No description
Find a file
Eric Chiang d11224f2bb Merge pull request #668 from ericchiang/dev-ldap-conn
connector: accept base64 encoded CA and add convience open method
2016-11-03 16:39:22 -07:00
api api: add gRPC endpoints for creating, updating and deleting passwords 2016-11-01 14:10:35 -07:00
cmd cmd/dex: accept raw bcrypt'd hash as well as base64'd version of hash 2016-11-03 15:23:56 -07:00
connector connector: accept base64 encoded CA and add convience open method 2016-11-03 16:28:23 -07:00
Documentation cmd/dex: add option for gRPC client auth CA. 2016-11-02 14:51:22 -07:00
examples cmd/dex: accept raw bcrypt'd hash as well as base64'd version of hash 2016-11-03 15:23:56 -07:00
scripts *: travis tests and build scripts should use Go 1.7.3. 2016-11-03 12:28:53 -07:00
server Merge pull request #658 from ericchiang/dev-dont-error-on-invalid-username 2016-11-01 16:06:40 -07:00
storage *: switch to github.com/ghodss/yaml for more consistent YAML parsing 2016-11-03 14:39:32 -07:00
vendor vendor: revendor 2016-11-03 15:24:47 -07:00
version *: determine version from git 2016-08-09 14:38:09 -07:00
web/templates *: rename internally used "state" form value to "req" 2016-10-27 10:26:01 -07:00
.gitignore *: prepare build scripts for a release 2016-10-05 23:43:44 -07:00
.travis.yml *: travis tests and build scripts should use Go 1.7.3. 2016-11-03 12:28:53 -07:00
DCO *: add DCO and LICENSE 2016-10-13 11:33:32 -07:00
Dockerfile *: prepare build scripts for a release 2016-10-05 23:43:44 -07:00
glide.lock *: switch to github.com/ghodss/yaml for more consistent YAML parsing 2016-11-03 14:39:32 -07:00
glide.yaml glide.yaml: add new yaml package 2016-11-03 15:24:35 -07:00
glide_test.go initial commit 2016-07-26 15:51:24 -07:00
LICENSE *: add DCO and LICENSE 2016-10-13 11:33:32 -07:00
Makefile *: build aci at the correct path including version, OS, and arch 2016-10-14 14:29:22 -07:00
README.md *: add more comments to the example config 2016-10-14 08:58:57 -07:00
TODO.md *: switch to github.com/ghodss/yaml for more consistent YAML parsing 2016-11-03 14:39:32 -07:00

dex - A federated OpenID Connect provider

Caution image

This is an experimental version of dex that is likely to change in incompatible ways.

dex is an OAuth2 server that presents clients with a low overhead framework for identifying users while leveraging existing identity services such as Google Accounts, FreeIPA, GitHub, etc, for actual authentication. dex sits between your applications and an identity service, providing a backend agnostic flavor of OAuth2 called OpenID Connect, a spec will allows dex to support:

  • Short-lived, signed tokens with predefined fields (such as email) issued on behalf of users.
  • Well known discovery of OAuth2 endpoints.
  • OAuth2 mechanisms such as refresh tokens and revocation for long term access.
  • Automatic signing key rotation.

Any system which can query dex can cryptographically verify a users identity based on these tokens, allowing authentication events to be passed between backend services.

One such application that consumes OpenID Connect tokens is the Kubernetes API server, allowing dex to provide identity for any Kubernetes clusters.

Getting started

dex requires a Go installation and a GOPATH configured. Clone it down the correct place, and simply type make to compile dex.

git clone https://github.com/coreos/dex.git $GOPATH/src/github.com/coreos/dex
cd $GOPATH/src/github.com/coreos/dex
git checkout dev
make

dex is a single, scalable binary that pulls all configuration from a config file (no command line flags at the moment). Use one of the config files defined in the examples folder to start up dex with an in-memory data store.

./bin/dex serve examples/config-dev.yaml

dex allows OAuth2 clients to be defined statically through the config file. In another window, run the example-app (an OAuth2 client). By default this is configured to use the client ID and secret defined in the config file.

./bin/example-app

Then to interact with dex, like any other OAuth2 provider, you must first visit a client app, then be prompted to login through dex. This can be achieved using the following steps:

  1. Navigate to http://localhost:5555/ in your browser.
  2. Hit "login" on the example app to be redirected to dex.
  3. Choose the "Login with Email" and enter "admin@example.com" and "password"
  4. Approve the example app's request.
  5. See the resulting token the example app claims from dex.