1. Packages
  2. Dex Provider
Dex v0.8.0 published on Thursday, Feb 19, 2026 by Kotaicode GmbH
Schema (JSON)
kotaicode/pulumi-dex

Dex Provider

dex logo
Dex v0.8.0 published on Thursday, Feb 19, 2026 by Kotaicode GmbH
Schema (JSON)
kotaicode/pulumi-dex

    Dex Provider

    The Dex provider for Pulumi allows you to manage Dex resources using infrastructure as code. This provider uses the Dex gRPC Admin API to manage OAuth2 clients and identity provider (IdP) connectors.

    Features

    • OAuth2 Client Management: Create, update, and delete Dex OAuth2 clients
    • Generic Connector Support: Manage any Dex connector type (OIDC, LDAP, SAML, etc.)
    • OIDC Connector Support: First-class support for OIDC connectors with typed configuration
    • Azure/Entra ID Integration:
      • AzureOidcConnector - Uses generic OIDC connector (type: oidc)
      • AzureMicrosoftConnector - Uses Dex’s Microsoft-specific connector (type: microsoft)
    • AWS Cognito Integration: CognitoOidcConnector for managing Cognito user pools as IdPs

    Example Usage

    TypeScript

    import * as dex from "@kotaicode/pulumi-dex";
import * as fs from "fs";

// Configure the provider
const provider = new dex.Provider("dex", {
    host: "dex.example.com:5557",
    // For production, use TLS/mTLS:
    // caCert: fs.readFileSync("certs/ca.crt", "utf-8"),
    // clientCert: fs.readFileSync("certs/client.crt", "utf-8"),
    // clientKey: fs.readFileSync("certs/client.key", "utf-8"),
    // For development:
    insecureSkipVerify: true,
});

// Create an OAuth2 client
const client = new dex.Client("my-client", {
    clientId: "my-web-app",
    name: "My Web Application",
    redirectUris: ["https://app.example.com/callback"],
}, { provider });

// Create an Azure OIDC connector
const azureConnector = new dex.AzureOidcConnector("azure-oidc", {
    connectorId: "azure-oidc",
    name: "Azure AD",
    tenantId: "your-tenant-id",
    clientId: "your-azure-app-id",
    clientSecret: "your-azure-app-secret",
    redirectUri: "https://dex.example.com/dex/callback",
    scopes: ["openid", "email", "profile"],
}, { provider });

export const clientId = client.clientId;
export const clientSecret = client.secret;

    Go

    package main

import (
    "github.com/kotaicode/pulumi-dex/sdk/go/dex"
    "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        // Configure the provider
        provider, err := dex.NewProvider(ctx, "dex", &dex.ProviderArgs{
            Host:              pulumi.String("dex.example.com:5557"),
            InsecureSkipVerify: pulumi.Bool(true),
        })
        if err != nil {
            return err
        }

        // Create an OAuth2 client
        client, err := dex.NewClient(ctx, "my-client", &dex.ClientArgs{
            ClientId:     pulumi.String("my-web-app"),
            Name:         pulumi.String("My Web Application"),
            RedirectUris: pulumi.StringArray{pulumi.String("https://app.example.com/callback")},
        }, pulumi.Provider(provider))
        if err != nil {
            return err
        }

        // Create an Azure OIDC connector
        azureConnector, err := dex.NewAzureOidcConnector(ctx, "azure-oidc", &dex.AzureOidcConnectorArgs{
            ConnectorId:  pulumi.String("azure-oidc"),
            Name:         pulumi.String("Azure AD"),
            TenantId:     pulumi.String("your-tenant-id"),
            ClientId:     pulumi.String("your-azure-app-id"),
            ClientSecret: pulumi.String("your-azure-app-secret"),
            RedirectUri:  pulumi.String("https://dex.example.com/dex/callback"),
            Scopes:       pulumi.StringArray{pulumi.String("openid"), pulumi.String("email"), pulumi.String("profile")},
        }, pulumi.Provider(provider))
        if err != nil {
            return err
        }

        ctx.Export("clientId", client.ClientId)
        ctx.Export("clientSecret", client.Secret)
        
        return nil
    })
}

    Python

    import pulumi
import pulumi_dex as dex

# Configure the provider
provider = dex.Provider("dex",
    host="dex.example.com:5557",
    insecure_skip_verify=True
)

# Create an OAuth2 client
client = dex.Client("my-client",
    client_id="my-web-app",
    name="My Web Application",
    redirect_uris=["https://app.example.com/callback"],
    opts=pulumi.ResourceOptions(provider=provider)
)

# Create an Azure OIDC connector
azure_connector = dex.AzureOidcConnector("azure-oidc",
    connector_id="azure-oidc",
    name="Azure AD",
    tenant_id="your-tenant-id",
    client_id="your-azure-app-id",
    client_secret="your-azure-app-secret",
    redirect_uri="https://dex.example.com/dex/callback",
    scopes=["openid", "email", "profile"],
    opts=pulumi.ResourceOptions(provider=provider)
)

pulumi.export("client_id", client.client_id)
pulumi.export("client_secret", client.secret)

    Resources

    • dex.Client - Manage OAuth2 clients
    • dex.Connector - Manage generic connectors (OIDC, LDAP, SAML, etc.)
    • dex.AzureOidcConnector - Azure AD/Entra ID connector (OIDC)
    • dex.AzureMicrosoftConnector - Azure AD/Entra ID connector (Microsoft-specific)
    • dex.CognitoOidcConnector - AWS Cognito user pool connector

    Prerequisites

    • Dex instance with gRPC API enabled
    • For connector management: Dex must be started with DEX_API_CONNECTORS_CRUD=true
    • Network access to Dex’s gRPC endpoint (default port: 5557)

    Learn More

    dex logo
    Dex v0.8.0 published on Thursday, Feb 19, 2026 by Kotaicode GmbH
    Schema (JSON)
    kotaicode/pulumi-dex
      Meet Neo: Your AI Platform Teammate