Background... my company has been using Dex w/ ArgoCD to talk to GitHub for a while (it's great). We were about to set up Dex for Argo Workflows to use the ArgoCD Dex instance. One of the steps involves creating a client secret. Since Dex is the thing that owns the secret, it seemed like the right place to ask "what should a client secret look like".
We were trying to follow this guide for setting things up: https://argoproj.github.io/argo-workflows/argo-server-sso-argocd/ but we couldn't find anything that explained what a secret should look like.
I went to https://dexidp.io/docs/ and couldn't find anything that covered this.
From my perspective, I was pretty sure that client secrets can be truly arbitrary, but it'd be nice if something was clear about this and maybe offered suggestions / best practices...
oauth.com offers:
A great way to generate a secure secret is to use a cryptographically-secure library to generate a 256-bit value and then convert it to a hexadecimal representation.
Anyway, it'd be nice if there was a page in the docs that talked about client secrets.
Afaict, there are basically three sections in the docs right now:
And it feels like there's effectively an entire missing section.
Not everyone who comes to Dex will be starting from the perspective of "I'm setting up an OAuth thing and I know all about OAuth". We certainly weren't, we came in as "we have a Dex and want to add one more connection for it".
Background... my company has been using Dex w/ ArgoCD to talk to GitHub for a while (it's great). We were about to set up Dex for Argo Workflows to use the ArgoCD Dex instance. One of the steps involves creating a client secret. Since Dex is the thing that owns the secret, it seemed like the right place to ask "what should a client secret look like".
We were trying to follow this guide for setting things up: https://argoproj.github.io/argo-workflows/argo-server-sso-argocd/ but we couldn't find anything that explained what a secret should look like.
I went to https://dexidp.io/docs/ and couldn't find anything that covered this.
From my perspective, I was pretty sure that client secrets can be truly arbitrary, but it'd be nice if something was clear about this and maybe offered suggestions / best practices...
oauth.com offers:
Anyway, it'd be nice if there was a page in the docs that talked about client secrets.
Afaict, there are basically three sections in the docs right now:
And it feels like there's effectively an entire missing section.
Not everyone who comes to Dex will be starting from the perspective of "I'm setting up an OAuth thing and I know all about OAuth". We certainly weren't, we came in as "we have a Dex and want to add one more connection for it".