Building the dex binary
To build dex from source code, install a working Go environment with version 1.19 or greater according to the
official documentation .
Then clone the repository and use
make to compile the dex binary.
$ git clone https://github.com/dexidp/dex.git $ cd dex/ $ make build
Dex exclusively pulls configuration options from a config file. Use the
example config file found in the
examples/ directory to start an instance of dex with a sqlite3 data store, and a set of predefined OAuth2 clients.
./bin/dex serve examples/config-dev.yaml
The example config file documents many of the configuration options through inline comments. For extra config options, look at that file.
Running a client
Dex operates like most other OAuth2 providers. Users are redirected from a client app to dex to login. Dex ships with an example client app (built with the
make examples command), for testing and demos.
By default, the example client is configured with the same OAuth2 credentials defined in
examples/config-dev.yaml to talk to dex. Running the example app will cause it to query dex’s
discovery endpoint and determine the OAuth2 endpoints.
Login to dex through the example app using the following steps.
- Navigate to the example app at http://localhost:5555/ in your browser.
- Hit “login” on the example app to be redirected to dex.
- Choose an option to authenticate:
- “Login with Example” to use mocked user data.
- “Login with Email” to fill the form with static user credentials
- Approve the example app’s request.
- See the resulting token the example app claims from dex.
Dex is generally used as a building block to drive authentication for other apps. See “Writing apps that use Dex” for an overview of instrumenting apps to work with dex.
For a primer on using LDAP to back dex’s user store, see the OpenLDAP “Getting started” example.
Check out the Documentation directory for further reading on setting up different storages, interacting with the dex API, intros for OpenID Connect, and logging in through other identity providers such as Google, GitHub, or LDAP.