# dexidp/dex **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/dexidp-dex).** 10,902 stars · 1,946 forks · Go · Apache-2.0 ## Links - GitHub: https://github.com/dexidp/dex - Homepage: https://dexidp.io - awesome-repositories: https://awesome-repositories.com/repository/dexidp-dex.md ## Topics `hacktoberfest` `identity-provider` `idp` `kubernetes` `oidc` ## Description Dex is an OpenID Connect provider and identity federation proxy that translates authentication signals from various upstream sources into a unified OpenID Connect interface. It functions as a multi-protocol identity broker, enabling client applications to implement a single standard while delegating user verification to external identity providers. The project distinguishes itself through a pluggable connector architecture that bridges disparate protocols including LDAP, SAML, and OAuth2. It provides specific integrations for services such as GitHub, Google, GitLab, and Microsoft, while offering the ability to normalize provider-specific attributes and resolve recursive group memberships into consistent identity tokens. The system covers broad capability areas including OAuth 2.0 client management, identity token issuance, and access filtering based on domains or group memberships. It also provides specialized gateway functionality for Kubernetes cluster authentication, mapping OIDC claims to Kubernetes identities for API server validation. Configuration and session state can be persisted across multiple backends, including SQL databases, etcd, or Kubernetes Custom Resource Definitions. ## Tags ### Security & Cryptography - [Identity Federation Providers](https://awesome-repositories.com/f/security-cryptography/identity-federation-providers.md) — Provides a system that enables authentication via external identity providers using standardized protocols to present a unified issuer. - [Identity Providers](https://awesome-repositories.com/f/security-cryptography/identity-providers.md) — Acts as a centralized identity provider that unifies various upstream authentication protocols into a single OIDC interface. ([source](https://cdn.jsdelivr.net/gh/dexidp/dex@master/README.md)) - [OpenID Connect Providers](https://awesome-repositories.com/f/security-cryptography/openid-connect-providers.md) — Translates various upstream authentication protocols like LDAP and SAML into a single OpenID Connect endpoint. - [OpenID Connect Token Validations](https://awesome-repositories.com/f/security-cryptography/bearer-token-authentication/openid-connect-token-validations.md) — Authorizes Kubernetes API requests by validating bearer tokens against an OpenID Connect issuer. ([source](https://dexidp.io/docs/guides/kubernetes/)) - [Claim Mapping](https://awesome-repositories.com/f/security-cryptography/custom-attribution-tracking/authentication-claims/claim-mapping.md) — Transforms provider-specific user attributes and group memberships into normalized claims for downstream applications. - [User Identity Verification](https://awesome-repositories.com/f/security-cryptography/identity-authentication/user-identity-verification.md) — Extracts user claims by validating the signature and expiration of bearer tokens from trusted clients. ([source](https://dexidp.io/docs/using-dex/)) - [Protocol Translation](https://awesome-repositories.com/f/security-cryptography/identity-federation-providers/protocol-translation.md) — Converts LDAP and SAML signals from identity providers into OpenID Connect tokens for client applications. ([source](https://cdn.jsdelivr.net/gh/dexidp/dex@master/README.md)) - [Identity Protocol Translation](https://awesome-repositories.com/f/security-cryptography/identity-protocol-translation.md) — Converts disparate identity signals from LDAP, SAML, and OAuth2 into standardized JSON Web Tokens. - [Kubernetes Identity Integration](https://awesome-repositories.com/f/security-cryptography/kubernetes-identity-integration.md) — Integrates OpenID Connect with the Kubernetes API server to enable cluster login via external identity providers. - [LDAP Search Bind](https://awesome-repositories.com/f/security-cryptography/ldap-authentication/ldap-search-bind.md) — Implements the search-then-bind authentication flow to verify user identities against an LDAP directory. ([source](https://dexidp.io/docs/connectors/ldap/)) - [Client Registrations](https://awesome-repositories.com/f/security-cryptography/oauth-2-0-authorization-flows/client-registrations.md) — Registers and manages client applications, redirect URIs, and secret credentials for secure authorization flows. - [OAuth 2.0 Authorization Servers](https://awesome-repositories.com/f/security-cryptography/oauth-2-0-authorization-servers.md) — Implements