| cmd | ||
| connector | ||
| Documentation | ||
| examples | ||
| scripts | ||
| server | ||
| storage | ||
| vendor | ||
| version | ||
| .gitignore | ||
| Dockerfile | ||
| glide.lock | ||
| glide.yaml | ||
| glide_test.go | ||
| Makefile | ||
| README.md | ||
dex - A federated OpenID Connect provider
This is an experimental version of dex that is likely to change in incompatible ways.
dex is an OAuth2 server that presents clients with a low overhead framework for identifying users while leveraging existing identity services such as Google Accounts, FreeIPA, GitHub, etc, for actual authentication. dex sits between your applications and an identity service, providing a backend agnostic flavor of OAuth2 called OpenID Connect, a spec will allows dex to support:
- Short-lived, signed tokens with predefined fields (such as email) issued on behalf of users.
- Well known discovery of OAuth2 endpoints.
- OAuth2 mechanisms such as refresh tokens and revocation for long term access.
- Automatic signing key rotation.
Any system which can query dex can cryptographically verify a users identity based on these tokens, allowing authentication events to be passed between backend services.
One such application that consumes OpenID Connect tokens is the Kubernetes API server, allowing dex to provide identity for any Kubernetes clusters.