (line 153) | redirectURIOOB = "urn:ietf:wg:oauth:2.0:oob"
constant grantTypeAuthorizationCode (line 157) | grantTypeAuthorizationCode = "authorization_code"
constant grantTypeRefreshToken (line 158) | grantTypeRefreshToken = "refresh_token"
constant grantTypeImplicit (line 159) | grantTypeImplicit = "implicit"
constant grantTypePassword (line 160) | grantTypePassword = "password"
constant grantTypeDeviceCode (line 161) | grantTypeDeviceCode = "urn:ietf:params:oauth:grant-type:device_code"
constant grantTypeTokenExchange (line 162) | grantTypeTokenExchange = "urn:ietf:params:oauth:grant-type:token-exc...
constant grantTypeClientCredentials (line 163) | grantTypeClientCredentials = "client_credentials"
constant tokenTypeAccess (line 178) | tokenTypeAccess = "urn:ietf:params:oauth:token-type:access_token"
constant tokenTypeRefresh (line 179) | tokenTypeRefresh = "urn:ietf:params:oauth:token-type:refresh_token"
constant tokenTypeID (line 180) | tokenTypeID = "urn:ietf:params:oauth:token-type:id_token"
constant tokenTypeSAML1 (line 181) | tokenTypeSAML1 = "urn:ietf:params:oauth:token-type:saml1"
constant tokenTypeSAML2 (line 182) | tokenTypeSAML2 = "urn:ietf:params:oauth:token-type:saml2"
constant tokenTypeJWT (line 183) | tokenTypeJWT = "urn:ietf:params:oauth:token-type:jwt"
constant responseTypeCode (line 187) | responseTypeCode = "code"
constant responseTypeToken (line 188) | responseTypeToken = "token"
constant responseTypeIDToken (line 189) | responseTypeIDToken = "id_token"
constant responseTypeCodeToken (line 190) | responseTypeCodeToken = "code token"
constant responseTypeCodeIDToken (line 191) | responseTypeCodeIDToken = "code id_token"
constant responseTypeIDTokenToken (line 192) | responseTypeIDTokenToken = "id_token token"
constant responseTypeCodeIDTokenToken (line 193) | responseTypeCodeIDTokenToken = "code id_token token"
constant deviceTokenPending (line 197) | deviceTokenPending = "authorization_pending"
constant deviceTokenComplete (line 198) | deviceTokenComplete = "complete"
constant deviceTokenSlowDown (line 199) | deviceTokenSlowDown = "slow_down"
constant deviceTokenExpired (line 200) | deviceTokenExpired = "expired_token"
function parseScopes (line 203) | func parseScopes(scopes []string) connector.Scopes {
function accessTokenHash (line 236) | func accessTokenHash(alg jose.SignatureAlgorithm, accessToken string) (s...
type audience (line 250) | type audience
method contains (line 252) | func (a audience) contains(aud string) bool {
method MarshalJSON (line 261) | func (a audience) MarshalJSON() ([]byte, error) {
type idTokenClaims (line 268) | type idTokenClaims struct
type federatedIDClaims (line 292) | type federatedIDClaims struct
method newAccessToken (line 297) | func (s *Server) newAccessToken(ctx context.Context, clientID string, cl...
function getClientID (line 301) | func getClientID(aud audience, azp string) (string, error) {
function getAudience (line 312) | func getAudience(clientID string, scopes []string) audience {
function genSubject (line 335) | func genSubject(userID string, connID string) (string, error) {
method newIDToken (line 344) | func (s *Server) newIDToken(ctx context.Context, clientID string, claims...
method validateIDTokenHint (line 445) | func (s *Server) validateIDTokenHint(ctx context.Context, hint string) (...
function sessionMatchesHint (line 465) | func sessionMatchesHint(session *storage.AuthSession, hintSubject string...
method parseAuthorizationRequest (line 478) | func (s *Server) parseAuthorizationRequest(r *http.Request) (*storage.Au...
function parseCrossClientScope (line 689) | func parseCrossClientScope(scope string) (peerID string, ok bool) {
method validateCrossClientTrust (line 696) | func (s *Server) validateCrossClientTrust(ctx context.Context, clientID,...
function validateRedirectURI (line 716) | func validateRedirectURI(client storage.Client, redirectURI string) bool {
function isHostLocal (line 746) | func isHostLocal(host string) bool {
function validateConnectorID (line 759) | func validateConnectorID(connectors []storage.Connector, connectorID str...
type signerKeySet (line 769) | type signerKeySet struct
method VerifySignature (line 773) | func (s *signerKeySet) VerifySignature(ctx context.Context, jwt string...
FILE: server/oauth2_test.go
function TestGetClientID (line 24) | func TestGetClientID(t *testing.T) {
function TestGetAudience (line 38) | func TestGetAudience(t *testing.T) {
function TestGetSubject (line 49) | func TestGetSubject(t *testing.T) {
function TestParseAuthorizationRequest (line 55) | func TestParseAuthorizationRequest(t *testing.T) {
constant googleAccessTokenHash (line 475) | googleAccessTokenHash = "piwt8oCH-K2D9pXlaS1Y-w"
constant googleAccessToken (line 476) | googleAccessToken = "ya29.CjHSA1l5WUn8xZ6HanHFzzdHdbXm-14rxnC7JHch9e...
constant googleSigningAlg (line 477) | googleSigningAlg = jose.RS256
function TestAccessTokenHash (line 480) | func TestAccessTokenHash(t *testing.T) {
function TestValidRedirectURI (line 490) | func TestValidRedirectURI(t *testing.T) {
function TestSignerKeySet (line 691) | func TestSignerKeySet(t *testing.T) {
function TestRedirectedAuthErrHandler (line 784) | func TestRedirectedAuthErrHandler(t *testing.T) {
function signTestIDToken (line 892) | func signTestIDToken(t *testing.T, claims interface{}) string {
function TestValidateIDTokenHint (line 908) | func TestValidateIDTokenHint(t *testing.T) {
function TestSessionMatchesHint (line 983) | func TestSessionMatchesHint(t *testing.T) {
function TestParseAuthorizationRequest_IDTokenHint (line 991) | func TestParseAuthorizationRequest_IDTokenHint(t *testing.T) {
FILE: server/prompt.go
type Prompt (line 11) | type Prompt struct
method None (line 56) | func (p Prompt) None() bool { return p.none }
method Login (line 59) | func (p Prompt) Login() bool { return p.login }
method Consent (line 62) | func (p Prompt) Consent() bool { return p.consent }
method String (line 65) | func (p Prompt) String() string {
function ParsePrompt (line 19) | func ParsePrompt(raw string) (Prompt, error) {
FILE: server/prompt_test.go
function TestParsePrompt (line 10) | func TestParsePrompt(t *testing.T) {
function TestPromptString (line 47) | func TestPromptString(t *testing.T) {
FILE: server/refreshhandlers.go
type RefreshTokenPolicy (line 17) | type RefreshTokenPolicy struct
method RotationEnabled (line 62) | func (r *RefreshTokenPolicy) RotationEnabled() bool {
method CompletelyExpired (line 66) | func (r *RefreshTokenPolicy) CompletelyExpired(lastUsed time.Time) bool {
method ExpiredBecauseUnused (line 73) | func (r *RefreshTokenPolicy) ExpiredBecauseUnused(lastUsed time.Time) ...
method AllowedToReuse (line 80) | func (r *RefreshTokenPolicy) AllowedToReuse(lastUsed time.Time) bool {
function NewRefreshTokenPolicy (line 29) | func NewRefreshTokenPolicy(logger *slog.Logger, rotation bool, validIfNo...
function contains (line 87) | func contains(arr []string, item string) bool {
type refreshError (line 96) | type refreshError struct
method Error (line 102) | func (r *refreshError) Error() string {
function newInternalServerError (line 106) | func newInternalServerError() *refreshError {
function newBadRequestError (line 110) | func newBadRequestError(desc string) *refreshError {
method refreshTokenErrHelper (line 119) | func (s *Server) refreshTokenErrHelper(w http.ResponseWriter, err *refre...
method extractRefreshTokenFromRequest (line 123) | func (s *Server) extractRefreshTokenFromRequest(r *http.Request) (*inter...
type refreshContext (line 143) | type refreshContext struct
method getRefreshTokenFromStorage (line 154) | func (s *Server) getRefreshTokenFromStorage(ctx context.Context, clientI...
method getRefreshScopes (line 228) | func (s *Server) getRefreshScopes(r *http.Request, refresh *storage.Refr...
method refreshWithConnector (line 260) | func (s *Server) refreshWithConnector(ctx context.Context, rCtx *refresh...
method updateOfflineSession (line 283) | func (s *Server) updateOfflineSession(ctx context.Context, refresh *stor...
method updateRefreshToken (line 311) | func (s *Server) updateRefreshToken(ctx context.Context, rCtx *refreshCo...
method handleRefreshToken (line 408) | func (s *Server) handleRefreshToken(w http.ResponseWriter, r *http.Reque...
FILE: server/refreshhandlers_test.go
function mockRefreshTokenTestStorage (line 23) | func mockRefreshTokenTestStorage(t *testing.T, s storage.Storage, useObs...
function TestRefreshTokenExpirationScenarios (line 85) | func TestRefreshTokenExpirationScenarios(t *testing.T) {
function decodeJWTClaims (line 216) | func decodeJWTClaims(t *testing.T, token string) map[string]any {
function TestRefreshTokenAuthTime (line 230) | func TestRefreshTokenAuthTime(t *testing.T) {
function TestRefreshTokenPolicy (line 350) | func TestRefreshTokenPolicy(t *testing.T) {
FILE: server/server.go
constant LocalConnector (line 56) | LocalConnector = "local"
type Connector (line 59) | type Connector struct
function GrantTypeAllowed (line 68) | func GrantTypeAllowed(configuredTypes []string, grantType string) bool {
type Config (line 75) | type Config struct
type SessionConfig (line 153) | type SessionConfig struct
type WebConfig (line 161) | type WebConfig struct
type PKCEConfig (line 192) | type PKCEConfig struct
function value (line 199) | func value(val, defaultValue time.Duration) time.Duration {
type Server (line 207) | type Server struct
method ServeHTTP (line 587) | func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
method absPath (line 591) | func (s *Server) absPath(pathItems ...string) string {
method absURL (line 598) | func (s *Server) absURL(pathItems ...string) string {
method startGarbageCollection (line 719) | func (s *Server) startGarbageCollection(ctx context.Context, frequency...
method OpenConnector (line 794) | func (s *Server) OpenConnector(conn storage.Connector) (Connector, err...
method CloseConnector (line 821) | func (s *Server) CloseConnector(id string) {
method getConnector (line 829) | func (s *Server) getConnector(ctx context.Context, id string) (Connect...
function NewServer (line 255) | func NewServer(ctx context.Context, c Config) (*Server, error) {
function newServer (line 259) | func newServer(ctx context.Context, c Config) (*Server, error) {
function newPasswordDB (line 604) | func newPasswordDB(s storage.Storage) interface {
type passwordDB (line 611) | type passwordDB struct
method Login (line 629) | func (db passwordDB) Login(ctx context.Context, s connector.Scopes, em...
method Refresh (line 655) | func (db passwordDB) Refresh(ctx context.Context, s connector.Scopes, ...
