Dex
Use Dex as the identity provider for Perch sign-ins. Like Authelia, Dex has no web UI, so all client registration happens in the config file.
Your redirect URI
The redirect URI to register is your hub’s URL with this exact path:
https://your-hub-url/api/auth/custom/callbackRegister the client in Dex
Add a static client to your Dex config under staticClients:
staticClients:
- id: perch
secret: your-client-secret
name: Perch
redirectURIs:
- https://your-hub-url/api/auth/custom/callbackPick a strong random string for secret, then restart Dex to load the config.
Setup in Perch
Open the Custom OIDC card in Perch (Admin → Auth) and fill in:
- Client ID:
perch - Client Secret: the value from
secretabove
For the URLs, use your Dex discovery document:
https://dex.example.com/.well-known/openid-configurationOpen it in your browser and copy the values across:
| Perch field | Discovery doc key |
|---|---|
| Authorization URL | authorization_endpoint |
| Token URL | token_endpoint |
| Userinfo URL | userinfo_endpoint |
Set Scopes to openid email, then enable the provider.
Connectors
Dex is an OIDC bridge: it sits in front of other identity backends (LDAP, GitHub, another OIDC provider, and so on) and exposes them all as a single OIDC endpoint. Set up the backend connector in your Dex config to match your environment. The Perch side stays exactly the same no matter which connector Dex uses.