Set Up Authentication Using the Default Dex Identity Provider
With GoodData Cloud Native (GoodData.CN), you can use Dex, a built-in OpenID Connect (OIDC) Identity Provider that can store user credentials. Dex is used by default if you do not set up your own OIDC Identity Provider (such as Okta or Auth0).
Do Not Use In Production Environment
We do not recommend using Dex in production environments managing sensitive or confidential data. The API provided for interacting with Dex exposes the entire user list stored in Dex. This means that users can see all the users that are part of their organization, as well as users that are not part of their organization. If you have multiple organizations or want to reduce the risk of data leaking, we recommend you use your own OIDC Identity Provider.
Dex does not require any additional configuration. Once you have deployed GoodData.CN, Dex is ready to be used.
Note
When managing users in Dex, you will have to provide the $BOOTSTRAP_API_TOKEN.
Create a User in Dex
To create a user in Dex, submit a POST request to /api/v1/auth/users.
curl -H "Authorization: Bearer $BOOTSTRAP_API_TOKEN" \
-H "Content-type: application/json" -d '{"email": "boss@alpha.example.com",
"password": "123456", "displayName": "John Doe"}' --request POST \
$HOST_URL/api/v1/auth/users
The user is created, and the following JSON object with the user’s properties is returned:
{
"email": "boss@alpha.example.com",
"password": null,
"displayName": "John Doe",
"authenticationId": "CiQ0YWFiZmIzNy03MTNiLTQyNWYtODZhMy0yNmFlNmM1ZjYwNDMSBWxvY2Fs"
}
Once the user has been created, map the user to your Organization. You are going to need the value of the authenticationId property for mapping the user, therefore copy this value from the returned JSON object.
Update a User in Dex
To update a user, submit a PUT request to /api/v1/auth/users/{:email}.
curl -H "Authorization: Bearer $BOOTSTRAP_API_TOKEN" \
-H "Content-type: application/json" -d '{"email": "boss@alpha.example.com",
"password": "Bett3rPa$$w0rd", "displayName": "John Doe"}' --request PUT \
$HOST_URL/api/v1/auth/users/boss@alpha.example.com
This API request changes the current password of the user with the email boss@alpha.example.com to the one that you have provided in the request.
Note
You cannot update a user’s authenticationId property. It is automatically generated when the user is being created and is immutable.
Other Available Operations
In addition to creating and updating a user, you can also do the following actions:
List all users - submit a
GETrequest to/api/v1/auth/users.Important
This request returns all of the users in Dex, independent of their organization.
View a user - submit a
GETrequest to/api/v1/auth/users/{:email}.Delete a user - submit a
DELETErequest to/api/v1/auth/users/{:email}This request deletes the user’s credentials, which prevents the user from being able to log in, but does not delete the user from the system. To delete the user completely, you need to also delete the user’s mapping.
For more information, see the API documentation.