method Prompt (line 683) | func (db passwordDB) Prompt() string {
function resolvePasswordName (line 615) | func resolvePasswordName(p storage.Password) string {
function resolvePasswordEmailVerified (line 622) | func resolvePasswordEmailVerified(p storage.Password) bool {
function newKeyCacher (line 688) | func newKeyCacher(s storage.Storage, now func() time.Time) storage.Stora...
type keyCacher (line 695) | type keyCacher struct
method GetKeys (line 702) | func (k *keyCacher) GetKeys(ctx context.Context) (storage.Keys, error) {
type ConnectorConfig (line 740) | type ConnectorConfig interface
function openConnector (line 769) | func openConnector(logger *slog.Logger, conn storage.Connector) (connect...
type logRequestKey (line 854) | type logRequestKey
constant RequestKeyRequestID (line 857) | RequestKeyRequestID logRequestKey = "request_id"
constant RequestKeyRemoteIP (line 858) | RequestKeyRemoteIP logRequestKey = "client_remote_addr"
function WithRequestID (line 861) | func WithRequestID(ctx context.Context) context.Context {
function WithRemoteIP (line 865) | func WithRemoteIP(ctx context.Context, ip string) context.Context {
FILE: server/server_test.go
function mustLoad (line 39) | func mustLoad(s string) *rsa.PrivateKey {
function newTestServer (line 79) | func newTestServer(t *testing.T, updateConfig func(c *Config)) (*httptes...
function newTestServerMultipleConnectors (line 145) | func newTestServerMultipleConnectors(t *testing.T, updateConfig func(c *...
function TestNewTestServer (line 200) | func TestNewTestServer(t *testing.T) {
function TestDiscovery (line 204) | func TestDiscovery(t *testing.T) {
type oauth2Tests (line 234) | type oauth2Tests struct
type test (line 239) | type test struct
type ErrorResponse (line 261) | type ErrorResponse struct
type OAuth2ErrorResponse (line 267) | type OAuth2ErrorResponse struct
function makeOAuth2Tests (line 273) | func makeOAuth2Tests(clientID string, clientSecret string, now func() ti...
function TestOAuth2CodeFlow (line 724) | func TestOAuth2CodeFlow(t *testing.T) {
function TestOAuth2ImplicitFlow (line 901) | func TestOAuth2ImplicitFlow(t *testing.T) {
function TestCrossClientScopes (line 1036) | func TestCrossClientScopes(t *testing.T) {
function TestCrossClientScopesWithAzpInAudienceByDefault (line 1158) | func TestCrossClientScopesWithAzpInAudienceByDefault(t *testing.T) {
function TestPasswordDB (line 1279) | func TestPasswordDB(t *testing.T) {
function TestPasswordDBUsernamePrompt (line 1371) | func TestPasswordDBUsernamePrompt(t *testing.T) {
type storageWithKeysTrigger (line 1382) | type storageWithKeysTrigger struct
method GetKeys (line 1387) | func (s storageWithKeysTrigger) GetKeys(ctx context.Context) (storage....
function TestKeyCacher (line 1392) | func TestKeyCacher(t *testing.T) {
function checkErrorResponse (line 1454) | func checkErrorResponse(err error, t *testing.T, tc test) {
type oauth2Client (line 1478) | type oauth2Client struct
function TestRefreshTokenFlow (line 1486) | func TestRefreshTokenFlow(t *testing.T) {
function TestOAuth2DeviceFlow (line 1586) | func TestOAuth2DeviceFlow(t *testing.T) {
function TestServerSupportedGrants (line 1769) | func TestServerSupportedGrants(t *testing.T) {
function TestHeaders (line 1829) | func TestHeaders(t *testing.T) {
function TestConnectorFailureHandling (line 1850) | func TestConnectorFailureHandling(t *testing.T) {
FILE: server/session.go
method rememberMeDefault (line 19) | func (s *Server) rememberMeDefault() *bool {
function remoteIP (line 28) | func remoteIP(r *http.Request) string {
function sessionCookieValue (line 38) | func sessionCookieValue(userID, connectorID, nonce string) string {
function parseSessionCookie (line 45) | func parseSessionCookie(value string) (userID, connectorID, nonce string...
method sessionCookiePath (line 64) | func (s *Server) sessionCookiePath() string {
method setSessionCookie (line 71) | func (s *Server) setSessionCookie(w http.ResponseWriter, userID, connect...
method clearSessionCookie (line 86) | func (s *Server) clearSessionCookie(w http.ResponseWriter) {
method getValidAuthSession (line 102) | func (s *Server) getValidAuthSession(ctx context.Context, w http.Respons...
method createOrUpdateAuthSession (line 170) | func (s *Server) createOrUpdateAuthSession(ctx context.Context, r *http....
method trySessionLogin (line 242) | func (s *Server) trySessionLogin(ctx context.Context, r *http.Request, w...
method trySessionLoginWithSession (line 250) | func (s *Server) trySessionLoginWithSession(ctx context.Context, r *http...
method updateSessionTokenIssuedAt (line 335) | func (s *Server) updateSessionTokenIssuedAt(r *http.Request, clientID st...
FILE: server/session_test.go
function newTestSessionServer (line 19) | func newTestSessionServer(t *testing.T) *Server {
function TestSetSessionCookie (line 39) | func TestSetSessionCookie(t *testing.T) {
function TestSetSessionCookie_HTTP (line 57) | func TestSetSessionCookie_HTTP(t *testing.T) {
function TestClearSessionCookie (line 70) | func TestClearSessionCookie(t *testing.T) {
function TestSessionCookieValueRoundtrip (line 82) | func TestSessionCookieValueRoundtrip(t *testing.T) {
function TestParseSessionCookie_Invalid (line 106) | func TestParseSessionCookie_Invalid(t *testing.T) {
function TestGetValidAuthSession (line 115) | func TestGetValidAuthSession(t *testing.T) {
function TestCreateOrUpdateAuthSession (line 298) | func TestCreateOrUpdateAuthSession(t *testing.T) {
function setupSessionLoginFixture (line 401) | func setupSessionLoginFixture(t *testing.T, s *Server) storage.AuthReque...
function sessionCookieRequest (line 452) | func sessionCookieRequest(userID, connectorID, nonce string) *http.Reque...
function TestTrySessionLogin (line 458) | func TestTrySessionLogin(t *testing.T) {
function setupSessionWithIdentity (line 604) | func setupSessionWithIdentity(t *testing.T, s *Server, now time.Time, la...
function TestTrySessionLogin_MaxAge (line 656) | func TestTrySessionLogin_MaxAge(t *testing.T) {
function TestTrySessionLoginWithSession_IDTokenHint (line 751) | func TestTrySessionLoginWithSession_IDTokenHint(t *testing.T) {
function TestParseAuthRequest_PromptAndMaxAge (line 828) | func TestParseAuthRequest_PromptAndMaxAge(t *testing.T) {
FILE: server/signer/local.go
type LocalConfig (line 15) | type LocalConfig struct
method Open (line 21) | func (c *LocalConfig) Open(_ context.Context, s storage.Storage, idTok...
type localSigner (line 38) | type localSigner struct
method Start (line 48) | func (l *localSigner) Start(ctx context.Context) {
method Sign (line 72) | func (l *localSigner) Sign(ctx context.Context, payload []byte) (strin...
method ValidationKeys (line 90) | func (l *localSigner) ValidationKeys(ctx context.Context) ([]*jose.JSO...
method Algorithm (line 108) | func (l *localSigner) Algorithm(_ context.Context) (jose.SignatureAlgo...
FILE: server/signer/local_test.go
function newTestLocalSigner (line 16) | func newTestLocalSigner(t *testing.T) *localSigner {
function TestLocalSignerAlgorithm (line 35) | func TestLocalSignerAlgorithm(t *testing.T) {
function TestLocalSignerSignAndValidate (line 44) | func TestLocalSignerSignAndValidate(t *testing.T) {
FILE: server/signer/mock.go
type MockConfig (line 14) | type MockConfig struct
method Open (line 19) | func (c *MockConfig) Open(_ context.Context) (Signer, error) {
type mockSigner (line 53) | type mockSigner struct
method Sign (line 58) | func (m *mockSigner) Sign(_ context.Context, payload []byte) (string, ...
method ValidationKeys (line 62) | func (m *mockSigner) ValidationKeys(_ context.Context) ([]*jose.JSONWe...
method Algorithm (line 66) | func (m *mockSigner) Algorithm(_ context.Context) (jose.SignatureAlgor...
method Start (line 70) | func (m *mockSigner) Start(_ context.Context) {
function NewMockSigner (line 76) | func NewMockSigner(key *rsa.PrivateKey) (Signer, error) {
FILE: server/signer/rotation.go
type rotationStrategy (line 23) | type rotationStrategy struct
function defaultRotationStrategy (line 38) | func defaultRotationStrategy(rotationFrequency, idTokenValidFor time.Dur...
type keyRotator (line 48) | type keyRotator struct
method rotate (line 57) | func (k keyRotator) rotate() error {
FILE: server/signer/rotation_test.go
function signingKeyID (line 14) | func signingKeyID(t *testing.T, s storage.Storage) string {
function verificationKeyIDs (line 22) | func verificationKeyIDs(t *testing.T, s storage.Storage) (ids []string) {
function slicesEq (line 35) | func slicesEq(s1, s2 []string) bool {
function TestKeyRotator (line 59) | func TestKeyRotator(t *testing.T) {
FILE: server/signer/signer.go
type Signer (line 10) | type Signer interface
FILE: server/signer/utils.go
function signatureAlgorithm (line 13) | func signatureAlgorithm(jwk *jose.JSONWebKey) (alg jose.SignatureAlgorit...
function signPayload (line 46) | func signPayload(key *jose.JSONWebKey, alg jose.SignatureAlgorithm, payl...
FILE: server/signer/vault.go
type VaultConfig (line 25) | type VaultConfig struct
method UnmarshalJSON (line 34) | func (c *VaultConfig) UnmarshalJSON(data []byte) error {
method Open (line 63) | func (c *VaultConfig) Open(_ context.Context) (Signer, error) {
type vaultSigner (line 68) | type vaultSigner struct
method Start (line 93) | func (v *vaultSigner) Start(_ context.Context) {
method Sign (line 97) | func (v *vaultSigner) Sign(ctx context.Context, payload []byte) (strin...
method ValidationKeys (line 182) | func (v *vaultSigner) ValidationKeys(ctx context.Context) ([]*jose.JSO...
method getTransitKeysMap (line 196) | func (v *vaultSigner) getTransitKeysMap(ctx context.Context) (map[int6...
method Algorithm (line 352) | func (v *vaultSigner) Algorithm(ctx context.Context) (jose.SignatureAl...
function newVaultSigner (line 74) | func newVaultSigner(c VaultConfig) (*vaultSigner, error) {
function parsePEMToJWK (line 252) | func parsePEMToJWK(pemStr string) (*jose.JSONWebKey, error) {
function splitVaultSignature (line 337) | func splitVaultSignature(sig string) []string {
type vaultAlgoParams (line 365) | type vaultAlgoParams struct
function getVaultParams (line 370) | func getVaultParams(alg string) (vaultAlgoParams, error) {
FILE: server/signer/vault_integration_test.go
type conformanceTestConfig (line 34) | type conformanceTestConfig struct
function getTestConfigs (line 41) | func getTestConfigs(t *testing.T) []conformanceTestConfig {
function TestVaultSignerConformance_SigningAndVerification (line 75) | func TestVaultSignerConformance_SigningAndVerification(t *testing.T) {
function TestVaultSignerConformance_KeyRotation (line 251) | func TestVaultSignerConformance_KeyRotation(t *testing.T) {
function TestVaultSignerConformance_PublicKeyDiscovery (line 380) | func TestVaultSignerConformance_PublicKeyDiscovery(t *testing.T) {
function enableTransitEngine (line 515) | func enableTransitEngine(client *vault.Client) error {
function cleanupTests (line 537) | func cleanupTests(t *testing.T, ctx context.Context, client *vault.Clien...
