dex

module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 3, 2015 License: Apache-2.0

README

dex

Docker Repository on Quay.io

dex is a federated identity management service. It provides OpenID Connect (OIDC) to users, and can proxy to multiple remote identity providers (IdP) to drive actual authentication, as well as managing local username/password credentials.

We named the project 'dex' because it is a central index of users that other pieces of software can authenticate against.

Architecture

dex consists of multiple components:

  • dex-worker is the primary server component of dex
    • host a user-facing API that drives the OIDC protocol
    • proxy to remote identity providers via "connectors"
    • provides an API for administrators to manage users.
  • dex-overlord is an auxiliary process responsible for various administrative tasks:
    • rotation of keys used by the workers to sign identity tokens
    • garbage collection of stale data in the database
    • provides an API for bootstrapping the system.
  • dexctl is a CLI tool used to manage a dex deployment
    • configure identity provider connectors
    • administer OIDC client identities
  • database; a database is used to for persistent storage for keys, users, OAuth sessions and other data. Currently Postgres is the only supported database.

A typical dex deployment consists of N dex-workers behind a load balanacer, and one dex-overlord. The dex-workers directly handle user requests, so the loss of all workers can result in service downtime. The single dex-overlord runs its tasks periodically, so it does not need to maintain 100% uptime.

Who Should Use Dex?

**TODO**

Similar Software

**TODO**

Connectors

Remote IdPs could implement any auth-N protocol. Connectors contain protocol-specific logic and are used to communicate with remote IdPs. Possible examples of connectors could be: OIDC, LDAP, Local credentials, Basic Auth, etc.

dex ships with an OIDC connector, useful for authenticating with services like Google and Salesforce (or even other dex instances!) and a "local" connector, in which dex itself presents a UI for users to authenticate via dex-stored credentials.

Future connectors can be developed and added as future interoperability requirements emerge.

Relevant Specifications

These specs are referenced and implemented to some degree in the jose package of this project.

OpenID Connect (OIDC) is broken up into several specifications. The following (amongst others) are relevant:

Example OIDC Discovery Endpoints

Next steps:

If you want to try out dex quickly with a single process and no database (do not run this way in production!) take a look at the dev guide.

For running the full stack check out the getting started guide.

