Skip to main content

Dex

Decentralized Exchange (DEX) is an open-source OpenID Connect (OIDC) Identity Provider (IdP) that functions as a connector between various authentication backends and applications, with a focus on Kubernetes and cloud-native environments (identity and access).

  • Acts as an OIDC IdP that issues ID tokens for client applications (identity and access).
  • Supports integration with external identity providers such as LDAP, Security Assertion Markup Language (SAML), and social login providers through pluggable connectors (identity federation).
  • Enables Single Sign-On (SSO) for Kubernetes clusters and other applications by delegating authentication to enterprise identity systems (access management).
  • Implements core Open Authorization 2.0 (OAuth 2.0) and OIDC flows for user authentication and token issuance (authentication protocols).
  • Designed for cloud-native deployment with containerized runtimes and Kubernetes-focused usage patterns (cloud-native infrastructure).

More About Dex

DEX is an open-source identity service that implements the OIDC IdP role (identity and access), targeting cloud-native platforms and Kubernetes-based environments. It operates as a translation layer between various authentication backends and applications that consume OIDC tokens. DEX focuses on delegating authentication to external identity providers and issuing standards-based tokens that applications and platforms can validate.

DEX supports a set of pluggable connectors (identity federation) that integrate with enterprise and internet identity systems. These connectors allow DEX to delegate user authentication to LDAP directories, SAML identity providers, and OAuth or OIDC providers operated by external services. DEX then converts the authenticated identity into OIDC ID tokens and, where relevant, refresh tokens that client applications use for session management and authorization decisions.

A primary usage pattern is Kubernetes cluster authentication (access management). DEX can be deployed within a cluster and used by kubectl, Kubernetes dashboards, and other cluster tools as the OIDC provider. In this configuration, Kubernetes validates ID tokens issued by DEX, while DEX itself authenticates users against an upstream enterprise IdP. This arrangement enables SSO across multiple clusters and applications while centralizing user credentials and policy in the upstream system.

Technically, DEX implements core OAuth 2.0 and OIDC (authentication protocols), including authorization code flows and token endpoints for client applications. It issues JSON Web Tokens (JWTs) that can be verified by relying parties using published public keys. DEX is typically configured via declarative configuration files that define connectors, static clients, and allowed redirect URIs, aligning with Infrastructure-as-Code (IaC) and GitOps workflows.

DEX is designed for deployment on container orchestration platforms (cloud-native infrastructure), especially Kubernetes. It is commonly run as a deployment with associated services and ingress resources, and it can store configuration and state in various backends depending on the deployment model. Its stateless design for most operations facilitates horizontal scaling and integration with existing observability, logging, and security tooling in cloud-native environments.

From a directory and taxonomy perspective, DEX fits into the identity and access management category, with emphasis on OIDC IdP functionality, identity federation to external providers, and support for Kubernetes and other cloud-native workloads that consume OIDC tokens for authentication.