Archived

Forked Dex to convert GitHub usernames to lowercase

This repository has been archived on 2023-08-14. You can view files and clone it, but cannot push or open issues or pull requests.

Go to file

Eric Chiang 8b8c076ecf Documentation: clarify difference between LDAP ports and security guarantees Now that LDAP supports an `insecureSkipVerify` option, clarify that `insecureNoTLS` is an extremely bad choice and as such we may drop support for 389 in the future. However, since we send plain text passwords from our frontend to our backend, this probably gets us into a bigger conversation about dex's TLS story. For example when terminiation is approporate. cc'ing @dghubble for thoughts on how that might apply to our internal uses. We probably want an overaching security doc at some point, but that can be another PR.		2016-11-23 12:26:44 -08:00
api	api: adding a gRPC call for listing passwords.	2016-11-17 16:56:54 -08:00
cmd	cmd/dex: validate that connectors have an ID.	2016-11-15 11:39:45 -07:00
connector	*: add tests for the RefreshConnector	2016-11-22 12:53:46 -08:00
Documentation	Documentation: clarify difference between LDAP ports and security guarantees	2016-11-23 12:26:44 -08:00
examples	Fix Google OIDC callback url	2016-11-21 10:25:16 -08:00
scripts	*: travis tests and build scripts should use Go 1.7.3.	2016-11-03 12:28:53 -07:00
server	*: add tests for the RefreshConnector	2016-11-22 12:53:46 -08:00
storage	api: adding a gRPC call for listing passwords.	2016-11-17 16:56:54 -08:00
vendor	vendor: revendor	2016-11-03 15:24:47 -07:00
version	*: determine version from git	2016-08-09 14:38:09 -07:00
web/templates	*: rename internally used "state" form value to "req"	2016-10-27 10:26:01 -07:00
.gitignore	*: prepare build scripts for a release	2016-10-05 23:43:44 -07:00
.travis.yml	*: travis tests and build scripts should use Go 1.7.3.	2016-11-03 12:28:53 -07:00
DCO	*: add DCO and LICENSE	2016-10-13 11:33:32 -07:00
Dockerfile	Dockerfile: add OpenSSL to Docker container	2016-11-14 17:25:19 -08:00
glide_test.go	initial commit	2016-07-26 15:51:24 -07:00
glide.lock	*: switch to github.com/ghodss/yaml for more consistent YAML parsing	2016-11-03 14:39:32 -07:00
glide.yaml	glide.yaml: add new yaml package	2016-11-03 15:24:35 -07:00
LICENSE	*: add DCO and LICENSE	2016-10-13 11:33:32 -07:00
Makefile	*: build aci at the correct path including version, OS, and arch	2016-10-14 14:29:22 -07:00
README.md	*: document the GitHub connector	2016-11-22 12:53:46 -08:00

README.md

dex - A federated OpenID Connect provider

Dex is an OpenID Connect server that allows users to login through upstream identity providers. Clients use a standards-based OAuth2 flow to login users, while the actual authentication is performed by established user management systems such as Google, GitHub, FreeIPA, etc.

OpenID Connect is a flavor of OAuth that builds on top of OAuth2 using the JOSE standards. This allows dex to provide:

Short-lived, signed tokens with standard fields (such as email) issued on behalf of users.
"well-known" discovery of OAuth2 endpoints.
OAuth2 mechanisms such as refresh tokens and revocation for long term access.
Automatic signing key rotation.

Standards-based token responses allows applications to interact with any OpenID Connect server instead of writing backend specific "access_token" dances. Systems that can already consume ID Tokens issued by dex include:

Documentation

Getting started
What's new in v2
Storage options
Intro to OpenID Connect
gRPC API
Identity provider logins
- LDAP
- GitHub
Client libraries
- Go

Getting help

For bugs and feature requests (including documentation!), file an issue.
For general discussion about both using and developing dex, join the dex-dev mailing list.
For more details on dex development plans, check out the GitHub milestones.