a full OAuth 2.0 authorization server to manage client registrations and grant access to protected resources. - [OAuth2 Client Management](https://awesome-repositories.com/f/security-cryptography/oauth2-client-management.md) — Provides tools for registering client applications and defining their allowed redirect URIs and secret credentials. ([source](https://dexidp.io/docs/)) - [OAuth2 Implementations](https://awesome-repositories.com/f/security-cryptography/oauth2-implementations.md) — Executes standard OAuth 2.0 authorization patterns and implicit flows to grant resource access. ([source](https://dexidp.io/docs/archive/v2/)) - [OIDC Identity Token Issuance](https://awesome-repositories.com/f/security-cryptography/oidc-identity-token-issuance.md) — Functions as an OIDC provider that issues signed identity tokens after verifying users via upstream flows. ([source](https://dexidp.io/docs/using-dex/)) - [OIDC Discovery Document Hosting](https://awesome-repositories.com/f/security-cryptography/oidc-identity-token-issuance/oidc-discovery-document-hosting.md) — Publishes standardized OpenID Connect discovery documents and public keys to automate client integration and token verification. - [SAML Authentication](https://awesome-repositories.com/f/security-cryptography/saml-authentication.md) — Implements SAML 2.0 HTTP POST binding to verify identities and map assertion attributes to profiles. ([source](https://dexidp.io/docs/connectors/saml/)) - [Single Sign-On](https://awesome-repositories.com/f/security-cryptography/single-sign-on.md) — Centralizes authentication for multiple applications by delegating user verification to a shared identity provider. - [Group Membership Enforcement](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/authorization-and-user-administration/access-control-authorization/group-membership-enforcement.md) — Validates user identity and access rights based on group membership filters provided by upstream identity sources. ([source](https://dexidp.io/docs/connectors/oidc/)) - [Identity Federation](https://awesome-repositories.com/f/security-cryptography/identity-federation.md) — Federates identities by querying OpenShift OAuth servers to retrieve user profiles and group memberships. ([source](https://dexidp.io/docs/connectors/openshift/)) - [Identity Provider Integrations](https://awesome-repositories.com/f/security-cryptography/identity-provider-integrations.md) — Integrates with OpenStack Keystone to verify user identities and synchronize group memberships. ([source](https://dexidp.io/docs/connectors/keystone/)) - [Claim Configuration](https://awesome-repositories.com/f/security-cryptography/identity-token-services/claim-configuration.md) — Controls which user attributes and scopes are included in the issued identity tokens. ([source](https://dexidp.io/docs/custom-scopes-claims-clients/)) - [Directory Search](https://awesome-repositories.com/f/security-cryptography/ldap-authentication/directory-search.md) — Enables locating user and group entries using configurable base DNs and search filters. ([source](https://dexidp.io/docs/connectors/ldap/)) - [Attribute Mappings](https://awesome-repositories.com/f/security-cryptography/ldap-services/attribute-mappings.md) — Provides configurations for linking internal user profile fields to standard LDAP directory attributes. ([source](https://dexidp.io/docs/connectors/ldap/)) - [LinkedIn Integrations](https://awesome-repositories.com/f/security-cryptography/oauth-authentication/linkedin-integrations.md) — Implements specific OAuth2 authentication and authorization flows for LinkedIn identity verification. ([source](https://dexidp.io/docs/connectors/linkedin/)) - [Proxy Token Issuance](https://awesome-repositories.com/f/security-cryptography/oidc-identity-token-issuance/proxy-token-issuance.md) — Issues internal identity tokens mapped to upstream provider credentials for peer application trust. ([source](https://dexidp.io/docs/custom-scopes-claims-clients/)) - [UserInfo Endpoints](https://awesome-repositories.com/f/security-cryptography/openid-connect-providers/userinfo-endpoints.md) — Queries the OIDC UserInfo endpoint to retrieve additional user claims that take priority over ID token claims. ([source](https://dexidp.io/docs/connectors/oidc/)) - [Proxy Authentication](https://awesome-repositories.com/f/security-cryptography/proxy-authentication.md) — Extracts user identities and group memberships from custom HTTP headers provided by an upstream proxy. ([source](https://dexidp.io/docs/connectors/authproxy/)) - [External Group