dexidp/dex

Description: OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors

View on GitHub ↗Jump to charts ↓

Summary Information

Updated 41 minutes ago
Added to GitGenius on July 10th, 2026
Created on August 17th, 2015
Open Issues & Pull Requests: 507 (+0)
Number of forks: 1,952
Total Stargazers: 10,958 (+1)
Total Subscribers: 166 (+0)

Issue Activity (beta)

Open issues: 104
New in 7 days: 1
Closed in 7 days: 0
Avg open age: 910 days
Stale 30+ days: 96
Stale 90+ days: 72

Recent activity

Opened in 7 days: 1
Closed in 7 days: 0
Comments in 7 days: 0
Events in 7 days: 0

Top labels

  • help wanted (16)
  • kind/enhancement (7)
  • area/connector (5)
  • area/usability (4)
  • kind/bug (4)
  • area/security (3)
  • good first issue (2)
  • kind/documentation (2)

Most active issues this week

Repository Insights (GitGenius)

Median issue/PR response: 3.1 days
Mean response time: 82.7 days
90th percentile: 215.9 days
Tracked items: 168

Most active contributors

Detailed Description

Dex is a federated OpenID Connect provider and OAuth 2.0 identity service written in Go that enables applications to authenticate users through a unified interface while delegating to various upstream identity providers. The project serves as an identity portal that abstracts away the complexity of multiple authentication protocols, allowing client applications to implement authentication logic once against dex rather than integrating with each backend identity system individually.

The core functionality of dex centers on issuing ID Tokens, which are JSON Web Tokens signed by dex that attest to a user's identity as part of the OAuth2 response. These tokens contain standard claims including which client application performed the login, token expiration time, and user identity information. Because these tokens are cryptographically signed and standards-based, they can be consumed directly by other services as service-to-service credentials, with explicit support for integration with Kubernetes API server authentication and AWS STS.

Dex's architecture relies on pluggable connectors that implement various authentication protocols and integrate with specific identity providers. The project includes connectors for LDAP directories, SAML providers, and established platforms including GitHub, Google, LinkedIn, Microsoft, GitLab, Bitbucket Cloud, Gitea, OpenShift, Atlassian Crowd, and OpenStack Keystone. Additionally, dex provides generic connectors for OpenID Connect and OAuth 2.0 providers, enabling integration with services like Salesforce and Azure. Each connector has different capabilities regarding refresh token support, group membership claims, and preferred username claims, with statuses ranging from stable to alpha depending on testing and maintenance levels.

Dex has particular relevance for Kubernetes environments, where it runs natively using Custom Resource Definitions and can drive API server authentication through the OpenID Connect plugin. This enables kubectl and tools like kubelogin to authenticate users against any identity provider that dex supports, providing a flexible authentication layer for Kubernetes clusters.

The project maintains active development with continuous integration workflows and holds OpenSSF Best Practices certification and a strong OpenSSF Scorecard rating. The repository is licensed under the Apache License, Version 2.0 and is part of the Cloud Native Computing Foundation ecosystem. Documentation is comprehensive and available at dexidp.io, covering getting started guides, configuration details, and usage patterns. The project maintains an ADOPTERS.md file documenting companies and projects using dex in production. Community support is available through the CNCF Slack channel #dexidp and GitHub discussions, with a formal security policy in place for vulnerability reporting.

dex
by
dexidpdexidp/dex

Repository Details

Fetching additional details & charts...