Eric Chiang
Eric Chiang
> Is the goal just to reduce external dependencies? Yep!
If this proposal is only about granting groups to static users, I'm against it. We're trying really hard to make sure dex isn't a user management system and the static...
I think a pluggable connector for out-of-tree development would be great. Committing to an interface is probably the biggest design hurdle here.
Out of curiosity, what provider are you trying to hook into? My general experience is that making things pluggable is good but also doesn't magically produce more development. It'd be...
For some background, dex is committed to not becoming an user management or authorization solution. That's why so many of the "local" user objects are so underdeveloped. If we could...
Quick point: we haven't committed to a gRPC interface so it's _way_ too early to be digging into the implementation. As we've hit with Kubernetes, making an internal interface external...
> The gRPC Interface should be just an other connector similar to an ldap connector, which connects to our IDP. Our IDP stores all the necessary information about the user...
If it reduces the number of people asking for user management in dex, I'd be open to exposing a gRPC interface for sending a username and password. I will note...
If someone wants to send a SCIM or gRPC PR I'm happy to review it.
Since dex is auth-n and opa is auth-z, I'd rather add more data to the token and have whatever's consuming the tokens continue to enforce the policy. (See https://github.com/dexidp/dex/issues/1371#issuecomment-453671831) However...