# Dex Quickstart Guide [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)

# The base path of dex and the external name of the OpenID Connect service.
# This is the canonical URL that all clients MUST use to refer to dex. If a
# path is provided, dex's HTTP service will listen at a non-root URL.
issuer: http://127.0.0.1:5556/dex

# The storage configuration determines where dex stores its state. Supported
# options include SQL flavors and Kubernetes third party resources.
#

          --health-retries 5
      openid:
        image: quay.io/minio/dex
        ports:
          - "5556:5556"
        env:
          DEX_LDAP_SERVER: "openldap:389"
      openid2:
        image: quay.io/minio/dex
        ports:
          - "5557:5557"
        env:
          DEX_LDAP_SERVER: "openldap:389"
          DEX_ISSUER: "http://127.0.0.1:5557/dex"
          DEX_WEB_HTTP: "0.0.0.0:5557"

    strategy:

//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package main

// This programs mocks user interaction against Dex IDP and generates STS
// credentials. It is for MinIO testing purposes only.
//
// Run like:
//
// $ MINIO_ENDPOINT=http://localhost:9000 go run gen-oidc-sts-cred.go

import (
	"context"
	"fmt"
	"log"

| [**WebIdentity**](https://github.com/minio/minio/blob/master/docs/sts/web-identity.md) | Let users request temporary credentials using any OpenID(OIDC) compatible web identity providers such as KeyCloak, Dex, Facebook, Google etc. |

export MINIO_KMS_AUTO_ENCRYPTION=off
export MINIO_PROMETHEUS_AUTH_TYPE=public
export MINIO_KMS_SECRET_KEY=my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw=
export MINIO_IDENTITY_OPENID_CONFIG_URL="http://localhost:5556/dex/.well-known/openid-configuration"
export MINIO_IDENTITY_OPENID_CLIENT_ID="minio-client-app"
export MINIO_IDENTITY_OPENID_CLIENT_SECRET="minio-client-app-secret"
export MINIO_IDENTITY_OPENID_CLAIM_NAME="groups"

type OpenIDClientAppParams struct {
	ClientID, ClientSecret, ProviderURL, RedirectURL string
}

// MockOpenIDTestUserInteraction - tries to login to dex using provided credentials.
// It performs the user's browser interaction to login and retrieves the auth
// code from dex and exchanges it for a JWT.
func MockOpenIDTestUserInteraction(ctx context.Context, pro OpenIDClientAppParams, username, password string) (string, error) {

				"application/x-chrome-package",
				"application/x-compress",
				"application/x-corelpresentations",
				"application/x-cpio",
				"application/x-csh",
				"application/x-debian-package",
				"application/x-dex",
				"application/x-director",
				"application/x-doom",
				"application/x-dtbncx+xml",
				"application/x-dtbook+xml",
				"application/x-dtbresource+xml",
				"application/x-dvi",
				"application/x-elc",

    <glob pattern="*.udeb"/>
  </mime-type>

  <mime-type type="application/x-dex">
    <acronym>DEX</acronym>
    <_comment>Dalvik Executable Format</_comment>
    <tika:link>http://source.android.com/devices/tech/dalvik/dex-format.html</tika:link>
    <magic priority="50">
      <match value="dex\n" type="string" offset="0">
        <match value="\0" type="string" offset="7"/>
      </match>

}

var testAppParams = OpenIDClientAppParams{
	ClientID:     "minio-client-app",
	ClientSecret: "minio-client-app-secret",
	ProviderURL:  "http://127.0.0.1:5556/dex",
	RedirectURL:  "http://127.0.0.1:10000/oauth_callback",
}

const (
	EnvTestOpenIDServer  = "_MINIO_OPENID_TEST_SERVER"
	EnvTestOpenIDServer2 = "_MINIO_OPENID_TEST_SERVER_2"
)