Ferrum
openpubkey
Ferrum | openpubkey | |
---|---|---|
1 | 2 | |
5 | 561 | |
- | 3.9% | |
8.3 | 8.8 | |
10 days ago | 6 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Ferrum
-
Easily add authorization in you apps in 1-2 min
Personally, I like KeyCloak and use it where it is possible. About 2 years ago I had to expand my technology stack and I started to write apps using Golang. These apps are WEB API that use Authorization on KeyCloak server. When API grows and become more complicated, it is very important to make automated integration tests. For authorization we using separate from demo/production server, and it is important to make code portable to any machine, therefore the most convenient way is to start all infrastructure before any test and stop when test ends with any persistent data cleanup at the end. Such approach can't be easily and fast implemented using Keycloak. Therefore, we created Ferrum authorization server that could be run and stopped from code and with API compatible with KeyCloak (with similar behavior and endpoints). Ferrum could be used not only for tests purposes but also like a full-fledged authorization server.
openpubkey
- OpenPubkey: Protocol for leveraging OpenID to bind identities to public keys
-
RFC 9420 – A Messaging Layer Security Overview
You could use OpenPubkey [0, 1] to bind your identity key to your say Google or Okta account. With an MFA Cosigner, a malicious Google wouldn't be able to impersonate you.
IF you really wanted to go full cipherpunk, you could use the stuff risc.zero [2] is building to could keep your identity secret via ZKPs over ID Token (JWT).
[0]: OpenPubkey: Augmenting OpenID Connect with User held Signing Keys, https://eprint.iacr.org/2023/296
[1]: https://github.com/openpubkey/openpubkey
[2]: "Under the hood is JWT and OIDC verification on top of the RISC Zero zkVM" https://www.risczero.com/news/bonsai-pay
What are some alternatives?
go-scim - Building blocks for servers implementing Simple Cloud Identity Management v2
traefik-forward-auth - Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy
Ory Oathkeeper - A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
Ory Hydra - OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
Simple CRUD App w/ Gorilla/Mux, MariaDB - Simple CRUD Application with Go, Gorilla/mux, MariaDB, Redis.
go-todo - Todo app graphql api
zitadel - ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era.
Ory Kratos - Next-gen identity server replacing your Auth0, Okta, Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more. Golang, headless, API-first. Available as a worry-free SaaS with the fairest pricing on the market!
fosite - Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.
zitadel - Cloud-native Identity & Access Management solution providing a platform for secure authentication, authorization and identity management.