2016-08-09 19:40:01 +00:00
# dex - A federated OpenID Connect provider
2016-12-07 18:22:04 +00:00
[![Travis ](https://api.travis-ci.org/coreos/dex.svg )](https://travis-ci.org/coreos/dex)
2016-11-08 19:51:59 +00:00
[![GoDoc ](https://godoc.org/github.com/coreos/dex?status.svg )](https://godoc.org/github.com/coreos/dex)
2016-12-13 20:24:27 +00:00
[![Go Report Card ](https://goreportcard.com/badge/github.com/coreos/dex )](https://goreportcard.com/report/github.com/coreos/dex)
2016-08-11 05:26:36 +00:00
2016-11-08 19:51:59 +00:00
![logo ](Documentation/logos/dex-horizontal-color.png )
2016-08-11 05:26:36 +00:00
2016-12-07 02:44:50 +00:00
Dex is an OpenID Connect server that connects to other identity providers. Clients use a standards-based OAuth2 flow to login users, while the actual authentication is performed by established user management systems such as Google, GitHub, FreeIPA, etc.
2016-08-09 19:40:01 +00:00
2016-11-08 19:51:59 +00:00
[OpenID Connect][openid-connect] is a flavor of OAuth that builds on top of OAuth2 using the JOSE standards. This allows dex to provide:
* Short-lived, signed tokens with standard fields (such as email) issued on behalf of users.
* "well-known" discovery of OAuth2 endpoints.
2016-08-09 19:40:01 +00:00
* OAuth2 mechanisms such as refresh tokens and revocation for long term access.
* Automatic signing key rotation.
2016-11-08 19:51:59 +00:00
Standards-based token responses allows applications to interact with any OpenID Connect server instead of writing backend specific "access_token" dances. Systems that can already consume ID Tokens issued by dex include:
2016-08-11 05:48:58 +00:00
2016-11-08 19:51:59 +00:00
* [Kubernetes][kubernetes]
2016-11-19 01:07:10 +00:00
* [AWS STS][aws-sts]
2016-08-11 05:48:58 +00:00
2016-12-07 02:44:50 +00:00
## Kubernetes + dex
Dex's main production use is as an auth-N addon in CoreOS's enterprise Kubernetes solution, [Tectonic][tectonic]. Dex runs natively on top of any Kubernetes cluster using Third Party Resources and can drive API server authentication through the OpenID Connect plugin. Clients, such as the [Tectonic Console][tectonic-console] and `kubectl` , can act on behalf users who can login to the cluster through any identity provider dex supports.
More docs for running dex as a Kubernetes authenticator can be found [here ](Documentation/kubernetes.md ).
2016-11-08 19:51:59 +00:00
## Documentation
2016-08-11 05:48:58 +00:00
2016-11-08 19:51:59 +00:00
* [Getting started ](Documentation/getting-started.md )
2017-04-20 23:48:09 +00:00
* [Writing apps that use dex ](Documentation/using-dex.md )
2016-11-08 23:28:18 +00:00
* [What's new in v2 ](Documentation/v2.md )
2017-03-20 22:40:24 +00:00
* [Custom scopes, claims, and client features ](Documentation/custom-scopes-claims-clients.md )
2016-11-08 19:51:59 +00:00
* [Storage options ](Documentation/storage.md )
* [Intro to OpenID Connect ](Documentation/openid-connect.md )
* [gRPC API ](Documentation/api.md )
2016-12-07 02:44:50 +00:00
* [Using Kubernetes with dex ](Documentation/kubernetes.md )
2016-11-19 01:07:10 +00:00
* Identity provider logins
* [LDAP ](Documentation/ldap-connector.md )
2016-11-22 00:41:06 +00:00
* [GitHub ](Documentation/github-connector.md )
2017-04-11 17:04:48 +00:00
* [GitLab ](Documentation/gitlab-connector.md )
2017-04-11 00:31:07 +00:00
* [SAML 2.0 ](Documentation/saml-connector.md )
2017-03-20 15:39:08 +00:00
* [OpenID Connect ](Documentation/oidc-connector.md ) (includes Google, Salesforce, Azure, etc.)
2016-11-19 01:07:10 +00:00
* Client libraries
* [Go][go-oidc]
2016-08-11 05:48:58 +00:00
2017-04-19 20:37:38 +00:00
## Reporting a security vulnerability
Due to their public nature, GitHub and mailing lists are NOT appropriate places for reporting vulnerabilities. Please refer to CoreOS's [security disclosure][disclosure] process when reporting issues that may be security related.
2016-11-08 23:28:18 +00:00
## Getting help
2017-04-19 20:37:38 +00:00
* For feature requests and bugs, file an [issue][issues].
2016-11-08 23:28:18 +00:00
* For general discussion about both using and developing dex, join the [dex-dev][dex-dev] mailing list.
* For more details on dex development plans, check out the GitHub [milestones][milestones].
2016-11-08 19:51:59 +00:00
[openid-connect]: https://openid.net/connect/
[kubernetes]: http://kubernetes.io/docs/admin/authentication/#openid-connect-tokens
2016-11-19 01:07:10 +00:00
[aws-sts]: https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html
2016-12-07 02:44:50 +00:00
[tectonic]: https://tectonic.com/
[tectonic-console]: https://tectonic.com/enterprise/docs/latest/usage/index.html#tectonic-console
2016-11-19 01:07:10 +00:00
[go-oidc]: https://github.com/coreos/go-oidc
2016-11-09 08:03:14 +00:00
[issues]: https://github.com/coreos/dex/issues
[dex-dev]: https://groups.google.com/forum/#!forum/dex-dev
2016-11-08 23:28:18 +00:00
[milestones]: https://github.com/coreos/dex/milestones
2017-04-19 20:37:38 +00:00
[disclosure]: https://coreos.com/security/disclosure/