search

dexidp / dex

OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors
https://dexidp.io
Apache License 2.0
9.41k stars 1.69k forks source link

Handle GET / better #857

Open ericchiang opened 7 years ago

ericchiang commented 7 years ago

Right now we 404 which is a bad UX for users of dex. Maybe we could provide a default redirect?

jValdron commented 2 years ago

+1

We use Dex to front a few applications and we back it with AWS SSO. AWS SSO provides a user portal, which then has links to all the apps you have access to. When we grant access to Dex, they get a link to it, and when they click on it, it goes to Dex which just returns a 404. Suffice to say, we get questions about this often because people don't realize they have to navigate to apps X and Y in order to initiate anything and that Dex doesn't do anything on its own.

This is my current solution for our Kubernetes based deployment (using Kustomize). It's nothing fancy, and requires an additional pod, but better than a 404:

kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component

resources:
  - deployment.yaml
  - service.yaml

patches:
  - target:
      kind: Ingress
      name: dex
    patch: |-
      - op: add
        path: /spec/rules/0/http/paths/-
        value:
          pathType: Exact
          path: '/'
          backend:
            service:
              name: landing-page
              port:
                name: http

configMapGenerator:
  - name: landing-page-app
    files:
      - files/main.js

deployment.yaml:

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: landing-page
  labels:
    k8s-app: landing-page
spec:
  selector:
    matchLabels:
      k8s-app: landing-page

  template:
    metadata:
      labels:
        k8s-app: landing-page

    spec:
      containers:
        - name: landing-page
          image: node:16-alpine
          command:
            - node
            - /app/main.js
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /
              port: http
            initialDelaySeconds: 3
            periodSeconds: 3
          readinessProbe:
            httpGet:
              path: /
              port: http
            initialDelaySeconds: 3
            periodSeconds: 3
          volumeMounts:
            - name: landing-page-app
              mountPath: /app
      volumes:
        - name: landing-page-app
          configMap:
            name: landing-page-app

service.yaml:

---
apiVersion: v1
kind: Service
metadata:
  name: landing-page
spec:
  ports:
    - name: http
      port: 8080
      protocol: TCP
      targetPort: http
  selector:
    k8s-app: landing-page

main.js:

const http = require('http');

const page = `
<html>
  <body>
    At least this is not a 404?
  </body>
</html>
`;

const requestListener = function (req, res) {
  res.writeHead(200);
  res.end(page);
}

const server = http.createServer(requestListener);
server.listen(8080);