-
|
Hi everyone, I’m exploring the possibility of using Ory OIDC instead of the default ArgoCD Dex for authentication. My goal is to keep the authentication layer decoupled from the cluster, so I could potentially reuse it across different environments in the future. Specifically, I’d like to: I’m fairly new to Ory, so any guidance, examples, or references would be highly appreciated. Thanks in advance for your help! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hey @csabca83,
Here is how to add GitHub as auth method: https://www.ory.sh/docs/kratos/social-signin/github - This is a feature of Ory Kratos (aka Ory Identities in the managed Ory Network service)
Treat Argo CD as an OAuth2/OIDC client of Ory. Keep Ory as the single OIDC provider across environments and register Argo CD as an OAuth2 client per environment with appropriate redirect URIs. Use Authorization Code flow (+PKCE if applicable) and request only necessary scopes/claims for Argo CD RBAC mapping. i hope this helps |
Beta Was this translation helpful? Give feedback.
Hey @csabca83,
Here is how to add GitHub as auth method: https://www.ory.sh/docs/kratos/social-signin/github - This is a feature of Ory Kratos (aka Ory Identities in the managed Ory Network service)
Treat Argo CD as an OAuth2/OIDC client of Ory. Keep Ory as the single OIDC provider across environments and register Argo CD as an OAuth2 client per environment with appropriate redirect URIs. Use Authorization Code flow (+PKCE if applicable) and request only necessary scopes/claims for Argo CD RBAC…