FILE: server/signer/vault_test.go
function TestVaultConfigUnmarshalJSON_WithEnvVars (line 9) | func TestVaultConfigUnmarshalJSON_WithEnvVars(t *testing.T) {
function TestVaultConfigUnmarshalJSON_WithoutEnvVars (line 93) | func TestVaultConfigUnmarshalJSON_WithoutEnvVars(t *testing.T) {
function TestVaultConfigUnmarshalJSON_InvalidJSON (line 167) | func TestVaultConfigUnmarshalJSON_InvalidJSON(t *testing.T) {
FILE: server/templates.go
constant tmplApproval (line 18) | tmplApproval = "approval.html"
constant tmplLogin (line 19) | tmplLogin = "login.html"
constant tmplPassword (line 20) | tmplPassword = "password.html"
constant tmplOOB (line 21) | tmplOOB = "oob.html"
constant tmplError (line 22) | tmplError = "error.html"
constant tmplDevice (line 23) | tmplDevice = "device.html"
constant tmplDeviceSuccess (line 24) | tmplDeviceSuccess = "device_success.html"
constant tmplTOTPVerify (line 25) | tmplTOTPVerify = "totp_verify.html"
type templates (line 38) | type templates struct
method device (line 267) | func (t *templates) device(r *http.Request, w http.ResponseWriter, pos...
method deviceSuccess (line 280) | func (t *templates) deviceSuccess(r *http.Request, w http.ResponseWrit...
method login (line 288) | func (t *templates) login(r *http.Request, w http.ResponseWriter, conn...
method password (line 297) | func (t *templates) password(r *http.Request, w http.ResponseWriter, p...
method approval (line 325) | func (t *templates) approval(r *http.Request, w http.ResponseWriter, a...
method totpVerify (line 344) | func (t *templates) totpVerify(r *http.Request, w http.ResponseWriter,...
method oob (line 359) | func (t *templates) oob(r *http.Request, w http.ResponseWriter, code s...
method err (line 367) | func (t *templates) err(r *http.Request, w http.ResponseWriter, errCod...
type webConfig (line 49) | type webConfig struct
function getFuncMap (line 58) | func getFuncMap(c webConfig) (template.FuncMap, error) {
function loadWebConfig (line 93) | func loadWebConfig(c webConfig) (http.Handler, http.Handler, http.Handle...
function loadTemplates (line 131) | func loadTemplates(c webConfig, templatesDir string) (*templates, error) {
function relativeURL (line 193) | func relativeURL(serverPath, reqPath, assetPath string) string {
type connectorInfo (line 254) | type connectorInfo struct
type byName (line 261) | type byName
method Len (line 263) | func (n byName) Len() int { return len(n) }
method Less (line 264) | func (n byName) Less(i, j int) bool { return n[i].Name < n[j].Name }
method Swap (line 265) | func (n byName) Swap(i, j int) { n[i], n[j] = n[j], n[i] }
type writeRecorder (line 381) | type writeRecorder struct
method Write (line 386) | func (w *writeRecorder) Write(p []byte) (n int, err error) {
function renderTemplate (line 391) | func renderTemplate(w http.ResponseWriter, tmpl *template.Template, data...
FILE: server/templates_test.go
function TestRelativeURL (line 5) | func TestRelativeURL(t *testing.T) {
FILE: storage/conformance/conformance.go
type subTest (line 26) | type subTest struct
function runTests (line 31) | func runTests(t *testing.T, newStorage func(t *testing.T) storage.Storag...
function RunTests (line 44) | func RunTests(t *testing.T, newStorage func(t *testing.T) storage.Storag...
function mustLoadJWK (line 63) | func mustLoadJWK(b string) *jose.JSONWebKey {
function mustBeErrNotFound (line 71) | func mustBeErrNotFound(t *testing.T, kind string, err error) {
function mustBeErrAlreadyExists (line 80) | func mustBeErrAlreadyExists(t *testing.T, kind string, err error) {
function testAuthRequestCRUD (line 89) | func testAuthRequestCRUD(t *testing.T, s storage.Storage) {
function testAuthCodeCRUD (line 191) | func testAuthCodeCRUD(t *testing.T, s storage.Storage) {
function testClientCRUD (line 272) | func testClientCRUD(t *testing.T, s storage.Storage) {
function testRefreshTokenCRUD (line 343) | func testRefreshTokenCRUD(t *testing.T, s storage.Storage) {
type byEmail (line 456) | type byEmail
method Len (line 458) | func (n byEmail) Len() int { return len(n) }
method Less (line 459) | func (n byEmail) Less(i, j int) bool { return n[i].Email < n[j].Email }
method Swap (line 460) | func (n byEmail) Swap(i, j int) { n[i], n[j] = n[j], n[i] }
function boolPtr (line 462) | func boolPtr(v bool) *bool {
function testPasswordCRUD (line 466) | func testPasswordCRUD(t *testing.T, s storage.Storage) {
function testOfflineSessionCRUD (line 565) | func testOfflineSessionCRUD(t *testing.T, s storage.Storage) {
function testConnectorCRUD (line 640) | func testConnectorCRUD(t *testing.T, s storage.Storage) {
function testKeysCRUD (line 732) | func testKeysCRUD(t *testing.T, s storage.Storage) {
function testGC (line 783) | func testGC(t *testing.T, s storage.Storage) {
function testTimezones (line 1067) | func testTimezones(t *testing.T, s storage.Storage) {
function testDeviceRequestCRUD (line 1113) | func testDeviceRequestCRUD(t *testing.T, s storage.Storage) {
function testDeviceTokenCRUD (line 1143) | func testDeviceTokenCRUD(t *testing.T, s storage.Storage) {
function testUserIdentityCRUD (line 1196) | func testUserIdentityCRUD(t *testing.T, s storage.Storage) {
function testAuthSessionCRUD (line 1277) | func testAuthSessionCRUD(t *testing.T, s storage.Storage) {
FILE: storage/conformance/gen_jwks.go
function newUUID (line 23) | func newUUID() string {
type keyPair (line 58) | type keyPair struct
function main (line 63) | func main() {
FILE: storage/conformance/jwks.go
type keyPair (line 7) | type keyPair struct
FILE: storage/conformance/transactions.go
function RunTransactionTests (line 23) | func RunTransactionTests(t *testing.T, newStorage func(t *testing.T) sto...
function RunConcurrencyTests (line 36) | func RunConcurrencyTests(t *testing.T, newStorage func(t *testing.T) sto...
function testClientConcurrentUpdate (line 42) | func testClientConcurrentUpdate(t *testing.T, s storage.Storage) {
function testAuthRequestConcurrentUpdate (line 72) | func testAuthRequestConcurrentUpdate(t *testing.T, s storage.Storage) {
function testPasswordConcurrentUpdate (line 118) | func testPasswordConcurrentUpdate(t *testing.T, s storage.Storage) {
function testKeysConcurrentUpdate (line 156) | func testKeysConcurrentUpdate(t *testing.T, s storage.Storage) {
function testRefreshTokenParallelUpdate (line 204) | func testRefreshTokenParallelUpdate(t *testing.T, s storage.Storage) {
FILE: storage/ent/client/authcode.go
method CreateAuthCode (line 10) | func (d *Database) CreateAuthCode(ctx context.Context, code storage.Auth...
method GetAuthCode (line 38) | func (d *Database) GetAuthCode(ctx context.Context, id string) (storage....
method DeleteAuthCode (line 47) | func (d *Database) DeleteAuthCode(ctx context.Context, id string) error {
FILE: storage/ent/client/authrequest.go
method CreateAuthRequest (line 11) | func (d *Database) CreateAuthRequest(ctx context.Context, authRequest st...
method GetAuthRequest (line 47) | func (d *Database) GetAuthRequest(ctx context.Context, id string) (stora...
method DeleteAuthRequest (line 56) | func (d *Database) DeleteAuthRequest(ctx context.Context, id string) err...
method UpdateAuthRequest (line 65) | func (d *Database) UpdateAuthRequest(ctx context.Context, id string, upd...
FILE: storage/ent/client/authsession.go
method CreateAuthSession (line 12) | func (d *Database) CreateAuthSession(ctx context.Context, session storag...
method GetAuthSession (line 42) | func (d *Database) GetAuthSession(ctx context.Context, userID, connector...
method ListAuthSessions (line 52) | func (d *Database) ListAuthSessions(ctx context.Context) ([]storage.Auth...
method DeleteAuthSession (line 66) | func (d *Database) DeleteAuthSession(ctx context.Context, userID, connec...
method UpdateAuthSession (line 76) | func (d *Database) UpdateAuthSession(ctx context.Context, userID, connec...
FILE: storage/ent/client/client.go
method CreateClient (line 10) | func (d *Database) CreateClient(ctx context.Context, client storage.Clie...
method ListClients (line 29) | func (d *Database) ListClients(ctx context.Context) ([]storage.Client, e...
method GetClient (line 43) | func (d *Database) GetClient(ctx context.Context, id string) (storage.Cl...
method DeleteClient (line 52) | func (d *Database) DeleteClient(ctx context.Context, id string) error {
method UpdateClient (line 61) | func (d *Database) UpdateClient(ctx context.Context, id string, updater ...
FILE: storage/ent/client/connector.go
method CreateConnector (line 10) | func (d *Database) CreateConnector(ctx context.Context, connector storag...
method ListConnectors (line 26) | func (d *Database) ListConnectors(ctx context.Context) ([]storage.Connec...
method GetConnector (line 40) | func (d *Database) GetConnector(ctx context.Context, id string) (storage...
method DeleteConnector (line 49) | func (d *Database) DeleteConnector(ctx context.Context, id string) error {
method UpdateConnector (line 58) | func (d *Database) UpdateConnector(ctx context.Context, id string, updat...
FILE: storage/ent/client/devicerequest.go
method CreateDeviceRequest (line 11) | func (d *Database) CreateDeviceRequest(ctx context.Context, request stor...
method GetDeviceRequest (line 28) | func (d *Database) GetDeviceRequest(ctx context.Context, userCode string...
FILE: storage/ent/client/devicetoken.go
method CreateDeviceToken (line 11) | func (d *Database) CreateDeviceToken(ctx context.Context, token storage....
method GetDeviceToken (line 30) | func (d *Database) GetDeviceToken(ctx context.Context, deviceCode string...
method UpdateDeviceToken (line 41) | func (d *Database) UpdateDeviceToken(ctx context.Context, deviceCode str...
FILE: storage/ent/client/keys.go
function getKeys (line 11) | func getKeys(ctx context.Context, client *db.KeysClient) (storage.Keys, ...
method GetKeys (line 21) | func (d *Database) GetKeys(ctx context.Context) (storage.Keys, error) {
method UpdateKeys (line 26) | func (d *Database) UpdateKeys(ctx context.Context, updater func(old stor...
