Dex

Dex is an identity service that uses OpenID Connect to authenticate users for other apps. It sits in front of upstream identity providers and lets client apps talk to one OIDC endpoint instead of handling LDAP, SAML, GitHub, Google, or Active Directory directly.

It issues signed ID Tokens as OAuth2 responses, with standard claims such as issuer, subject, audience, expiry, email, groups, and name. Dex can act as a Kubernetes authenticator, and clients such as kubelogin and kubectl can use it for cluster login. It runs natively on Kubernetes using Custom Resource Definitions.

Dex is a single Go binary, licensed under Apache 2.0, with connectors marked stable, beta, or alpha. Connectors include GitHub, GitLab, LinkedIn, Microsoft, Google, LDAP, and SAML, and where the backend allows it Dex can issue refresh tokens and return group membership claims. Clients write their authentication logic once against Dex and let it handle each backend protocol.