Synchronization](https://awesome-repositories.com/f/security-cryptography/user-identity-management/identity-grouping/external-group-synchronization.md) — Populates group claims in identity tokens by retrieving organization and team memberships from GitHub. ([source](https://dexidp.io/docs/connectors/github/)) ### DevOps & Infrastructure - [API Server Authentication Plugins](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration/platforms/kubernetes-ecosystem/kubernetes-api-providers/api-server-authentication-plugins.md) — Enables the Kubernetes API server to authenticate requests via an external OIDC provider plugin. ([source](https://dexidp.io/docs/guides/kubernetes/)) - [Native Kubernetes Object Storage](https://awesome-repositories.com/f/devops-infrastructure/native-kubernetes-object-storage.md) — Maintains identity state using Custom Resource Definitions within a Kubernetes cluster. ([source](https://dexidp.io/docs/guides/kubernetes/)) ### Networking & Communication - [Identity](https://awesome-repositories.com/f/networking-communication/protocol-gateways/identity.md) — Federates multiple external identity sources and normalizes user claims into consistent identity tokens. - [Nested Group Memberships](https://awesome-repositories.com/f/networking-communication/communication-protocols-architectures/communication-paradigms/group-membership-management/nested-group-memberships.md) — Traverses nested group structures in LDAP and directory services to determine full user membership hierarchies. - [Header Field Mapping](https://awesome-repositories.com/f/networking-communication/proxy-headers/header-field-mapping.md) — Configures specific HTTP headers to supply user email and group lists from a proxy. ([source](https://dexidp.io/docs/connectors/authproxy/)) ### Software Engineering & Architecture - [Identity Connector Architectures](https://awesome-repositories.com/f/software-engineering-architecture/component-injection-systems/pluggable-component-architectures/identity-connector-architectures.md) — Implements a pluggable architecture to translate various upstream authentication protocols into a unified OpenID Connect interface. - [OIDC Claim Mapping](https://awesome-repositories.com/f/software-engineering-architecture/schema-metadata-utilities/metadata-validations/client-identity-verification/oidc-claim-mapping.md) — Transforms provider-specific user attributes and group memberships into normalized OIDC claims for downstream applications. ([source](https://dexidp.io/docs/connectors/oidc/)) - [OIDC Upstream Federation](https://awesome-repositories.com/f/software-engineering-architecture/identity-federation/enterprise-identity-provider-federations/oidc-upstream-federation.md) — Redirects users to an upstream OIDC provider and extracts identity claims through standard OAuth2 flows. ([source](https://dexidp.io/docs/connectors/oidc/)) - [etcd Metadata Stores](https://awesome-repositories.com/f/software-engineering-architecture/pluggable-backends/metadata-store-backends/etcd-metadata-stores.md) — Stores system configuration and session state in an etcd v3 cluster using custom namespaces and SSL. ([source](https://dexidp.io/docs/storage/)) ### Business & Productivity Software - [Group Membership Retrieval](https://awesome-repositories.com/f/business-productivity-software/google-workspace-integrations/group-membership-retrieval.md) — Retrieves Google Workspace group memberships using a service account and the Admin SDK Directory API. ([source](https://dexidp.io/docs/connectors/google/)) ### Data & Databases - [Identity Metadata Persistence](https://awesome-repositories.com/f/data-databases/identity-metadata-persistence.md) — Persists configuration and session data across relational databases or Kubernetes API resources. ([source](https://dexidp.io/docs/archive/v2/)) - [Pluggable Database Backends](https://awesome-repositories.com/f/data-databases/persistent-storage-backends/pluggable-database-backends.md) — Supports multiple database storage options, including SQL and etcd, for persisting system configuration and session state. - [SQLite or PostgreSQL Storage](https://awesome-repositories.com/f/data-databases/sqlite-drivers/sqlite-storage-adapters/sqlite-or-postgresql-storage.md) — Stores identity data in SQLite, Postgres, or MySQL with automatic database migrations. ([source](https://dexidp.io/docs/storage/)) ### System Administration & Monitoring - [OAuth 2.0 Provider Integrations](https://awesome-repositories.com/f/system-administration-monitoring/user-account-management/multi-user-account-systems/oauth-2-0-provider-integrations.md) — Connects to any standards-compliant OAuth 2.0 provider to authenticate users via a generic connector. ([source](https://dexidp.io/docs/connectors/oauth/))