@ -1,4 +1,4 @@
|
|||||||
.github/
|
.github/
|
||||||
|
.gitpod.yml
|
||||||
bin/
|
bin/
|
||||||
tmp/
|
tmp/
|
||||||
.gitpod.yml
|
|
||||||
|
@ -13,3 +13,6 @@ indent_style = tab
|
|||||||
|
|
||||||
[*.proto]
|
[*.proto]
|
||||||
indent_size = 2
|
indent_size = 2
|
||||||
|
|
||||||
|
[{Makefile,*.mk}]
|
||||||
|
indent_style = tab
|
||||||
|
0
DCO → .github/DCO
vendored
7
.gitignore
vendored
@ -1,5 +1,4 @@
|
|||||||
bin
|
/.idea/
|
||||||
dist
|
/bin/
|
||||||
_output
|
/docker-compose.override.yaml
|
||||||
.idea
|
|
||||||
/vendor/
|
/vendor/
|
||||||
|
@ -4,7 +4,7 @@ ARG TARGETOS
|
|||||||
ARG TARGETARCH
|
ARG TARGETARCH
|
||||||
ARG TARGETVARIANT=""
|
ARG TARGETVARIANT=""
|
||||||
|
|
||||||
WORKDIR /go/src/github.com/dexidp/dex
|
WORKDIR /usr/local/src/dex
|
||||||
|
|
||||||
ENV GOOS=${TARGETOS} \
|
ENV GOOS=${TARGETOS} \
|
||||||
GOARCH=${TARGETARCH} \
|
GOARCH=${TARGETARCH} \
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
Joel Speed <Joel.speed@hotmail.co.uk> (@JoelSpeed)
|
Joel Speed <Joel.speed@hotmail.co.uk> (@JoelSpeed)
|
||||||
Mark Sagi-Kazar <mark.sagikazar@gmail.com> (@sagikazarmark)
|
Mark Sagi-Kazar <mark.sagikazar@gmail.com> (@sagikazarmark)
|
||||||
Nandor Kracser <nandor@banzaicloud.com> (@bonifaido)
|
Nandor Kracser <bonifaido@gmail.com> (@bonifaido)
|
||||||
Rithu John <rithujohn191@gmail.com> (@rithujohn191)
|
Rithu John <rithujohn191@gmail.com> (@rithujohn191)
|
||||||
Stephen Augustus <stephen@agst.us> (@justaugustus)
|
Stephen Augustus <stephen@agst.us> (@justaugustus)
|
||||||
|
12
Makefile
@ -40,6 +40,18 @@ bin/example-app:
|
|||||||
release-binary:
|
release-binary:
|
||||||
@go build -o /go/bin/dex -v -ldflags $(LD_FLAGS) $(REPO_PATH)/cmd/dex
|
@go build -o /go/bin/dex -v -ldflags $(LD_FLAGS) $(REPO_PATH)/cmd/dex
|
||||||
|
|
||||||
|
docker-compose.override.yaml:
|
||||||
|
cp docker-compose.override.yaml.dist docker-compose.override.yaml
|
||||||
|
|
||||||
|
.PHONY: up
|
||||||
|
up: docker-compose.override.yaml ## Launch the development environment
|
||||||
|
@ if [ docker-compose.override.yaml -ot docker-compose.override.yaml.dist ]; then diff -u docker-compose.override.yaml docker-compose.override.yaml.dist || (echo "!!! The distributed docker-compose.override.yaml example changed. Please update your file accordingly (or at least touch it). !!!" && false); fi
|
||||||
|
docker-compose up -d
|
||||||
|
|
||||||
|
.PHONY: down
|
||||||
|
down: clear ## Destroy the development environment
|
||||||
|
docker-compose down --volumes --remove-orphans --rmi local
|
||||||
|
|
||||||
test: bin/test/kube-apiserver bin/test/etcd
|
test: bin/test/kube-apiserver bin/test/etcd
|
||||||
@go test -v ./...
|
@go test -v ./...
|
||||||
|
|
||||||
|
5
NOTICE
@ -1,5 +0,0 @@
|
|||||||
CoreOS Project
|
|
||||||
Copyright 2018 CoreOS, Inc
|
|
||||||
|
|
||||||
This product includes software developed at CoreOS, Inc.
