Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

2.41.1

Storage Type

etcd

Installation Type

Official Helm chart

Expected Behavior

Updating an existing connector via the API should reflect the changes at runtime.

Actual Behavior

The config is not reloaded at runtime and changes are only reflected on a restart.

Steps To Reproduce

1. Start dex
2. Use a storageConnector (i.e. one that has been configured using the API) to log into an application
3. Use the API to update a field of the connector, such as scope or insecureSkipEmailVerified
4. Use the storageConnector again. The changes made in step 3 will not be reflected
5. Restart dex
6. The changes are now reflected

Additional Information

This is highly likely due to the fact that the connector's ResourceVersion field is not incremented on changes to the connector. We checked etcd directly and found ResourceVersion on the connector to be an empty string.

The update function that sets updated fields can be seen here, the ResourceVersion field is not touched: https://github.com/dexidp/dex/blob/master/server/api.go#L466

In UpdateConnector, SetResourceVersion is called, apparently expecting that the field was set before as part of the updater function: https://github.com/dexidp/dex/blob/master/storage/ent/client/connector.go#L76

Lastly, Server.getConnector checks this field to determine if a connector needs to be reloaded, which will always end up comparing the empty string against the empty string: https://github.com/dexidp/dex/blob/master/server/server.go#L734

In this related issue, seemingly the same issue was fixed for the Kubernetes storage by relying on the ObjectMeta.ResourceVersion field instead: #1672

Configuration

No response

Logs

No response