Allowing Dex to authenticate User based on GitHub repository membership

[BnJam]

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

From what I see in the documentation and I could not find in the Issues, Dex only allows for the GitHub connector to authenticate a user based on the GitHub Organisation and team, if needing more fine granularity. I came to a scenario where we wanted to authenticate external users without adding them to our GitHub Org. I ended up accomplishing this by dropping Dex and proxying to GH with OAuth2-Proxy alone and authenticating based on a users membership to a private repository, along with the scopes: user:email read:user repo.

I use Dex in other projects that would benefit from authenticating via GH repository membership, not just Organisation/org-teams.

Proposed Solution

Similar to OAuth2-Proxy, Dex should include the configuration to authenticate based on GitHub repository membership - minimum scopes are read on public and any scope on private repos.

Alternatives Considered

Dropping Dex and using OAuth2-Proxy alone.

Additional Information

Source Code Links

• Dex GitHub Connector
• OAuth2-Proxy GitHub Provider

[koendelaat]

Recognizing the need. Created a similar proposal in jupyterhub/oauthenticator#650