dex icon indicating copy to clipboard operation
dex copied to clipboard

Published 20 hours ago verified publisher icon dexidp

Whitelist email domains per connector

Open lennartack opened this issue 11 months ago • 1 comments

Preflight Checklist

  • [X] I agree to follow the Code of Conduct that this project adheres to.
  • [X] I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

When we have multiple connectors we sometimes want to restrict the email claims that each connector is allowed to make. For example, suppose you have a connector for a company example.com and a company example.net. You don't want admins of example.com to be able to impersonate users from example.net.

This was worked on before (https://github.com/dexidp/dex/issues/66) but unfortunately abandoned.

Proposed Solution

Add an option to each connector type to give a whitelist of allowed email domains. For example:

connectors:
- type: oidc
  id: example
  name: Example
  config:
    issuer: https://example.com
    emailDomains:
    - example.com
    - example.org

Alternatives Considered

No response

Additional Information

If you are interested in this feature we are willing to create a pull request. However, I don't quite understand why the previous project was abandoned so I'd like to know what the issues are first.

lennartack avatar Mar 06 '24 11:03 lennartack