Dex
Federate Identity Provider| Dex
Overview Dex is able to use another OpenID Connect provider as an authentication source. When logging in, dex will redirect to the upstream provider and perform the necessary OAuth2 flows to determine the end users email, username, etc. More details on the OpenID Connect protocol can be found in An overview of OpenID Connect. Prominent examples of OpenID Connect providers include Google Accounts, Salesforce, and Azure AD v2 (not v1).| Dex
Custom Scopes, Claims and Client Features| Dex
Once you have dex up and running, the next step is to write applications that use dex to drive authentication. Apps that interact with dex generally fall into one of two categories: Apps that request OpenID Connect ID tokens to authenticate users. Used for authenticating an end user. Must be web based. Apps that consume ID tokens from other apps. Needs to verify that a client is acting on behalf of a user. The first category of apps are standard OAuth2 clients. Users show up at a website, and...| – Guides
Overview This document covers setting up the Kubernetes OpenID Connect token authenticator plugin with dex. It also contains a worked example showing how the Dex server can be deployed within Kubernetes. Token responses from OpenID Connect providers include a signed JWT called an ID Token. ID Tokens contain names, emails, unique identifiers, and in dex’s case, a set of groups that can be used to identify the user. OpenID Connect providers, like dex, publish public keys; the Kubernetes API s...| – Guides
Using your own templates Dex supports using your own templates and passing arbitrary data to them to help customize your installation. Steps: Copy contents of the web directory over to a new directory. Customize the templates as needed, be sure to retain all the existing variables so Dex continues working correctly. (Use the following syntax to render values from frontend.extra config: {{ "your_key" | extra }}) Set the frontend.dir value to your own web directory (Alternatively, you can set t...| – Guides
Most common scenarios and how to solve them| Dex
Overview Most Dex connectors redirect users to the upstream identity provider as part of the authentication flow. While this works for human users, it is much harder for machines and automated processes (e.g., CI pipelines) to complete this interactive flow. This is where OAuth2 Token Exchange comes in: it allows clients to exchange an access or ID token they already have (obtained from their environment, through custom CLI commands, etc.) for a token issued by dex.| Dex
