Skip to content

Latest commit

 

History

History
52 lines (49 loc) · 1.8 KB

dex.md

File metadata and controls

52 lines (49 loc) · 1.8 KB

Connecting Gangplank to Dex

Dex is a handy tool created by CoreOS that provides a common OIDC endpoint for multiple identity providers. To configure Gangplank to communicate with Dex some information will need to be collected from Dex. Following OIDC standard, Dex provides a URL where its OIDC configuration can be gathered. This URL is located at .well-known/openid-configuration. If Dex is configured with an Issuer URL of http://app.example.com its OpenID config can be found at http://app.example.com/.well-known/openid-configuration. An example of the OpenID Configuration provided by Dex:

{
  "issuer": "http://app.example.com",
  "authorization_endpoint": "http://app.example.com/auth",
  "token_endpoint": "http://app.example.com/token",
  "jwks_uri": "http:/app.example.com/keys",
  "response_types_supported": [
    "code"
  ],
  "subject_types_supported": [
    "public"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "scopes_supported": [
    "openid",
    "email",
    "groups",
    "profile",
    "offline_access"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "claims_supported": [
    "aud",
    "email",
    "email_verified",
    "exp",
    "iat",
    "iss",
    "locale",
    "name",
    "sub"
  ]
}

Using the Gangplank example Dex's authorization_endpoint can be used for authorize_url and token_endpoint can be used for token_url. The Dex configuration provides a list named claims_supported which can be chosen from when defining both username_claim and email_claim. The correct claim to use depends on the upstream identity provider that dex is configured for. client_id and client_secret are strings that can be any value, but they must match the Client ID and Secret in your Dex configuration.