dex

Dex is a Go service that sits in the middle of the login process for your applications. Instead of building separate login integrations for GitHub, Google, LDAP, Active Directory, and so on, your app makes a single connection to Dex, and Dex handles talking to whichever identity system is actually storing the users.

The core idea is that Dex speaks one language outward (OpenID Connect, a widely supported standard for user authentication) and many languages inward. Those inward connections are called connectors. Dex ships with connectors for LDAP directories, SAML providers, GitHub, GitLab, Google, Microsoft, LinkedIn, Bitbucket, Atlassian Crowd, Gitea, OpenShift, OpenStack Keystone, and others. When a user logs in, Dex contacts the appropriate connector, verifies the user against that backend, and then issues an ID Token to your application.

An ID Token is a signed JSON document that says who the user is, when the token was issued, and when it expires. Because these tokens are digitally signed by Dex and follow the OpenID Connect standard, other systems can trust and consume them without contacting Dex again. Kubernetes is a prominent example: Dex can be wired into a Kubernetes cluster so that developers authenticate against whatever existing identity provider an organization already uses.

Dex is designed to be deployed inside infrastructure you control, rather than as a third-party cloud service. It runs natively on Kubernetes using Custom Resource Definitions, and it stores client configurations and connector settings in a database you manage.

The project is part of the Cloud Native Computing Foundation ecosystem. Documentation, configuration guides, and setup instructions are at dexidp.io.