mystiq/dex
Archived
4
0
Fork 1
Code Issues Pull requests Packages Projects Releases Wiki Activity
This repository has been archived on 2022-08-17. You can view files and clone it, but cannot push or open issues or pull requests.
263 commits 27 branches 73 tags 23 MiB
Go 97.8%
CSS 0.6%
HTML 0.6%
Makefile 0.5%
Dockerfile 0.2%
Other 0.2%
Go to file
Eric Chiang 8b8c076ecf Documentation: clarify difference between LDAP ports and security guarantees 
Now that LDAP supports an `insecureSkipVerify` option, clarify that
`insecureNoTLS` is an extremely bad choice and as such we may drop
support for 389 in the future.

However, since we send plain text passwords from our frontend to our
backend, this probably gets us into a bigger conversation about dex's
TLS story. For example when terminiation is approporate. cc'ing
@dghubble for thoughts on how that might apply to our internal uses.

We probably want an overaching security doc at some point, but that
can be another PR.
2016-11-23 12:26:44 -08:00
api api: adding a gRPC call for listing passwords. 2016-11-17 16:56:54 -08:00
cmd cmd/dex: validate that connectors have an ID. 2016-11-15 11:39:45 -07:00
connector *: add tests for the RefreshConnector 2016-11-22 12:53:46 -08:00
Documentation Documentation: clarify difference between LDAP ports and security guarantees 2016-11-23 12:26:44 -08:00
examples Fix Google OIDC callback url 2016-11-21 10:25:16 -08:00
scripts *: travis tests and build scripts should use Go 1.7.3. 2016-11-03 12:28:53 -07:00
server *: add tests for the RefreshConnector 2016-11-22 12:53:46 -08:00
storage api: adding a gRPC call for listing passwords. 2016-11-17 16:56:54 -08:00
vendor vendor: revendor 2016-11-03 15:24:47 -07:00
version *: determine version from git 2016-08-09 14:38:09 -07:00
web/templates *: rename internally used "state" form value to "req" 2016-10-27 10:26:01 -07:00
.gitignore *: prepare build scripts for a release 2016-10-05 23:43:44 -07:00
.travis.yml *: travis tests and build scripts should use Go 1.7.3. 2016-11-03 12:28:53 -07:00
DCO *: add DCO and LICENSE 2016-10-13 11:33:32 -07:00
Dockerfile Dockerfile: add OpenSSL to Docker container 2016-11-14 17:25:19 -08:00
glide.lock *: switch to github.com/ghodss/yaml for more consistent YAML parsing 2016-11-03 14:39:32 -07:00
glide.yaml glide.yaml: add new yaml package 2016-11-03 15:24:35 -07:00
glide_test.go initial commit 2016-07-26 15:51:24 -07:00
LICENSE *: add DCO and LICENSE 2016-10-13 11:33:32 -07:00
Makefile *: build aci at the correct path including version, OS, and arch 2016-10-14 14:29:22 -07:00
README.md *: document the GitHub connector 2016-11-22 12:53:46 -08:00

README.md

dex - A federated OpenID Connect provider

GoDoc

logo

Dex is an OpenID Connect server that allows users to login through upstream identity providers. Clients use a standards-based OAuth2 flow to login users, while the actual authentication is performed by established user management systems such as Google, GitHub, FreeIPA, etc.

OpenID Connect is a flavor of OAuth that builds on top of OAuth2 using the JOSE standards. This allows dex to provide:

  • Short-lived, signed tokens with standard fields (such as email) issued on behalf of users.
  • "well-known" discovery of OAuth2 endpoints.
  • OAuth2 mechanisms such as refresh tokens and revocation for long term access.
  • Automatic signing key rotation.

Standards-based token responses allows applications to interact with any OpenID Connect server instead of writing backend specific "access_token" dances. Systems that can already consume ID Tokens issued by dex include:

Documentation

Getting help

  • For bugs and feature requests (including documentation!), file an issue.
  • For general discussion about both using and developing dex, join the dex-dev mailing list.
  • For more details on dex development plans, check out the GitHub milestones.