|
|
||||||
(http://www.coreos.com/).
|
|
@ -5,7 +5,7 @@
|
|||||||
[![go.dev reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/mod/github.com/dexidp/dex)
|
[![go.dev reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/mod/github.com/dexidp/dex)
|
||||||
[![Gitpod ready-to-code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod&style=flat-square)](https://gitpod.io/#https://github.com/dexidp/dex)
|
[![Gitpod ready-to-code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod&style=flat-square)](https://gitpod.io/#https://github.com/dexidp/dex)
|
||||||
|
|
||||||
![logo](Documentation/logos/dex-horizontal-color.png)
|
![logo](docs/logos/dex-horizontal-color.png)
|
||||||
|
|
||||||
Dex is an identity service that uses [OpenID Connect][openid-connect] to drive authentication for other apps.
|
Dex is an identity service that uses [OpenID Connect][openid-connect] to drive authentication for other apps.
|
||||||
|
|
||||||
@ -56,7 +56,7 @@ More docs for running dex as a Kubernetes authenticator can be found [here](http
|
|||||||
|
|
||||||
When a user logs in through dex, the user's identity is usually stored in another user-management system: a LDAP directory, a GitHub org, etc. Dex acts as a shim between a client app and the upstream identity provider. The client only needs to understand OpenID Connect to query dex, while dex implements an array of protocols for querying other user-management systems.
|
When a user logs in through dex, the user's identity is usually stored in another user-management system: a LDAP directory, a GitHub org, etc. Dex acts as a shim between a client app and the upstream identity provider. The client only needs to understand OpenID Connect to query dex, while dex implements an array of protocols for querying other user-management systems.
|
||||||
|
|
||||||
![](Documentation/img/dex-flow.png)
|
![](docs/img/dex-flow.png)
|
||||||
|
|
||||||
A "connector" is a strategy used by dex for authenticating a user against another identity provider. Dex implements connectors that target specific platforms such as GitHub, LinkedIn, and Microsoft as well as established protocols like LDAP and SAML.
|
A "connector" is a strategy used by dex for authenticating a user against another identity provider. Dex implements connectors that target specific platforms such as GitHub, LinkedIn, and Microsoft as well as established protocols like LDAP and SAML.
|
||||||
|
|
||||||
|
14
docker-compose.override.yaml.dist
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
mysql:
|
||||||
|
ports:
|
||||||
|
- "127.0.0.1:3306:3306"
|
||||||
|
|
||||||
|
postgres:
|
||||||
|
ports:
|
||||||
|
- "127.0.0.1:5432:5432"
|
||||||
|
|
||||||
|
etcd:
|
||||||
|
ports:
|
||||||
|
- "127.0.0.1:2379:2379"
|
@ -1,5 +1,6 @@
|
|||||||
# This docker-compose file provides quick setups for testing different storage backend options.
|
# This docker-compose file provides quick setups for testing different storage backend options.
|
||||||
version: "3.8"
|
version: "3.8"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
mysql:
|
mysql:
|
||||||
# For using percona-xtradb you need to make strict mode permissive with:
|
# For using percona-xtradb you need to make strict mode permissive with:
|
||||||
@ -15,8 +16,6 @@ services:
|
|||||||
MYSQL_USER: mysql
|
MYSQL_USER: mysql
|
||||||
MYSQL_PASSWORD: mysql
|
MYSQL_PASSWORD: mysql
|
||||||
MYSQL_ROOT_PASSWORD: root
|
MYSQL_ROOT_PASSWORD: root
|
||||||
ports:
|
|
||||||
- "127.0.0.1:3306:3306"
|
|
||||||
|
|
||||||
postgres:
|
postgres:
|
||||||
image: postgres:10.15
|
image: postgres:10.15
|
||||||
@ -24,16 +23,12 @@ services:
|
|||||||
POSTGRES_DB: dex
|
POSTGRES_DB: dex
|
||||||
POSTGRES_USER: postgres
|
POSTGRES_USER: postgres
|
||||||
