Amazon Cognito
Customer identity and access management service for adding user sign-up, sign-in, and authentication to apps
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Federated OpenID Connect identity service with pluggable connectors
Dex is an identity service that uses OpenID Connect to provide federated authentication across LDAP, SAML, GitHub, Google, Active Directory, and more through pluggable connectors.
Dex is a federated identity service that implements OpenID Connect to drive authentication for applications and platforms. Instead of building authentication logic for multiple identity providers, applications authenticate once with dex, which then handles the complexity of connecting to upstream systems.
Dex acts as a portal to other identity providers through pluggable "connectors" that support LDAP servers, SAML providers, GitHub, Google, Active Directory, and many others. It issues signed ID Tokens—JSON Web Tokens (JWTs) containing standard claims about user identity, email, groups, and session metadata—that applications consume as service-to-service credentials.
Dex runs natively on Kubernetes using Custom Resource Definitions and integrates directly with the Kubernetes API server's OpenID Connect plugin, enabling cluster authentication through any supported identity provider. Clients like kubectl and kubernetes-dashboard can act on behalf of authenticated users. Beyond Kubernetes, systems including AWS STS already consume dex-issued ID Tokens, making it a versatile choice for organizations standardizing on OpenID Connect across heterogeneous infrastructure.
When teams consider Dex, these hosted platforms usually appear on the same shortlist.
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
Kubernetes Cluster Authentication
Users log in to Kubernetes via GitHub or Active Directory; kubectl and dashboard authenticate through dex-issued ID Tokens without managing multiple credential systems.
Multi-Cloud Identity Federation
Applications running on AWS and Kubernetes consume dex ID Tokens, enabling single sign-on across cloud providers using existing LDAP or SAML infrastructure.
Consolidating Social and Enterprise Logins
A SaaS platform offers login via Google, GitHub, and corporate LDAP; dex handles protocol differences while the app maintains one OpenID Connect integration.
Service-to-Service Authorization
Microservices validate dex-signed JWTs containing user identity and group membership, eliminating repeated calls to upstream identity providers for authorization decisions.
ID Tokens are signed JSON Web Tokens (JWTs) introduced by OpenID Connect. Dex issues them to attest to a user's identity, including claims like email, groups, and session metadata, enabling applications and services to trust user identity without querying upstream providers repeatedly.
LDAP, GitHub, GitLab, OpenID Connect, Google, LinkedIn, Microsoft, Bitbucket Cloud, OpenShift, Atlassian Crowd, Gitea, and OpenStack Keystone support refresh tokens. SAML and OAuth 2.0 connectors do not due to protocol limitations.
Yes. Dex runs natively on Kubernetes using Custom Resource Definitions and integrates with the API server's OpenID Connect plugin to authenticate users via any supported identity provider.
The SAML connector is marked stable but flagged as unmaintained and potentially vulnerable to authentication bypasses. Evaluate your risk tolerance and consider alternative connectors for production workloads.
No. Connectors like LinkedIn, Gitea, and AuthProxy do not support group claims. Check the connector table in the documentation to confirm feature support for your identity provider.
Project at a glance
ActiveLast synced 4 days ago