Coming Soon

  • Multiple backing Identity Providers
  • Identity Management
  • Authorization

Directories

Path Synopsis
Godeps
_workspace/src/code.google.com/p/go-uuid/uuid
The uuid package generates and inspects UUIDs.
The uuid package generates and inspects UUIDs.
_workspace/src/github.com/PuerkitoBio/goquery
Package goquery implements features similar to jQuery, including the chainable syntax, to manipulate and query an HTML document.
Package goquery implements features similar to jQuery, including the chainable syntax, to manipulate and query an HTML document.
_workspace/src/github.com/andybalholm/cascadia
The cascadia package is an implementation of CSS selectors.
The cascadia package is an implementation of CSS selectors.
_workspace/src/github.com/go-gorp/gorp
Package gorp provides a simple way to marshal Go structs to and from SQL databases.
Package gorp provides a simple way to marshal Go structs to and from SQL databases.
_workspace/src/github.com/gorilla/handlers
Package handlers is a collection of handlers (aka "HTTP middleware") for use with Go's net/http package (or any framework supporting http.Handler).
Package handlers is a collection of handlers (aka "HTTP middleware") for use with Go's net/http package (or any framework supporting http.Handler).
_workspace/src/github.com/julienschmidt/httprouter
Package httprouter is a trie based high performance HTTP request router.
Package httprouter is a trie based high performance HTTP request router.
_workspace/src/github.com/kylelemons/godebug/diff
Package diff implements a linewise diff algorithm.
Package diff implements a linewise diff algorithm.
_workspace/src/github.com/kylelemons/godebug/pretty
Package pretty pretty-prints Go structures.
Package pretty pretty-prints Go structures.
_workspace/src/github.com/lib/pq
Package pq is a pure Go Postgres driver for the database/sql package.
Package pq is a pure Go Postgres driver for the database/sql package.
_workspace/src/github.com/lib/pq/listen_example
Below you will find a self-contained Go program which uses the LISTEN / NOTIFY mechanism to avoid polling the database while waiting for more work to arrive.
Below you will find a self-contained Go program which uses the LISTEN / NOTIFY mechanism to avoid polling the database while waiting for more work to arrive.
_workspace/src/github.com/lib/pq/oid
Package oid contains OID constants as defined by the Postgres server.
Package oid contains OID constants as defined by the Postgres server.
_workspace/src/github.com/mailgun/mailgun-go
The mailgun package provides methods for interacting with the Mailgun API.
The mailgun package provides methods for interacting with the Mailgun API.
_workspace/src/github.com/mbanzon/simplehttp
Package simplehttp provides some simple methods and types to do HTTP queries with form values and parameters easily - especially if the returned result is expected to be JSON or XML.
Package simplehttp provides some simple methods and types to do HTTP queries with form values and parameters easily - especially if the returned result is expected to be JSON or XML.
_workspace/src/github.com/rubenv/sql-migrate
SQL Schema migration tool for Go.
SQL Schema migration tool for Go.
_workspace/src/golang.org/x/crypto/bcrypt
Package bcrypt implements Provos and Mazières's bcrypt adaptive hashing algorithm.
Package bcrypt implements Provos and Mazières's bcrypt adaptive hashing algorithm.
_workspace/src/golang.org/x/crypto/blowfish
Package blowfish implements Bruce Schneier's Blowfish encryption algorithm.
Package blowfish implements Bruce Schneier's Blowfish encryption algorithm.
_workspace/src/golang.org/x/net/html
Package html implements an HTML5-compliant tokenizer and parser.
Package html implements an HTML5-compliant tokenizer and parser.
_workspace/src/golang.org/x/net/html/atom
Package atom provides integer codes (also known as atoms) for a fixed set of frequently occurring HTML strings: tag names and attribute keys such as "p" and "id".
Package atom provides integer codes (also known as atoms) for a fixed set of frequently occurring HTML strings: tag names and attribute keys such as "p" and "id".
_workspace/src/golang.org/x/net/html/charset
Package charset provides common text encodings for HTML documents.
Package charset provides common text encodings for HTML documents.
_workspace/src/google.golang.org/api/googleapi
Package googleapi contains the common code shared by all Google API libraries.
Package googleapi contains the common code shared by all Google API libraries.
_workspace/src/google.golang.org/api/googleapi/internal/uritemplates
Package uritemplates is a level 4 implementation of RFC 6570 (URI Template, http://tools.ietf.org/html/rfc6570).
Package uritemplates is a level 4 implementation of RFC 6570 (URI Template, http://tools.ietf.org/html/rfc6570).
_workspace/src/google.golang.org/api/googleapi/transport
Package transport contains HTTP transports used to make authenticated API requests.
Package transport contains HTTP transports used to make authenticated API requests.
_workspace/src/gopkg.in/gorp.v1
Package gorp provides a simple way to marshal Go structs to and from SQL databases.
Package gorp provides a simple way to marshal Go structs to and from SQL databases.
package admin provides an implementation of the API described in auth/schema/adminschema.
package admin provides an implementation of the API described in auth/schema/adminschema.
cmd
genconfig
genconfig generates boilerplate configuration/registration code.
genconfig generates boilerplate configuration/registration code.
DO NOT EDIT: This file was auto-generated by "go generate" To regenerate run:
DO NOT EDIT: This file was auto-generated by "go generate" To regenerate run:
db
DO NOT EDIT: This file was auto-generated by "go generate" To regenerate run:
DO NOT EDIT: This file was auto-generated by "go generate" To regenerate run:
examples
app
cli
functional
pkg
log
net
adminschema
Package adminschema provides access to the Dex Admin API.
Package adminschema provides access to the Dex Admin API.
workerschema
Package workerschema provides access to the Dex API.
Package workerschema provides access to the Dex API.
api

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL