New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Easier registration for first login #310
Comments
interesting. maybe "auto registration" for some connectors like this. |
As far as I can think, "register" is a bit of a strange action to perform for dex, as an IdP that's primarily concerned thus far with federated identity solutions, and an extra step for end users. Most OIDC clients I've used simply ask if you want to "Log in with google/facebook/github" and will never complain that you haven't explicitly clicked some "register with google/facebook/github" button first. It seems like an unnecessary step, especially from a user perspective. And as a someone who has recently set up dex in an admin capacity for the first time, it was a bit confusing when I realized that registration was not automatic. So "auto registration" seems to me like the sensible default upon successful AuthN, unless dex is extended to allow account management/creation (which may be planned already; I'm still getting used to the project). That's where I think registration makes a lot more sense. Without that, it's a bit of a confusing distinction. |
But dex is an IdP, not an OIDC Client - even though it acts as one sometimes.
If we added such a feature, I don't think it would be a good idea to make it a default, because existing installations who upgraded might accidentally get this turned on
In fact we have some of that in place already, though it is rudimentary. |
Right, so what I mean is that the clients of dex would have to be explicitly aware, and make their users aware, that there's a difference between your first time logging in with dex, and every other time logging in with dex, which is not a common distinction among OIDC Providers. So even if it's not the default, I think it's a desirable feature across all external identity management systems that dex can connect to. :-) |
This was brought up by @fnordahl in #178. For connectors that are implicitly more restrictive, can we have a better first login experience?
Consider adding additional connector options.
Logging in takes you to a page that asks you if you want to register. Clicking yes takes you back to relying party with an identity.
Logging in auto registers you:
The text was updated successfully, but these errors were encountered: