This repository has been archived on 2023-08-14. You can view files and clone it, but cannot push or open issues or pull requests.
dex/README.md

68 lines
3.8 KiB
Markdown
Raw Normal View History

2016-08-09 19:40:01 +00:00
# dex - A federated OpenID Connect provider
2016-12-07 18:22:04 +00:00
[![Travis](https://api.travis-ci.org/coreos/dex.svg)](https://travis-ci.org/coreos/dex)
2016-11-08 19:51:59 +00:00
[![GoDoc](https://godoc.org/github.com/coreos/dex?status.svg)](https://godoc.org/github.com/coreos/dex)
2016-12-13 20:24:27 +00:00
[![Go Report Card](https://goreportcard.com/badge/github.com/coreos/dex)](https://goreportcard.com/report/github.com/coreos/dex)
2016-08-11 05:26:36 +00:00
2016-11-08 19:51:59 +00:00
![logo](Documentation/logos/dex-horizontal-color.png)
2016-08-11 05:26:36 +00:00
Dex is an OpenID Connect server that connects to other identity providers. Clients use a standards-based OAuth2 flow to login users, while the actual authentication is performed by established user management systems such as Google, GitHub, FreeIPA, etc.
2016-08-09 19:40:01 +00:00
2016-11-08 19:51:59 +00:00
[OpenID Connect][openid-connect] is a flavor of OAuth that builds on top of OAuth2 using the JOSE standards. This allows dex to provide:
* Short-lived, signed tokens with standard fields (such as email) issued on behalf of users.
* "well-known" discovery of OAuth2 endpoints.
2016-08-09 19:40:01 +00:00
* OAuth2 mechanisms such as refresh tokens and revocation for long term access.
* Automatic signing key rotation.
2016-11-08 19:51:59 +00:00
Standards-based token responses allows applications to interact with any OpenID Connect server instead of writing backend specific "access_token" dances. Systems that can already consume ID Tokens issued by dex include:
2016-11-08 19:51:59 +00:00
* [Kubernetes][kubernetes]
2016-11-19 01:07:10 +00:00
* [AWS STS][aws-sts]
## Kubernetes + dex
Dex's main production use is as an auth-N addon in CoreOS's enterprise Kubernetes solution, [Tectonic][tectonic]. Dex runs natively on top of any Kubernetes cluster using Third Party Resources and can drive API server authentication through the OpenID Connect plugin. Clients, such as the [Tectonic Console][tectonic-console] and `kubectl`, can act on behalf users who can login to the cluster through any identity provider dex supports.
More docs for running dex as a Kubernetes authenticator can be found [here](Documentation/kubernetes.md).
2016-11-08 19:51:59 +00:00
## Documentation
2016-11-08 19:51:59 +00:00
* [Getting started](Documentation/getting-started.md)
* [Writing apps that use dex](Documentation/using-dex.md)
* [What's new in v2](Documentation/v2.md)
* [Custom scopes, claims, and client features](Documentation/custom-scopes-claims-clients.md)
2016-11-08 19:51:59 +00:00
* [Storage options](Documentation/storage.md)
* [Intro to OpenID Connect](Documentation/openid-connect.md)
* [gRPC API](Documentation/api.md)
* [Using Kubernetes with dex](Documentation/kubernetes.md)
2016-11-19 01:07:10 +00:00
* Identity provider logins
* [LDAP](Documentation/ldap-connector.md)
2016-11-22 00:41:06 +00:00
* [GitHub](Documentation/github-connector.md)
2017-04-11 17:04:48 +00:00
* [GitLab](Documentation/gitlab-connector.md)
* [SAML 2.0](Documentation/saml-connector.md)
* [OpenID Connect](Documentation/oidc-connector.md) (includes Google, Salesforce, Azure, etc.)
2016-11-19 01:07:10 +00:00
* Client libraries
* [Go][go-oidc]
## Reporting a security vulnerability
Due to their public nature, GitHub and mailing lists are NOT appropriate places for reporting vulnerabilities. Please refer to CoreOS's [security disclosure][disclosure] process when reporting issues that may be security related.
## Getting help
* For feature requests and bugs, file an [issue][issues].
* For general discussion about both using and developing dex, join the [dex-dev][dex-dev] mailing list.
* For more details on dex development plans, check out the GitHub [milestones][milestones].
2016-11-08 19:51:59 +00:00
[openid-connect]: https://openid.net/connect/
[kubernetes]: http://kubernetes.io/docs/admin/authentication/#openid-connect-tokens
2016-11-19 01:07:10 +00:00
[aws-sts]: https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html
[tectonic]: https://tectonic.com/
[tectonic-console]: https://tectonic.com/enterprise/docs/latest/usage/index.html#tectonic-console
2016-11-19 01:07:10 +00:00
[go-oidc]: https://github.com/coreos/go-oidc
2016-11-09 08:03:14 +00:00
[issues]: https://github.com/coreos/dex/issues
[dex-dev]: https://groups.google.com/forum/#!forum/dex-dev
[milestones]: https://github.com/coreos/dex/milestones
[disclosure]: https://coreos.com/security/disclosure/