FILE: storage/ent/client/main.go
type Database (line 21) | type Database struct
method Schema (line 59) | func (d *Database) Schema() *migrate.Schema {
method Close (line 64) | func (d *Database) Close() error {
method BeginTx (line 69) | func (d *Database) BeginTx(ctx context.Context) (*db.Tx, error) {
method GarbageCollect (line 74) | func (d *Database) GarbageCollect(ctx context.Context, now time.Time) ...
function NewDatabase (line 29) | func NewDatabase(opts ...func(*Database)) *Database {
function WithClient (line 38) | func WithClient(c *db.Client) func(*Database) {
function WithHasher (line 45) | func WithHasher(h func() hash.Hash) func(*Database) {
function WithTxIsolationLevel (line 52) | func WithTxIsolationLevel(level sql.IsolationLevel) func(*Database) {
FILE: storage/ent/client/offlinesession.go
method CreateOfflineSessions (line 12) | func (d *Database) CreateOfflineSessions(ctx context.Context, session st...
method GetOfflineSessions (line 33) | func (d *Database) GetOfflineSessions(ctx context.Context, userID, connI...
method DeleteOfflineSessions (line 44) | func (d *Database) DeleteOfflineSessions(ctx context.Context, userID, co...
method UpdateOfflineSessions (line 55) | func (d *Database) UpdateOfflineSessions(ctx context.Context, userID str...
FILE: storage/ent/client/password.go
method CreatePassword (line 12) | func (d *Database) CreatePassword(ctx context.Context, password storage....
method ListPasswords (line 30) | func (d *Database) ListPasswords(ctx context.Context) ([]storage.Passwor...
method GetPassword (line 44) | func (d *Database) GetPassword(ctx context.Context, email string) (stora...
method DeletePassword (line 56) | func (d *Database) DeletePassword(ctx context.Context, email string) err...
method UpdatePassword (line 68) | func (d *Database) UpdatePassword(ctx context.Context, email string, upd...
FILE: storage/ent/client/refreshtoken.go
method CreateRefresh (line 10) | func (d *Database) CreateRefresh(ctx context.Context, refresh storage.Re...
method ListRefreshTokens (line 37) | func (d *Database) ListRefreshTokens(ctx context.Context) ([]storage.Ref...
method GetRefresh (line 51) | func (d *Database) GetRefresh(ctx context.Context, id string) (storage.R...
method DeleteRefresh (line 60) | func (d *Database) DeleteRefresh(ctx context.Context, id string) error {
method UpdateRefreshToken (line 69) | func (d *Database) UpdateRefreshToken(ctx context.Context, id string, up...
FILE: storage/ent/client/types.go
constant keysRowID (line 11) | keysRowID = "keys"
function toStorageKeys (line 13) | func toStorageKeys(keys *db.Keys) storage.Keys {
function toStorageAuthRequest (line 22) | func toStorageAuthRequest(a *db.AuthRequest) storage.AuthRequest {
function toStorageAuthCode (line 56) | func toStorageAuthCode(a *db.AuthCode) storage.AuthCode {
function toStorageClient (line 82) | func toStorageClient(c *db.OAuth2Client) storage.Client {
function toStorageConnector (line 96) | func toStorageConnector(c *db.Connector) storage.Connector {
function toStorageOfflineSession (line 106) | func toStorageOfflineSession(o *db.OfflineSession) storage.OfflineSessio...
function toStorageRefreshToken (line 125) | func toStorageRefreshToken(r *db.RefreshToken) storage.RefreshToken {
function toStoragePassword (line 148) | func toStoragePassword(p *db.Password) storage.Password {
function toStorageDeviceRequest (line 161) | func toStorageDeviceRequest(r *db.DeviceRequest) storage.DeviceRequest {
function toStorageUserIdentity (line 172) | func toStorageUserIdentity(u *db.UserIdentity) storage.UserIdentity {
function toStorageAuthSession (line 217) | func toStorageAuthSession(s *db.AuthSession) storage.AuthSession {
function toStorageDeviceToken (line 243) | func toStorageDeviceToken(t *db.DeviceToken) storage.DeviceToken {
FILE: storage/ent/client/useridentity.go
method CreateUserIdentity (line 12) | func (d *Database) CreateUserIdentity(ctx context.Context, identity stor...
method GetUserIdentity (line 53) | func (d *Database) GetUserIdentity(ctx context.Context, userID, connecto...
method DeleteUserIdentity (line 64) | func (d *Database) DeleteUserIdentity(ctx context.Context, userID, conne...
method UpdateUserIdentity (line 75) | func (d *Database) UpdateUserIdentity(ctx context.Context, userID string...
method ListUserIdentities (line 138) | func (d *Database) ListUserIdentities(ctx context.Context) ([]storage.Us...
FILE: storage/ent/client/utils.go
function rollback (line 13) | func rollback(tx *db.Tx, t string, err error) error {
function convertDBError (line 23) | func convertDBError(t string, err error) error {
function compositeKeyID (line 38) | func compositeKeyID(first string, second string, hasher func() hash.Hash...
FILE: storage/ent/db/authcode.go
type AuthCode (line 17) | type AuthCode struct
method scanValues (line 57) | func (*AuthCode) scanValues(columns []string) ([]any, error) {
method assignValues (line 78) | func (_m *AuthCode) assignValues(columns []string, values []any) error {
method Value (line 199) | func (_m *AuthCode) Value(name string) (ent.Value, error) {
method Update (line 206) | func (_m *AuthCode) Update() *AuthCodeUpdateOne {
method Unwrap (line 212) | func (_m *AuthCode) Unwrap() *AuthCode {
method String (line 222) | func (_m *AuthCode) String() string {
type AuthCodes (line 280) | type AuthCodes
FILE: storage/ent/db/authcode/authcode.go
constant Label (line 11) | Label = "auth_code"
constant FieldID (line 13) | FieldID = "id"
constant FieldClientID (line 15) | FieldClientID = "client_id"
constant FieldScopes (line 17) | FieldScopes = "scopes"
constant FieldNonce (line 19) | FieldNonce = "nonce"
constant FieldRedirectURI (line 21) | FieldRedirectURI = "redirect_uri"
constant FieldClaimsUserID (line 23) | FieldClaimsUserID = "claims_user_id"
constant FieldClaimsUsername (line 25) | FieldClaimsUsername = "claims_username"
constant FieldClaimsEmail (line 27) | FieldClaimsEmail = "claims_email"
constant FieldClaimsEmailVerified (line 29) | FieldClaimsEmailVerified = "claims_email_verified"
constant FieldClaimsGroups (line 31) | FieldClaimsGroups = "claims_groups"
constant FieldClaimsPreferredUsername (line 33) | FieldClaimsPreferredUsername = "claims_preferred_username"
constant FieldConnectorID (line 35) | FieldConnectorID = "connector_id"
constant FieldConnectorData (line 37) | FieldConnectorData = "connector_data"
constant FieldExpiry (line 39) | FieldExpiry = "expiry"
constant FieldCodeChallenge (line 41) | FieldCodeChallenge = "code_challenge"
constant FieldCodeChallengeMethod (line 43) | FieldCodeChallengeMethod = "code_challenge_method"
constant FieldAuthTime (line 45) | FieldAuthTime = "auth_time"
constant Table (line 47) | Table = "auth_codes"
function ValidColumn (line 72) | func ValidColumn(column string) bool {
type OrderOption (line 107) | type OrderOption
function ByID (line 110) | func ByID(opts ...sql.OrderTermOption) OrderOption {
function ByClientID (line 115) | func ByClientID(opts ...sql.OrderTermOption) OrderOption {
function ByNonce (line 120) | func ByNonce(opts ...sql.OrderTermOption) OrderOption {
function ByRedirectURI (line 125) | func ByRedirectURI(opts ...sql.OrderTermOption) OrderOption {
function ByClaimsUserID (line 130) | func ByClaimsUserID(opts ...sql.OrderTermOption) OrderOption {
function ByClaimsUsername (line 135) | func ByClaimsUsername(opts ...sql.OrderTermOption) OrderOption {
function ByClaimsEmail (line 140) | func ByClaimsEmail(opts ...sql.OrderTermOption) OrderOption {
function ByClaimsEmailVerified (line 145) | func ByClaimsEmailVerified(opts ...sql.OrderTermOption) OrderOption {
function ByClaimsPreferredUsername (line 150) | func ByClaimsPreferredUsername(opts ...sql.OrderTermOption) OrderOption {
function ByConnectorID (line 155) | func ByConnectorID(opts ...sql.OrderTermOption) OrderOption {
function ByExpiry (line 160) | func ByExpiry(opts ...sql.OrderTermOption) OrderOption {
function ByCodeChallenge (line 165) | func ByCodeChallenge(opts ...sql.OrderTermOption) OrderOption {
function ByCodeChallengeMethod (line 170) | func ByCodeChallengeMethod(opts ...sql.OrderTermOption) OrderOption {
function ByAuthTime (line 175) | func ByAuthTime(opts ...sql.OrderTermOption) OrderOption {
FILE: storage/ent/db/authcode/where.go
function ID (line 13) | func ID(id string) predicate.AuthCode {
function IDEQ (line 18) | func IDEQ(id string) predicate.AuthCode {
function IDNEQ (line 23) | func IDNEQ(id string) predicate.AuthCode {
function IDIn (line 28) | func IDIn(ids ...string) predicate.AuthCode {
function IDNotIn (line 33) | func IDNotIn(ids ...string) predicate.AuthCode {
function IDGT (line 38) | func IDGT(id string) predicate.AuthCode {
function IDGTE (line 43) | func IDGTE(id string) predicate.AuthCode {
function IDLT (line 48) | func IDLT(id string) predicate.AuthCode {
function IDLTE (line 53) | func IDLTE(id string) predicate.AuthCode {
function IDEqualFold (line 58) | func IDEqualFold(id string) predicate.AuthCode {
function IDContainsFold (line 63) | func IDContainsFold(id string) predicate.AuthCode {
function ClientID (line 68) | func ClientID(v string) predicate.AuthCode {
function Nonce (line 73) | func Nonce(v string) predicate.AuthCode {
function RedirectURI (line 78) | func RedirectURI(v string) predicate.AuthCode {
function ClaimsUserID (line 83) | func ClaimsUserID(v string) predicate.AuthCode {
function ClaimsUsername (line 88) | func ClaimsUsername(v string) predicate.AuthCode {
function ClaimsEmail (line 93) | func ClaimsEmail(v string) predicate.AuthCode {
function ClaimsEmailVerified (line 98) | func ClaimsEmailVerified(v bool) predicate.AuthCode {
function ClaimsPreferredUsername (line 103) | func ClaimsPreferredUsername(v string) predicate.AuthCode {
function ConnectorID (line 108) | func ConnectorID(v string) predicate.AuthCode {
function ConnectorData (line 113) | func ConnectorData(v []byte) predicate.AuthCode {
function Expiry (line 118) | func Expiry(v time.Time) predicate.AuthCode {
function CodeChallenge (line 123) | func CodeChallenge(v string) predicate.AuthCode {
function CodeChallengeMethod (line 128) | func CodeChallengeMethod(v string) predicate.AuthCode {
function AuthTime (line 133) | func AuthTime(v time.Time) predicate.AuthCode {
function ClientIDEQ (line 138) | func ClientIDEQ(v string) predicate.AuthCode {
function ClientIDNEQ (line 143) | func ClientIDNEQ(v string) predicate.AuthCode {
function ClientIDIn (line 148) | func ClientIDIn(vs ...string) predicate.AuthCode {
function ClientIDNotIn (line 153) | func ClientIDNotIn(vs ...string) predicate.AuthCode {
function ClientIDGT (line 158) | func ClientIDGT(v string) predicate.AuthCode {
function ClientIDGTE (line 163) | func ClientIDGTE(v string) predi
Condensed preview — 432 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (4,048K chars).
