dex/README.md

dex - A federated OpenID Connect provider

Dex is an OpenID Connect server that allows users to login through upstream identity providers. Clients use a standards-based OAuth2 flow to login users, while the actual authentication is performed by established user management systems such as Google, GitHub, FreeIPA, etc.

OpenID Connect is a flavor of OAuth that builds on top of OAuth2 using the JOSE standards. This allows dex to provide:

• Short-lived, signed tokens with standard fields (such as email) issued on behalf of users.
• "well-known" discovery of OAuth2 endpoints.
• OAuth2 mechanisms such as refresh tokens and revocation for long term access.
• Automatic signing key rotation.

Standards-based token responses allows applications to interact with any OpenID Connect server instead of writing backend specific "access_token" dances. Systems that can already consume ID Tokens issued by dex include:

• Kubernetes
• Amazon STS

Documentation

• Getting started
• Storage options
• Intro to OpenID Connect
• gRPC API
• Identity provider logins (coming soon!)
• Client libraries (coming soon!)