You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Background... my company has been using Dex w/ ArgoCD to talk to GitHub for a while (it's great). We were about to set up Dex for Argo Workflows to use the ArgoCD Dex instance. One of the steps involves creating a client secret. Since Dex is the thing that owns the secret, it seemed like the right place to ask "what should a client secret look like".
From my perspective, I was pretty sure that client secrets can be truly arbitrary, but it'd be nice if something was clear about this and maybe offered suggestions / best practices...
A great way to generate a secure secret is to use a cryptographically-secure library to generate a 256-bit value and then convert it to a hexadecimal representation.
Anyway, it'd be nice if there was a page in the docs that talked about client secrets.
Afaict, there are basically three sections in the docs right now:
And it feels like there's effectively an entire missing section.
Not everyone who comes to Dex will be starting from the perspective of "I'm setting up an OAuth thing and I know all about OAuth". We certainly weren't, we came in as "we have a Dex and want to add one more connection for it".
The text was updated successfully, but these errors were encountered:
Background... my company has been using Dex w/ ArgoCD to talk to GitHub for a while (it's great). We were about to set up Dex for Argo Workflows to use the ArgoCD Dex instance. One of the steps involves creating a client secret. Since Dex is the thing that owns the secret, it seemed like the right place to ask "what should a client secret look like".
We were trying to follow this guide for setting things up: https://argoproj.github.io/argo-workflows/argo-server-sso-argocd/ but we couldn't find anything that explained what a secret should look like.
I went to https://dexidp.io/docs/ and couldn't find anything that covered this.
From my perspective, I was pretty sure that client secrets can be truly arbitrary, but it'd be nice if something was clear about this and maybe offered suggestions / best practices...
oauth.com offers:
Anyway, it'd be nice if there was a page in the docs that talked about client secrets.
Afaict, there are basically three sections in the docs right now:
And it feels like there's effectively an entire missing section.
Not everyone who comes to Dex will be starting from the perspective of "I'm setting up an OAuth thing and I know all about OAuth". We certainly weren't, we came in as "we have a Dex and want to add one more connection for it".
The text was updated successfully, but these errors were encountered: