Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add dex guide #21926

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add dex guide #21926

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
130 changes: 130 additions & 0 deletions content/guides/dex.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,130 @@
---
title: Mocking OAuth services in testing with Dex
description: &desc Mocking OAuth services in testing with Dex
keywords: Dex, container-supported development
linktitle: Mocking OAuth services with Dex
summary: *desc
tags: [app-dev, distributed-systems]
languages: []
params:
time: 10 minutes
---

Dex is an open-source OpenID Connect (OIDC) and OAuth 2.0 identity provider that can be configured to authenticate against various backend identity providers, such as LDAP, SAML, and OAuth. Running Dex in a Docker container allows developers to simulate an OAuth 2.0 server for testing and development purposes. This guide will walk you through setting up Dex as an OAuth mock server using Docker containers.

Check failure on line 13 in content/guides/dex.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'Dex'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'Dex'?", "location": {"path": "content/guides/dex.md", "range": {"start": {"line": 13, "column": 1}}}, "severity": "ERROR"}

Check warning on line 13 in content/guides/dex.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Docker.Acronyms] 'LDAP' has no definition.

Raw Output:
{"message": "[Docker.Acronyms] 'LDAP' has no definition.", "location": {"path": "content/guides/dex.md", "range": {"start": {"line": 13, "column": 168}}}, "severity": "WARNING"}

Check failure on line 13 in content/guides/dex.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'Dex'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'Dex'?", "location": {"path": "content/guides/dex.md", "range": {"start": {"line": 13, "column": 199}}}, "severity": "ERROR"}

Check failure on line 13 in content/guides/dex.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'Dex'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'Dex'?", "location": {"path": "content/guides/dex.md", "range": {"start": {"line": 13, "column": 357}}}, "severity": "ERROR"}

Nowadays OAuth is the preferred choice to authenticate in web services, the highest part of them give the possibility to access using popular OAuth services like Github, Google or Apple. Using OAuth guarantees a higher level of security and simplification since it is not necessary to create new profiles for each service. This means that, by allowing applications to access resources on behalf of users without sharing passwords, OAuth minimizes the risk of credential exposure.

Check failure on line 15 in content/guides/dex.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Vale.Terms] Use 'GitHub( Actions)?' instead of 'Github'.

Raw Output:
{"message": "[Vale.Terms] Use 'GitHub( Actions)?' instead of 'Github'.", "location": {"path": "content/guides/dex.md", "range": {"start": {"line": 15, "column": 163}}}, "severity": "ERROR"}

In this guide, you'll learn how to:

- Use Docker to launch up a Dex container.

Check failure on line 19 in content/guides/dex.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'Dex'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'Dex'?", "location": {"path": "content/guides/dex.md", "range": {"start": {"line": 19, "column": 29}}}, "severity": "ERROR"}
- Use mock OAuth in the local development without relying on an external OAuth provider.

## Using Dex with Docker

Check failure on line 22 in content/guides/dex.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'Dex'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'Dex'?", "location": {"path": "content/guides/dex.md", "range": {"start": {"line": 22, "column": 10}}}, "severity": "ERROR"}

The official [Docker image for Dex](https://hub.docker.com/r/dexidp/dex/) provides a convenient way to deploy and manage Dex instances. Dex is available for various CPU architectures, including amd64, armv7, and arm64, ensuring compatibility with different devices and platforms. You can learn more about Dex standalone on the [Dex docs site](https://dexidp.io/docs/getting-started/).

Check failure on line 24 in content/guides/dex.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'Dex'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'Dex'?", "location": {"path": "content/guides/dex.md", "range": {"start": {"line": 24, "column": 32}}}, "severity": "ERROR"}

Check failure on line 24 in content/guides/dex.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'Dex'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'Dex'?", "location": {"path": "content/guides/dex.md", "range": {"start": {"line": 24, "column": 122}}}, "severity": "ERROR"}

Check failure on line 24 in content/guides/dex.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'Dex'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'Dex'?", "location": {"path": "content/guides/dex.md", "range": {"start": {"line": 24, "column": 137}}}, "severity": "ERROR"}

### Prerequisites

[Docker Compose](https://docs.docker.com/compose/): Recommended for managing multi-container Docker applications.

### Setting Up Dex with Docker

Begin by creating a directory for your Dex project:

```bash
mkdir dex-mock-server
cd dex-mock-server
```
Organize your project with the following structure:

```bash
dex-mock-server/
├── config.yaml
└── docker-compose.yaml
```

Create the Dex Configuration File:

The config.yaml file defines Dex's settings, including connectors, clients, and storage. For a mock server setup, you can use the following minimal configuration:

```yaml
# config.yaml
issuer: http://localhost:5556/dex
storage:
type: memory
web:
http: 0.0.0.0:5556
staticClients:
- id: example-app
redirectURIs:
- 'http://localhost:5555/callback'
name: 'Example App'
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
enablePasswordDB: true
staticPasswords:
- email: "[email protected]"
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
username: "admin"
userID: "1234"
```

Explanation:

- issuer: The public URL for Dex.

Check warning on line 73 in content/guides/dex.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Docker.URLFormat] Use 'URL of' instead of 'URL for'.

Raw Output:
{"message": "[Docker.URLFormat] Use 'URL of' instead of 'URL for'.", "location": {"path": "content/guides/dex.md", "range": {"start": {"line": 73, "column": 22}}}, "severity": "WARNING"}

- storage: Using in-memory storage for simplicity.

- web: Dex will listen on port 5556.

- staticClients: Defines a client application (example-app) with its redirect URI and secret.

- enablePasswordDB: Enables static password authentication.

- staticPasswords: Defines a static user for authentication. The hash is a bcrypt hash of the password.

> Note: Ensure the hash is a valid bcrypt hash of your desired password. You can generate this using tools like [bcrypt-generator.com](https://bcrypt-generator.com/)
or use CLI tools like [htpasswd](https://httpd.apache.org/docs/2.4/programs/htpasswd.html) like in this following example:
```bash
echo password | htpasswd -BinC 10 admin | cut -d: -f2
```

Running Dex

With Docker Compose configured, start Dex:

```yaml
# docker-compose.yaml

services:
dex:
image: dexidp/dex:latest
container_name: dex
ports:
- "5556:5556"
volumes:
- ./config.yaml:/etc/dex/config.yaml
command: ["dex", "serve", "/etc/dex/config.yaml"]
```

Now it is possible to run the container using `docker compose` command.
```bash
docker compose up -d
```

This command will download the Dex Docker image (if not already available) and start the container in detached mode.


To Verify that Dex is running, check the logs to ensure Dex started successfully:

```bash
docker-compose logs -f dex
```
You should see output indicating that Dex is listening on the specified port.

Testing the OAuth Flow
Prepare a Test Application:

To test the OAuth flow, you'll need a client application configured to authenticate against Dex. Dex provides an example app that you can use for this purpose.

Clone the Dex Repository:

Loading