[
{
"path": ".dockerignore",
"chars": 10,
"preview": "bin/\ntmp/\n"
},
{
"path": ".editorconfig",
"chars": 327,
"preview": "root = true\n\n[*]\ncharset = utf-8\nend_of_line = lf\nindent_size = 4\nindent_style = space\ninsert_final_newline = true\ntrim_"
},
{
"path": ".envrc",
"chars": 249,
"preview": "if ! has nix_direnv_version || ! nix_direnv_version 3.0.6; then\n source_url \"https://raw.githubusercontent.com/nix-comm"
},
{
"path": ".github/.editorconfig",
"chars": 33,
"preview": "[{*.yml,*.yaml}]\nindent_size = 2\n"
},
{
"path": ".github/CODE_OF_CONDUCT.md",
"chars": 146,
"preview": "## Community Code of Conduct\n\nThis project follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/ma"
},
{
"path": ".github/DCO",
"chars": 1422,
"preview": "Developer Certificate of Origin\nVersion 1.1\n\nCopyright (C) 2004, 2006 The Linux Foundation and its contributors.\n660 Yor"
},
{
"path": ".github/ISSUE_TEMPLATE/bug_report.yaml",
"chars": 3038,
"preview": "name: 🐛 Bug report\ndescription: Report a bug to help us improve Dex\nbody:\n- type: markdown\n attributes:\n value: |\n "
},
{
"path": ".github/ISSUE_TEMPLATE/config.yml",
"chars": 768,
"preview": "blank_issues_enabled: false\ncontact_links:\n - name: 📖 Documentation enhancement\n url: https://github.com/dexidp/webs"
},
{
"path": ".github/ISSUE_TEMPLATE/feature_request.yaml",
"chars": 1635,
"preview": "name: 🎉 Feature request\ndescription: Suggest an idea for Dex\nbody:\n- type: markdown\n attributes:\n value: |\n Tha"
},
{
"path": ".github/PULL_REQUEST_TEMPLATE.md",
"chars": 777,
"preview": "<!--\nThank you for sending a pull request! Here are some tips for contributors:\n\n1. Fill the description template below."
},
{
"path": ".github/SECURITY.md",
"chars": 1193,
"preview": "# Security Policy\n\n## Reporting a vulnerability\n\nTo report a vulnerability, send an email to [cncf-dex-maintainers@lists"
},
{
"path": ".github/dependabot.yaml",
"chars": 758,
"preview": "version: 2\n\nupdates:\n - package-ecosystem: \"gomod\"\n directory: \"/\"\n labels:\n - \"area/dependencies\"\n sched"
},
{
"path": ".github/release.yml",
"chars": 713,
"preview": "changelog:\n exclude:\n labels:\n - release-note/ignore\n categories:\n - title: Exciting New Features 🎉\n l"
},
{
"path": ".github/workflows/analysis-scorecard.yaml",
"chars": 1181,
"preview": "name: OpenSSF Scorecard\n\non:\n branch_protection_rule:\n push:\n branches: [ main ]\n schedule:\n - cron: '30 0 * * "
},
{
"path": ".github/workflows/artifacts.yaml",
"chars": 10319,
"preview": "name: Artifacts\n\non:\n workflow_call:\n inputs:\n publish:\n description: Publish artifacts to the artifact "
},
{
"path": ".github/workflows/checks.yaml",
"chars": 709,
"preview": "name: PR Checks\n\non:\n pull_request:\n types: [opened, labeled, unlabeled, synchronize]\n\npermissions:\n contents: read"
},
{
"path": ".github/workflows/ci.yaml",
"chars": 7413,
"preview": "name: CI\n\non:\n push:\n branches: [master]\n pull_request:\n\npermissions:\n contents: read\n\njobs:\n test:\n name: Tes"
},
{
"path": ".github/workflows/release.yaml",
"chars": 469,
"preview": "name: Release\n\non:\n push:\n tags: [ \"v[0-9]+.[0-9]+.[0-9]+\" ]\n\npermissions:\n contents: read\n\njobs:\n artifacts:\n "
},
{
"path": ".github/workflows/trivydb-cache.yaml",
"chars": 1446,
"preview": "# Note: This workflow only updates the cache. You should create a separate workflow for your actual Trivy scans.\n# In yo"
},
{
"path": ".gitignore",
"chars": 97,
"preview": "/.devenv/\n/.direnv/\n/.idea/\n/bin/\n/config.yaml\n/docker-compose.override.yaml\n/var/\n/vendor/\n*.db\n"
},
{
"path": ".gitpod.yml",
"chars": 87,
"preview": "tasks:\n - init: go get && go build ./... && go test ./... && make\n command: go run\n"
},
{
"path": ".golangci.yaml",
"chars": 2462,
"preview": "version: \"2\"\n\nrun:\n timeout: 5m\n\nlinters:\n disable:\n - staticcheck\n - errcheck\n enable:\n - depguard\n - do"
},
{
"path": "ADOPTERS.md",
"chars": 4239,
"preview": "# Adopters\n\nThis is a list of production adopters of Dex (in alphabetical order).\n\n# Companies\n\n- [Aspect](https://www.a"
},
{
"path": "Dockerfile",
"chars": 3259,
"preview": "ARG BASE_IMAGE=alpine\n\nFROM --platform=$BUILDPLATFORM tonistiigi/xx:1.9.0@sha256:c64defb9ed5a91eacb37f96ccc3d4cd72521c4b"
},
{
"path": "LICENSE",
"chars": 11358,
"preview": "\n Apache License\n Version 2.0, January 2004\n "
},
{
"path": "MAINTAINERS",
"chars": 316,
"preview": "Joel Speed <Joel.speed@hotmail.co.uk> (@JoelSpeed)\nMaksim Nabokikh <max.nabokih@gmail.com> (@nabokihms)\nMark Sagi-Kazar "
},
{
"path": "Makefile",
"chars": 7970,
"preview": "export PATH := $(abspath bin/protoc/bin/):$(abspath bin/):${PATH}\n\nOS = $(shell uname | tr A-Z a-z)\n\nuser=$(shell id -u "
},
{
"path": "README.md",
"chars": 9322,
"preview": "# dex - A federated OpenID Connect provider\n\n![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/st"
},
{
"path": "api/api.pb.go",
"chars": 57502,
"preview": "// Code generated by protoc-gen-go. DO NOT EDIT.\n// versions:\n// \tprotoc-gen-go v1.36.5\n// \tprotoc v5.29.3\n// sou"
},
{
"path": "api/api.proto",
"chars": 5652,
"preview": "syntax = \"proto3\";\n\npackage api;\n\noption java_package = \"com.coreos.dex.api\";\noption go_package = \"github.com/dexidp/dex"
},
{
"path": "api/api_grpc.pb.go",
"chars": 20690,
"preview": "// Code generated by protoc-gen-go-grpc. DO NOT EDIT.\n// versions:\n// - protoc-gen-go-grpc v1.5.1\n// - protoc "
},
{
"path": "api/v2/api.pb.go",
"chars": 102643,
"preview": "// Code generated by protoc-gen-go. DO NOT EDIT.\n// versions:\n// \tprotoc-gen-go v1.36.5\n// \tprotoc v5.29.3\n// sou"
},
{
"path": "api/v2/api.proto",
"chars": 9673,
"preview": "syntax = \"proto3\";\n\npackage api;\n\noption java_package = \"com.coreos.dex.api\";\noption go_package = \"github.com/dexidp/dex"
},
{
"path": "api/v2/api_grpc.pb.go",
"chars": 31941,
"preview": "// Code generated by protoc-gen-go-grpc. DO NOT EDIT.\n// versions:\n// - protoc-gen-go-grpc v1.5.1\n// - protoc "
},
{
"path": "api/v2/go.mod",
"chars": 347,
"preview": "module github.com/dexidp/dex/api/v2\n\ngo 1.25.0\n\nrequire (\n\tgoogle.golang.org/grpc v1.79.3\n\tgoogle.golang.org/protobuf v1"
},
{
"path": "api/v2/go.sum",
"chars": 3297,
"preview": "github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=\ngithub.com/cespare/xxhash/v2 v2.3.0/"
},
{
"path": "cmd/dex/config.go",
"chars": 22918,
"preview": "package main\n\nimport (\n\t\"bytes\"\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"net/netip\"\n\t\"os\"\n\t\""
},
{
"path": "cmd/dex/config_test.go",
"chars": 14571,
"preview": "package main\n\nimport (\n\t\"encoding/json\"\n\t\"log/slog\"\n\t\"os\"\n\t\"testing\"\n\n\t\"github.com/ghodss/yaml\"\n\t\"github.com/kylelemons/"
},
{
"path": "cmd/dex/excluding_handler.go",
"chars": 1542,
"preview": "package main\n\nimport (\n\t\"context\"\n\t\"log/slog\"\n)\n\n// excludingHandler is an slog.Handler wrapper that drops log attribute"
},
{
"path": "cmd/dex/excluding_handler_test.go",
"chars": 3988,
"preview": "package main\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"encoding/json\"\n\t\"log/slog\"\n\t\"testing\"\n)\n\nfunc TestExcludingHandler(t *testi"
},
{
"path": "cmd/dex/logger.go",
"chars": 1791,
"preview": "package main\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/dexidp/dex/server\"\n)\n\nvar logFormats"
},
{
"path": "cmd/dex/main.go",
"chars": 442,
"preview": "package main\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/spf13/cobra\"\n)\n\nfunc commandRoot() *cobra.Command {\n\trootCmd := &cobra"
},
{
"path": "cmd/dex/serve.go",
"chars": 26510,
"preview": "package main\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"crypto/x509\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net\"\n\t\"ne"
},
{
"path": "cmd/dex/serve_test.go",
"chars": 749,
"preview": "package main\n\nimport (\n\t\"log/slog\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/require\"\n)\n\nfunc TestNewLogger(t *testing.T"
},
{
"path": "cmd/dex/version.go",
"chars": 422,
"preview": "package main\n\nimport (\n\t\"fmt\"\n\t\"runtime\"\n\n\t\"github.com/spf13/cobra\"\n)\n\nvar version = \"DEV\"\n\nfunc commandVersion() *cobra"
},
{
"path": "cmd/docker-entrypoint/main.go",
"chars": 2620,
"preview": "// Package main provides a utility program to launch the Dex container process with an optional\n// templating step (prov"
},
{
"path": "cmd/docker-entrypoint/main_test.go",
"chars": 3249,
"preview": "package main\n\nimport (\n\t\"strings\"\n\t\"testing\"\n)\n\ntype execArgs struct {\n\tgomplate bool\n\targPrefixes []string\n}\n\nfunc T"
},
{
"path": "config.dev.yaml",
"chars": 765,
"preview": "issuer: http://127.0.0.1:5556/dex\n\nstorage:\n type: sqlite3\n config:\n file: var/sqlite/dex.db\n\nweb:\n http: 127.0.0."