POSTGRES_PASSWORD: postgres
|
POSTGRES_PASSWORD: postgres
|
||||||
ports:
|
|
||||||
- "127.0.0.1:5432:5432"
|
|
||||||
|
|
||||||
etcd:
|
etcd:
|
||||||
image: gcr.io/etcd-development/etcd:v3.4.9
|
image: gcr.io/etcd-development/etcd:v3.4.9
|
||||||
environment:
|
environment:
|
||||||
ETCD_LISTEN_CLIENT_URLS: http://0.0.0.0:2379
|
ETCD_LISTEN_CLIENT_URLS: http://0.0.0.0:2379
|
||||||
ETCD_ADVERTISE_CLIENT_URLS: http://0.0.0.0:2379
|
ETCD_ADVERTISE_CLIENT_URLS: http://0.0.0.0:2379
|
||||||
ports:
|
|
||||||
- "127.0.0.1:2379:2379"
|
|
||||||
|
|
||||||
# For testing the Kubernetes storage backend we suggest https://kind.sigs.k8s.io/:
|
# For testing the Kubernetes storage backend we suggest https://kind.sigs.k8s.io/:
|
||||||
# kind create cluster
|
# kind create cluster
|
||||||
|
Before Width: | Height: | Size: 88 KiB After Width: | Height: | Size: 88 KiB |
Before Width: | Height: | Size: 29 KiB After Width: | Height: | Size: 29 KiB |
Before Width: | Height: | Size: 21 KiB After Width: | Height: | Size: 21 KiB |
Before Width: | Height: | Size: 8.0 KiB After Width: | Height: | Size: 8.0 KiB |
Before Width: | Height: | Size: 1.4 KiB After Width: | Height: | Size: 1.4 KiB |
Before Width: | Height: | Size: 10 KiB After Width: | Height: | Size: 10 KiB |
Before Width: | Height: | Size: 1.5 KiB After Width: | Height: | Size: 1.5 KiB |
Before Width: | Height: | Size: 10 KiB After Width: | Height: | Size: 10 KiB |
Before Width: | Height: | Size: 1.5 KiB After Width: | Height: | Size: 1.5 KiB |
Before Width: | Height: | Size: 24 KiB After Width: | Height: | Size: 24 KiB |
Before Width: | Height: | Size: 4.0 KiB After Width: | Height: | Size: 4.0 KiB |
Before Width: | Height: | Size: 24 KiB After Width: | Height: | Size: 24 KiB |
Before Width: | Height: | Size: 4.0 KiB After Width: | Height: | Size: 4.0 KiB |
@ -6,7 +6,7 @@ issuer: http://127.0.0.1:5556/dex
|
|||||||
# The storage configuration determines where dex stores its state. Supported
|
# The storage configuration determines where dex stores its state. Supported
|
||||||
# options include SQL flavors and Kubernetes third party resources.
|
# options include SQL flavors and Kubernetes third party resources.
|
||||||
#
|
#
|
||||||
# See the storage document at Documentation/storage.md for further information.
|
# See the documentation (https://dexidp.io/docs/storage/) for further information.
|
||||||
storage:
|
storage:
|
||||||
type: sqlite3
|
type: sqlite3
|
||||||
config:
|
config:
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# Running a Dex gRPC client
|
# Running a Dex gRPC client
|
||||||
|
|
||||||
Using gRPC, a client application can directly call methods on a server application as if it was a local object. The schema for Dex's gRPC API calls is defined in [`api/api.proto`][api-proto]. [`client.go`][client] is an example client program that makes a bunch of API calls to the dex server. For further details on the Dex API refer [`Documentation/api.md`][api-docs].
|
Using gRPC, a client application can directly call methods on a server application as if it was a local object. The schema for Dex's gRPC API calls is defined in [`api/api.proto`][api-proto]. [`client.go`][client] is an example client program that makes a bunch of API calls to the dex server. For further details on the Dex API refer the [documentation][https://dexidp.io/docs/api/].
|
||||||
|
|
||||||
## Generating Credentials
|
## Generating Credentials
|
||||||
|
|
||||||
@ -60,4 +60,3 @@ Run the following command to destroy all the credentials files that were created
|
|||||||
```
|
```
|
||||||
[api-proto]: ../../api/api.proto
|
[api-proto]: ../../api/api.proto
|
||||||
[client]: client.go
|
[client]: client.go
|
||||||
[api-docs]: ../../Documentation/api.md
|
|
||||||
|