Set Up Authentication Using the Default Dex Identity Provider

With GoodData Cloud Native (GoodData.CN), you can use Dex, a built-in OpenID Connect (OIDC) Identity Provider that can store user credentials. Dex is used by default if you do not set up an external OIDC Identity Provider.

Dex does not require any additional configuration. Once you have deployed GoodData.CN, Dex is ready to be used.

Create a User in Dex

To create a user in Dex, submit a POST request to /api/v1/auth/users.

curl -H "Authorization: Bearer $BOOTSTRAP_API_TOKEN" \
     -H "Content-type: application/json" -d '{"email": "",
     "password": "123456", "displayName": "John Doe"}' --request POST \

The user is created, and the following JSON object with the user’s properties is returned:

  "email": "",
  "password": null,
  "displayName": "John Doe",
  "authenticationId": "CiQ0YWFiZmIzNy03MTNiLTQyNWYtODZhMy0yNmFlNmM1ZjYwNDMSBWxvY2Fs"

Once the user has been created, map the user to your Organization. You are going to need the value of the authenticationId property for mapping the user, therefore copy this value from the returned JSON object.

Update a User in Dex

To update a user, submit a PUT request to /api/v1/auth/users/{:email}.

curl -H "Authorization: Bearer $BOOTSTRAP_API_TOKEN" \
     -H "Content-type: application/json" -d '{"email": "",
     "password": "Bett3rPa$$w0rd", "displayName": "John Doe"}' --request PUT \

This API request changes the current password of the user with the email to the one that you have provided in the request.

Other Available Operations

In addition to creating and updating a user, you can also do the following actions:

  • List all users - submit a GET request to /api/v1/auth/users.

  • View a user - submit a GET request to /api/v1/auth/users/{:email}.

  • Delete a user - submit a DELETE request to /api/v1/auth/users/{:email}

    This request deletes the user’s credentials, which prevents the user from being able to log in, but does not delete the user from the system. To delete the user completely, you need to also delete the user’s mapping.

For more information, see the API documentation.