},
{
"path": "config.docker.yaml",
"chars": 1731,
"preview": "{{- /* NOTE: This configuration file is an example and exists only for development purposes. */ -}}\n{{- /* To find more "
},
{
"path": "config.yaml.dist",
"chars": 5606,
"preview": "# The base path of Dex and the external name of the OpenID Connect service.\n# This is the canonical URL that all clients"
},
{
"path": "connector/atlassiancrowd/atlassiancrowd.go",
"chars": 12781,
"preview": "// Package atlassiancrowd provides authentication strategies using Atlassian Crowd.\npackage atlassiancrowd\n\nimport (\n\t\"b"
},
{
"path": "connector/atlassiancrowd/atlassiancrowd_test.go",
"chars": 5145,
"preview": "// Package atlassiancrowd provides authentication strategies using Atlassian Crowd.\npackage atlassiancrowd\n\nimport (\n\t\"c"
},
{
"path": "connector/authproxy/authproxy.go",
"chars": 4289,
"preview": "// Package authproxy implements a connector which relies on external\n// authentication (e.g. mod_auth in Apache2) and re"
},
{
"path": "connector/authproxy/authproxy_test.go",
"chars": 5252,
"preview": "package authproxy\n\nimport (\n\t\"log/slog\"\n\t\"net/http\"\n\t\"reflect\"\n\t\"testing\"\n\n\t\"github.com/dexidp/dex/connector\"\n)\n\nconst ("
},
{
"path": "connector/bitbucketcloud/bitbucketcloud.go",
"chars": 12888,
"preview": "// Package bitbucketcloud provides authentication strategies using Bitbucket Cloud.\npackage bitbucketcloud\n\nimport (\n\t\"c"
},
{
"path": "connector/bitbucketcloud/bitbucketcloud_test.go",
"chars": 3319,
"preview": "package bitbucketcloud\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"net/http\"\n\t\"net/http/httptest\"\n\t\"net/url\"\n\t"
},
{
"path": "connector/connector.go",
"chars": 4724,
"preview": "// Package connector defines interfaces for federated identity strategies.\npackage connector\n\nimport (\n\t\"context\"\n\t\"fmt\""
},
{
"path": "connector/gitea/gitea.go",
"chars": 11597,
"preview": "// Package gitea provides authentication strategies using Gitea.\npackage gitea\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"e"
},
{
"path": "connector/gitea/gitea_test.go",
"chars": 1924,
"preview": "package gitea\n\nimport (\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"net/http\"\n\t\"net/http/httptest\"\n\t\"net/url\"\n\t\"reflect\"\n\t\"testing\""
},
{
"path": "connector/github/github.go",
"chars": 22162,
"preview": "// Package github provides authentication strategies using GitHub.\npackage github\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n"
},
{
"path": "connector/github/github_test.go",
"chars": 13885,
"preview": "package github\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"net/http/h"
},
{
"path": "connector/gitlab/gitlab.go",
"chars": 12404,
"preview": "// Package gitlab provides authentication strategies using GitLab.\npackage gitlab\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n"
},
{
"path": "connector/gitlab/gitlab_test.go",
"chars": 16644,
"preview": "package gitlab\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"net/http/httpt"
},
{
"path": "connector/gitlab/testdata/rootCA.pem",
"chars": 1391,
"preview": "-----BEGIN CERTIFICATE-----\nMIID1jCCAr4CCQCG4JBeSi6cDjANBgkqhkiG9w0BAQsFADCBrDELMAkGA1UEBhMC\nVVMxFDASBgNVBAgMC1JhbmRvbVN"
},
{
"path": "connector/gitlab/testdata/server.crt",
"chars": 1757,
"preview": "-----BEGIN CERTIFICATE-----\nMIIE5TCCA82gAwIBAgIJAMGzXwBRpkG7MA0GCSqGSIb3DQEBCwUAMIGsMQswCQYD\nVQQGEwJVUzEUMBIGA1UECAwLUmF"
},
{
"path": "connector/gitlab/testdata/server.key",
"chars": 1704,
"preview": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLinaVz/O0OyoN\n4mn187wblSMldSuVJjGIjZKM7ZA"
},
{
"path": "connector/google/google.go",
"chars": 14824,
"preview": "// Package google implements logging in through Google's OpenID Connect provider.\npackage google\n\nimport (\n\t\"context\"\n\t\""
},
{
"path": "connector/google/google_test.go",
"chars": 13471,
"preview": "package google\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"net/http/httptest\"\n\t\"net/url\"\n\t\"os"
},
{
"path": "connector/keystone/keystone.go",
"chars": 7783,
"preview": "// Package keystone provides authentication strategy using Keystone.\npackage keystone\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"en"
},
{
"path": "connector/keystone/keystone_test.go",
"chars": 15530,
"preview": "package keystone\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"encoding/json\"\n\t\"io\"\n\t\"net/http\"\n\t\"os\"\n\t\"reflect\"\n\t\"strings\"\n\t\"testing\""
},
{
"path": "connector/ldap/gen-certs.sh",
"chars": 959,
"preview": "#!/bin/bash -e\n\n# Stolen from the coreos/matchbox repo.\n\necho \"\n[req]\nreq_extensions = v3_req\ndistinguished_name = req_d"
},
{
"path": "connector/ldap/ldap.go",
"chars": 23525,
"preview": "// Package ldap implements strategies for authenticating using the LDAP protocol.\npackage ldap\n\nimport (\n\t\"context\"\n\t\"cr"
},
{
"path": "connector/ldap/ldap_test.go",
"chars": 19582,
"preview": "package ldap\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"os\"\n\t\"testing\"\n\n\t\"github.com/kylelemons/godebug/pretty\"\n\n\t\"github"
},
{
"path": "connector/ldap/testdata/certs/ca.crt",
"chars": 1099,
"preview": "-----BEGIN CERTIFICATE-----\nMIIC/TCCAeWgAwIBAgIJAIrt+AlVUsXKMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV\nBAMMCmxkYXAtdGVzdHMwHhcNMTc"
},
{
"path": "connector/ldap/testdata/certs/ca.key",
"chars": 1675,
"preview": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAzKJkt2WsALUDA3tQsedx7UJKIxis05+dU5FbBxf/BMSch8gC\nNh/cWErHIDljWGwLKbc9Uef"
},
{
"path": "connector/ldap/testdata/certs/dhparam.pem",
"chars": 424,
"preview": "-----BEGIN DH PARAMETERS-----\nMIIBCAKCAQEAx5y2viJKOAAcDYSj55odZsbA7dkSQ9afEPd9uaCLOvRYKLJY1S1V\nC4m1eVfna8JndSLdsBGDQe4Bl"
},
{
"path": "connector/ldap/testdata/certs/ldap.crt",
"chars": 1054,
"preview": "-----BEGIN CERTIFICATE-----\nMIIC3DCCAcSgAwIBAgIJANsmsx7hUWnHMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV\nBAMMCmxkYXAtdGVzdHMwHhcNMTc"
},
{
"path": "connector/ldap/testdata/certs/ldap.key",
"chars": 1679,
"preview": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA5VhguV/01oMrBIpjO59IUpF0QiE8ABcShtAuBHqaZi+NgwXI\n0GtMaxJURYeexAWZbW0n70z"
},
{
"path": "connector/ldap/testdata/schema.ldif",
"chars": 14312,
"preview": "dn: ou=TestQuery,dc=example,dc=org\nobjectClass: organizationalUnit\nou: TestQuery\n\ndn: ou=People,ou=TestQuery,dc=example,"
},
{
"path": "connector/linkedin/linkedin.go",
"chars": 6476,
"preview": "// Package linkedin provides authentication strategies using LinkedIn\npackage linkedin\n\nimport (\n\t\"context\"\n\t\"encoding/j"
},
{
"path": "connector/microsoft/microsoft.go",
"chars": 15312,
"preview": "// Package microsoft provides authentication strategies using Microsoft.\npackage microsoft\n\nimport (\n\t\"bytes\"\n\t\"context\""
},
{
"path": "connector/microsoft/microsoft_test.go",
"chars": 5168,
"preview": "package microsoft\n\nimport (\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/http/httptest\"\n\t\"net/url\"\n\t\"os\"\n\t\"reflec"
},
{
"path": "connector/mock/connectortest.go",
"chars": 4092,
"preview": "// Package mock implements connectors which help test various server components.\npackage mock\n\nimport (\n\t\"context\"\n\t\"err"
},
{
"path": "connector/oauth/oauth.go",
"chars": 7595,
"preview": "package oauth\n\nimport (\n\t\"context\"\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"string"
},
{
"path": "connector/oauth/oauth_test.go",
"chars": 9069,
"preview": "package oauth\n\nimport (\n\t\"crypto/rand\"\n\t\"crypto/rsa\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"net/htt"
},
{
"path": "connector/oidc/oidc.go",
"chars": 25026,
"preview": "// Package oidc implements logging in through OpenID Connect providers.\npackage oidc\n\nimport (\n\t\"context\"\n\t\"encoding/jso"
},
{
"path": "connector/oidc/oidc_test.go",
"chars": 29625,
"preview": "package oidc\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"crypto/rand\"\n\t\"crypto/rsa\"\n\t\"encoding/base64\"\n\t\"encoding/binary\"\n\t\"encoding"
},
{
"path": "connector/openshift/openshift.go",
"chars": 7553,
"preview": "package openshift\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"strings\"\n\n\t\"golang.org/x/"
},
{
"path": "connector/openshift/openshift_test.go",
"chars": 8054,
"preview": "package openshift\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"net/http/httptest\"\n\t\"net/url\"\n\t"
},
{
"path": "connector/saml/saml.go",
"chars": 23439,
"preview": "// Package saml contains login methods for SAML.\npackage saml\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"crypto/x509\"\n\t\"encoding/ba"
},
{
"path": "connector/saml/saml_test.go",
"chars": 26830,
"preview": "package saml\n\nimport (\n\t\"context\"\n\t\"crypto/x509\"\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"encoding/pem\"\n\t\"errors\"\n\t\"log/slo"
},
{
"path": "connector/saml/testdata/assertion-signed.tmpl",
"chars": 4324,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<saml2p:Response xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:xs=\"ht"
},
{
"path": "connector/saml/testdata/assertion-signed.xml",
"chars": 5857,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<saml2p:Response xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:xs=\"ht"
},
{
"path": "connector/saml/testdata/bad-ca.crt",
"chars": 1135,
"preview": "-----BEGIN CERTIFICATE-----\nMIIDGTCCAgGgAwIBAgIJAINei+KBx541MA0GCSqGSIb3DQEBCwUAMCMxDDAKBgNV\nBAoMA0JBRDETMBEGA1UEAwwKY29"
},
{
"path": "connector/saml/testdata/bad-ca.key",
"chars": 1704,
"preview": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCn0lUAkDCYcHXn\nrEKmaGB5LYBoygP/6de+pFqKlRF"
},
{
"path": "connector/saml/testdata/bad-status.tmpl",
"chars": 4255,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<saml2p:Response xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:xs=\"ht"
},
{
"path": "connector/saml/testdata/bad-status.xml",
"chars": 5788,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<saml2p:Response xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:xs=\"ht"
},
{
"path": "connector/saml/testdata/ca.crt",
"chars": 1135,
"preview": "-----BEGIN CERTIFICATE-----\nMIIDGTCCAgGgAwIBAgIJAKLbLcQajEf8MA0GCSqGSIb3DQEBCwUAMCMxDDAKBgNV\nBAoMA0RFWDETMBEGA1UEAwwKY29"
},
{
"path": "connector/saml/testdata/ca.key",
"chars": 1704,
"preview": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCh93Slm0agiGQ9\npt2hyOJXwU/rv+AxAnXu+BoKvVr"
},
{
"path": "connector/saml/testdata/gen.sh",
"chars": 1353,
"preview": "#!/bin/bash -ex\n\n# Always run from the testdata directory\ncd \"$(dirname \"$0\")\"\n\n# Uncomment these commands to regenerate"
},
{
"path": "connector/saml/testdata/good-resp.tmpl",
"chars": 4251,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<saml2p:Response xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:xs=\"ht"
},
{
"path": "connector/saml/testdata/good-resp.xml",
"chars": 5784,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<saml2p:Response xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:xs=\"ht"
},
{
"path": "connector/saml/testdata/idp-cert.pem",
"chars": 1558,
"preview": "-----BEGIN CERTIFICATE-----\nMIIEUTCCAzmgAwIBAgIJAJdmunb39nFKMA0GCSqGSIb3DQEBCwUAMHgxCzAJBgNV\nBAYTAlVTMRMwEQYDVQQIEwpDYWx"
},
{
"path": "connector/saml/testdata/idp-resp-signed-assertion.xml",
"chars": 4377,
"preview": "<Response xmlns=\"urn:oasis:names:tc:SAML:2.0:protocol\" Destination=\"http://localhost:5556/dex/callback\" ID=\"id1089654531"
},
{
"path": "connector/saml/testdata/idp-resp-signed-assertion0.xml",
"chars": 6104,
"preview": "<Response xmlns=\"urn:oasis:names:tc:SAML:2.0:protocol\" Destination=\"http://localhost:5556/dex/callback\" ID=\"id1089654531"
},
{
"path": "connector/saml/testdata/idp-resp-signed-message-and-assertion.xml",
"chars": 7041,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Response xmlns=\"urn:oasis:names:tc:SAML:2.0:protocol\" Destination=\"http://localh"
},
{
"path": "connector/saml/testdata/idp-resp-signed-message.xml",
"chars": 4415,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Response xmlns=\"urn:oasis:names:tc:SAML:2.0:protocol\" Destination=\"http://localh"
},
{
"path": "connector/saml/testdata/idp-resp.xml",
"chars": 2224,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Response xmlns=\"urn:oasis:names:tc:SAML:2.0:protocol\" Destination=\"http://localh"
},
{
"path": "connector/saml/testdata/oam-ca.pem",
"chars": 753,
"preview": "-----BEGIN CERTIFICATE-----\nMIIB/jCCAWegAwIBAgIBCjANBgkqhkiG9w0BAQQFADAkMSIwIAYDVQQDExlkZWFv\nYW0tZGV2MDIuanBsLm5hc2EuZ29"
},
{
"path": "connector/saml/testdata/oam-resp.xml",
"chars": 2900,
"preview": "<samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\" xmlns"
},
{
"path": "connector/saml/testdata/okta-ca.pem",
"chars": 1319,
"preview": "-----BEGIN CERTIFICATE-----\nMIIDpDCCAoygAwIBAgIGAVjgvNroMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYDVQQGEwJVUzETMBEG\nA1UECAwKQ2FsaWZ"
},
{
"path": "connector/saml/testdata/okta-resp.xml",
"chars": 8345,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><saml2p:Response xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\" Destination=\""
},
{
"path": "connector/saml/testdata/tampered-resp.xml",
"chars": 5803,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<saml2p:Response xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:xs=\"ht"
},
{
"path": "connector/saml/testdata/two-assertions-first-signed.tmpl",
"chars": 7585,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<saml2p:Response xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:xs=\"ht"
},
{
"path": "connector/saml/testdata/two-assertions-first-signed.xml",
"chars": 9118,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<saml2p:Response xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:xs=\"ht"
},
{
"path": "connector/saml/types.go",
"chars": 7605,
"preview": "package saml\n\nimport (\n\t\"bytes\"\n\t\"encoding/xml\"\n\t\"fmt\"\n\t\"time\"\n)\n\nconst timeFormat = \"2006-01-02T15:04:05Z\"\n\ntype xmlTim"
},
{
"path": "docker-compose.override.yaml.dist",
"chars": 374,
"preview": "version: \"3.8\"\n\nservices:\n mysql:\n ports:\n - \"127.0.0.1:3306:3306\"\n\n mysql8:\n ports:\n "
},
{
"path": "docker-compose.test.yaml",
"chars": 695,
"preview": "version: \"3.8\"\n\nservices:\n ldap:\n image: osixia/openldap:1.4.0\n # Copying is required because the entry"
},
{
"path": "docker-compose.yaml",
"chars": 2591,
"preview": "# This docker-compose file provides quick setups for testing different storage backend options.\nversion: \"3.8\"\n\nservices"
},
{
"path": "docs/README.md",
"chars": 92,
"preview": "These documents have moved to the [dexidp/website repo](https://github.com/dexidp/website).\n"
},
{
"path": "docs/enhancements/README.md",
"chars": 1249,
"preview": "# Dex Enhancement Proposal\n\n## Why do we need it?\n\nDex Enhancement Proposal (DEP) is a design document providing informa"
},
{
"path": "docs/enhancements/_title-YYYY-MM-DD-#issue.md",
"chars": 1940,
"preview": "# Dex Enhancement Proposal (DEP) <issue#> - <YYYY-MM-DD> - <title>\n\n## Table of Contents\n\n- [Summary](#summary)\n- [Motiv"
},
{
"path": "docs/enhancements/auth-sessions-2026-02-18.md",
"chars": 59305,
"preview": "# Dex Enhancement Proposal (DEP 4560) - 2026-02-18 - Auth Sessions\n\n## Table of Contents\n\n- [Summary](#summary)\n- [Motiv"
},
{
"path": "docs/enhancements/cel-expressions-2026-02-28.md",
"chars": 35324,
"preview": "# Dex Enhancement Proposal (DEP) - 2026-02-28 - CEL (Common Expression Language) Integration\n\n## Table of Contents\n\n- [S"
},
{
"path": "docs/enhancements/id-jag-2026-03-02#4600.md",
"chars": 13389,
"preview": "# Dex Enhancement Proposal (DEP) 4600 - 2026-03-02 - Identity Assertion JWT Authorization Grant (ID-JAG)\n\n## Table of Co"
},
{
"path": "docs/enhancements/token-exchange-2023-02-03-#2812.md",
"chars": 8417,
"preview": "# Dex Enhancement Proposal (DEP) 2812 - 2023-02-03 - Token Exchange\n\n## Table of Contents\n\n- [Summary](#summary)\n- [Moti"
},
{
"path": "examples/.gitignore",
"chars": 5,
"preview": "*.db\n"
},
{
"path": "examples/config-ad-kubelogin.yaml",
"chars": 1426,
"preview": "# Active Directory and kubelogin Integration sample\nissuer: https://dex.example.com:32000/dex\nstorage:\n type: sqlite3\n "
},
{
"path": "examples/config-dev.yaml",
"chars": 8140,
"preview": "# DEPRECATED: use config.yaml.dist and config.dev.yaml examples in the repository root.\n# TODO: keep this until all refe"
},
{
"path": "examples/example-app/handlers.go",
"chars": 3958,
"preview": "package main\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"time\"\n\n\t\"github.com/coreos/go-oidc/v3/oidc\"\n\t\"golang.org/x/oauth2"
},
{
"path": "examples/example-app/handlers_device.go",
"chars": 7643,
"preview": "package main\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n\n\t\"golang.org/x/oauth2\"\n)\n\nfun"
},
{
"path": "examples/example-app/handlers_userinfo.go",
"chars": 1894,
"preview": "package main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n)\n\nfunc (a *app) handleUserInfo(w http.ResponseWriter, "
},
{
"path": "examples/example-app/main.go",
"chars": 5549,
"preview": "package main\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"os\"\n\t\"sync\"\n\n\t\"github.com/coreos/go-o"
},
{
"path": "examples/example-app/static/app.js",
"chars": 5261,
"preview": "(function() {\n const crossClientInput = document.getElementById(\"cross_client_input\");\n const crossClientList = do"
},
{
"path": "examples/example-app/static/device.js",
"chars": 4055,
"preview": "(function() {\n const sessionID = document.getElementById(\"session-id\")?.value;\n const deviceCode = document.getEle"
},
{
"path": "examples/example-app/static/style.css",
"chars": 9881,
"preview": "body {\n font-family: Arial, sans-serif;\n background-color: #f2f2f2;\n margin: 0;\n display: flex;\n justify-"
},
{
"path": "examples/example-app/static/token.js",
"chars": 4745,
"preview": "// Simple JSON syntax highlighter\ndocument.addEventListener(\"DOMContentLoaded\", function() {\n const claimsElement = d"
},
{
"path": "examples/example-app/templates/device.html",
"chars": 2429,
"preview": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width"
},
{
"path": "examples/example-app/templates/index.html",
"chars": 3184,
"preview": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width"
},
{
"path": "examples/example-app/templates/token.html",
"chars": 2890,
"preview": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width"
},
{
"path": "examples/example-app/templates.go",
"chars": 4463,
"preview": "package main\n\nimport (\n\t\"context\"\n\t\"crypto/rsa\"\n\t\"crypto/x509\"\n\t\"embed\"\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"encoding/p"
},
{
"path": "examples/example-app/utils.go",
"chars": 3882,
"preview": "package main\n\nimport (\n\t\"bytes\"\n\t\"crypto/rand\"\n\t\"crypto/tls\"\n\t\"crypto/x509\"\n\t\"encoding/hex\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"lo"
},
{
"path": "examples/go.mod",
"chars": 647,
"preview": "module github.com/dexidp/dex/examples\n\ngo 1.25.0\n\nrequire (\n\tgithub.com/coreos/go-oidc/v3 v3.17.0\n\tgithub.com/dexidp/dex"
},
{
"path": "examples/go.sum",
"chars": 4885,
"preview": "github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=\ngithub.com/cespare/xxhash/v2 v2.3.0/"
},
{
"path": "examples/grpc-client/.gitignore",
"chars": 34,
"preview": "*.key\n*.crt\n*.csr\nindex.*\nserial*\n"
},
{
"path": "examples/grpc-client/README.md",
"chars": 2043,
"preview": "# Running a Dex gRPC client\n\nUsing gRPC, a client application can directly call methods on a server application as if it"
},
{
"path": "examples/grpc-client/cert-destroy",
"chars": 141,
"preview": "#!/bin/bash\n\nrm -f ca.key ca.crt server.key server.csr server.crt client.key client.csr client.crt index.* serial*\nrm -r"
},
{
"path": "examples/grpc-client/cert-gen",
"chars": 1515,
"preview": "#!/bin/bash\n\nif [ -z $SAN ]\n then echo \"Set SAN with a DNS or IP(e.g. export SAN=IP.1:127.0.0.1,IP.2:172.18.0.2).\"\n ex"
},
{
"path": "examples/grpc-client/client.go",
"chars": 5837,
"preview": "package main\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"crypto/x509\"\n\t\"flag\"\n\t\"fmt\"\n\t\"log\"\n\t\"os\"\n\n\t\"google.golang.org/grpc\"\n\t\""
},
{
"path": "examples/grpc-client/config.yaml",
"chars": 414,
"preview": "issuer: http://127.0.0.1:5556/dex\n\nstorage:\n type: sqlite3\n config:\n file: examples/dex.db\n\n# Configuration for the"
},
{
"path": "examples/grpc-client/openssl.conf",
"chars": 2415,
"preview": "# OpenSSL configuration file.\n# Adapted from https://github.com/coreos/matchbox/blob/master/examples/etc/matchbox/openss"
},
{
"path": "examples/k8s/.gitignore",
"chars": 5,
"preview": "ssl/\n"
},
{
"path": "examples/k8s/dex.yaml",
"chars": 3636,
"preview": "---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: dex\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n "
},
{
"path": "examples/k8s/gencert.sh",
"chars": 741,
"preview": "#!/bin/bash\n\nmkdir -p ssl\n\ncat << EOF > ssl/req.cnf\n[req]\nreq_extensions = v3_req\ndistinguished_name = req_distinguished"
},
{
"path": "examples/ldap/config-ldap.ldif",
"chars": 961,
"preview": "# Already included in default config of Docker image osixia/openldap:1.4.0.\n#\n# dn: dc=example,dc=org\n# objectClass: dcO"
},
{
"path": "examples/ldap/config-ldap.yaml",
"chars": 1682,
"preview": "issuer: http://127.0.0.1:5556/dex\nstorage:\n type: sqlite3\n config:\n file: examples/dex.db\nweb:\n http: 0.0.0.0:5556"
},
{
"path": "examples/ldap/docker-compose.yaml",
"chars": 1414,
"preview": "version: \"3\"\n\n# For LDAPS with certificate validation:\n# How to extract the TLS certificate from the OpenLDAP container,"
},
{
"path": "examples/oidc-conformance/config.yaml.tmpl",
"chars": 914,
"preview": "# Dex configuration for OIDC Conformance Testing.\n# See https://dexidp.io/docs/development/oidc-certification/\n#\n# This "
},
{
"path": "examples/oidc-conformance/run.sh",
"chars": 4859,
"preview": "#!/usr/bin/env bash\n#\n# OIDC Conformance Test Runner\n#\n# Starts Dex with a test configuration and exposes it via a publi"
},
{
"path": "flake.nix",
"chars": 1323,
"preview": "{\n inputs = {\n nixpkgs.url = \"github:NixOS/nixpkgs/nixpkgs-unstable\";\n flake-parts.url = \"github:hercules-ci/flak"
},
{
"path": "go.mod",
"chars": 5882,
"preview": "module github.com/dexidp/dex\n\ngo 1.25.0\n\nrequire (\n\tcloud.google.com/go/compute/metadata v0.9.0\n\tentgo.io/ent v0.14.5\n\tg"
},
{
"path": "go.sum",
"chars": 31863,
"preview": "ariga.io/atlas v0.32.1-0.20250325101103-175b25e1c1b9 h1:E0wvcUXTkgyN4wy4LGtNzMNGMytJN8afmIWXJVMi4cc=\nariga.io/atlas v0.3"
},
{
"path": "pkg/cel/cel.go",
"chars": 6645,
"preview": "package cel\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"reflect\"\n\n\t\"github.com/google/cel-go/cel\"\n\t\"github.com/google/cel-go/checker\"\n"
},
{
"path": "pkg/cel/cel_test.go",
"chars": 6845,
"preview": "package cel_test\n\nimport (\n\t\"context\"\n\t\"strings\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr"
},
{
"path": "pkg/cel/cost.go",
"chars": 3456,
"preview": "package cel\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/google/cel-go/checker\"\n)\n\n// DefaultCostBudget is the default cost budget for"
},
{
"path": "pkg/cel/cost_test.go",
"chars": 4080,
"preview": "package cel_test\n\nimport (\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testify/require\"\n\n\tde"
},
{
"path": "pkg/cel/doc.go",
"chars": 289,
"preview": "// Package cel provides a safe, sandboxed CEL (Common Expression Language)\n// environment for policy evaluation, claim m"
},
{
"path": "pkg/cel/library/doc.go",
"chars": 183,
"preview": "// Package library provides custom CEL function libraries for Dex.\n// Each library implements the cel.Library interface "
},
{
"path": "pkg/cel/library/email.go",
"chars": 1668,
"preview": "package library\n\nimport (\n\t\"strings\"\n\n\t\"github.com/google/cel-go/cel\"\n\t\"github.com/google/cel-go/common/types\"\n\t\"github."
},
{
"path": "pkg/cel/library/email_test.go",
"chars": 2413,
"preview": "package library_test\n\nimport (\n\t\"context\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stretchr/testif"
},
{
"path": "pkg/cel/library/groups.go",
"chars": 2992,
"preview": "package library\n\nimport (\n\t\"path\"\n\n\t\"github.com/google/cel-go/cel\"\n\t\"github.com/google/cel-go/common/types\"\n\t\"github.com"
},
{
"path": "pkg/cel/library/groups_test.go",
"chars": 3827,
"preview": "package library_test\n\nimport (\n\t\"context\"\n\t\"reflect\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\t\"github.com/stre"
},
{
"path": "pkg/cel/types.go",
"chars": 3432,
"preview": "package cel\n\nimport (\n\t\"github.com/google/cel-go/cel\"\n\n\t\"github.com/dexidp/dex/connector\"\n)\n\n// VariableDeclaration decl"
},
{
"path": "pkg/featureflags/doc.go",
"chars": 165,
"preview": "// Package featureflags provides a mechanism for toggling experimental or\n// optional Dex features via environment varia"
},
{
"path": "pkg/featureflags/flag.go",
"chars": 452,
"preview": "package featureflags\n\nimport (\n\t\"os\"\n\t\"strconv\"\n\t\"strings\"\n)\n\ntype flag struct {\n\tName string\n\tDefault bool\n}\n\nfunc ("
},
{
"path": "pkg/featureflags/set.go",
"chars": 1267,
"preview": "package featureflags\n\nvar (\n\t// EntEnabled enables experimental ent-based engine for the database storages.\n\t// https://"
},
{
"path": "pkg/groups/doc.go",
"chars": 78,
"preview": "// Package groups contains helper functions related to groups.\npackage groups\n"
},
{
"path": "pkg/groups/groups.go",
"chars": 453,
"preview": "package groups\n\n// Filter filters out any groups of given that are not in required. Thus it may\n// happen that the resul"
},
{
"path": "pkg/groups/groups_test.go",
"chars": 880,
"preview": "package groups_test\n\nimport (\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n\n\t\"github.com/dexidp/dex/pkg/groups\"\n)\n\n"
},
{
"path": "pkg/httpclient/doc.go",
"chars": 161,
"preview": "// Package httpclient provides a configurable HTTP client constructor with\n// support for custom CA certificates, root C"
},
{
"path": "pkg/httpclient/httpclient.go",
"chars": 1509,
"preview": "package httpclient\n\nimport (\n\t\"crypto/tls\"\n\t\"crypto/x509\"\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"net\"\n\t\"net/http\"\n\t\"os\"\n\t\"time\"\n)\n\n"
},
{
"path": "pkg/httpclient/httpclient_test.go",
"chars": 1976,
"preview": "package httpclient_test\n\nimport (\n\t\"crypto/tls\"\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/http/httptest\"\n\t\"os\"\n\t"
},
{
"path": "pkg/httpclient/readme.md",
"chars": 939,
"preview": "# Regenerate testdata\n\n### server.csr.cnf\n\n```\n[req]\ndefault_bits = 2048\nprompt = no\ndefault_md = sha256\ndistinguished_n"
},
{
"path": "pkg/httpclient/testdata/rootCA.key",
"chars": 1675,
"preview": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEA4dB5aQCjCmMsW71u9F0WNm1TYjXQBZ4p7oNT+BQwCc/MZ2xc\n5NexS2O86nbRkw5jwyfAAMS"
},
{
"path": "pkg/httpclient/testdata/rootCA.pem",
"chars": 1391,
"preview": "-----BEGIN CERTIFICATE-----\nMIID1jCCAr4CCQCG4JBeSi6cDjANBgkqhkiG9w0BAQsFADCBrDELMAkGA1UEBhMC\nVVMxFDASBgNVBAgMC1JhbmRvbVN"
},
{
"path": "pkg/httpclient/testdata/rootCA.srl",
"chars": 17,
"preview": "C1B35F0051A641BB\n"
},
{
"path": "pkg/httpclient/testdata/server.crt",
"chars": 1757,
"preview": "-----BEGIN CERTIFICATE-----\nMIIE5TCCA82gAwIBAgIJAMGzXwBRpkG7MA0GCSqGSIb3DQEBCwUAMIGsMQswCQYD\nVQQGEwJVUzEUMBIGA1UECAwLUmF"
},
{
"path": "pkg/httpclient/testdata/server.csr",
"chars": 1098,
"preview": "-----BEGIN CERTIFICATE REQUEST-----\nMIIC8jCCAdoCAQAwgawxCzAJBgNVBAYTAlVTMRQwEgYDVQQIDAtSYW5kb21TdGF0\nZTETMBEGA1UEBwwKUmF"
},
{
"path": "pkg/httpclient/testdata/server.csr.cnf",
"chars": 214,
"preview": "[req]\ndefault_bits = 2048\nprompt = no\ndefault_md = sha256\ndistinguished_name = dn\n\n[dn]\nC=US\nST=RandomState\nL=RandomCity"
},
{
"path": "pkg/httpclient/testdata/server.key",
"chars": 1704,
"preview": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLinaVz/O0OyoN\n4mn187wblSMldSuVJjGIjZKM7ZA"
},
{
"path": "pkg/httpclient/testdata/v3.ext",
"chars": 217,
"preview": "authorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage = digitalSignature, nonRepudiation, keyEncipherme"
},
{
"path": "scripts/git-version",
"chars": 1594,
"preview": "#!/bin/sh -e\n\n# parse the current git commit hash\nCOMMIT=`git rev-parse --short=8 HEAD`\n\n# check if the current commit h"
},
{
"path": "scripts/manifests/.editorconfig",
"chars": 33,
"preview": "[{*.yml,*.yaml}]\nindent_size = 2\n"
},
{
"path": "scripts/manifests/crds/authcodes.yaml",
"chars": 427,
"preview": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: authcodes.dex.coreos.com\nspec:\n gr"
},
{
"path": "scripts/manifests/crds/authrequests.yaml",
"chars": 442,
"preview": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: authrequests.dex.coreos.com\nspec:\n "
},
{
"path": "scripts/manifests/crds/connectors.yaml",
"chars": 432,
"preview": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: connectors.dex.coreos.com\nspec:\n g"
},
{
"path": "scripts/manifests/crds/devicerequests.yaml",
"chars": 452,
"preview": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: devicerequests.dex.coreos.com\nspec:"
},
{
"path": "scripts/manifests/crds/devicetokens.yaml",
"chars": 442,
"preview": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: devicetokens.dex.coreos.com\nspec:\n "
},
{
"path": "scripts/manifests/crds/oauth2clients.yaml",
"chars": 447,
"preview": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: oauth2clients.dex.coreos.com\nspec:\n"
},
{
"path": "scripts/manifests/crds/offlinesessionses.yaml",
"chars": 464,
"preview": "apiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: offlinesessionses.dex.coreos.com\nsp"
}
]
// ... and 232 more files (download for full content)
About this extraction
This page contains the full source code of the dexidp/dex GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 432 files (3.6 MB), approximately 956.3k tokens, and a symbol index with 7658 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.