Keycloak
jCasbin
Our great sponsors
| Keycloak | jCasbin | |
|---|---|---|
| 162 | 2 | |
| 14,847 | 1,997 | |
| 2.2% | 1.6% | |
| 9.9 | 5.8 | |
| 4 days ago | 8 days ago | |
| Java | Java | |
| Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Keycloak
-
Just finished migrating my old tower servers to a Kubernetes cluster on my new rack!
For Authentication and Authorization, I use FreeIPA for LDAP and Keycloak for OAuth2/OpenID Connect. The FreeIPA client automatically pulls my public SSH key into whichever server I sign in to, so I never need to enter my password from my primary PC.
-
The Chewy Stack
In the end, I developed a stack that I liked and re-used across multiple projects, which consisted (mostly) of Postgres, Hasura, Nest.js, Keycloak, and Next.js or Expo. More recently I've started moving away from Keycloak towards Ory Kratos/Oathkeeper. In certain cases, I also deployed AppSmith and Metabase and I considered tools like Meilisearch in a couple instances.
-
Auth.js Authentication for the Web
It depends on what context you're operating in. The reality is that most people don't fully understand authentication / authorization properly so they often mess up. When you have a small team of engineers that are spread very thin, it might be better to delegate this responsibility. If you have the time and resources to study the topic in depth and implement it properly then it's fine. It's just not that interesting of an area since the space for innovation and creativity is limited, and since the major problems have already been reliably solved by others at best you end up with an equivalent outcome and at worst you end up with security issues.
If you're operating within an enterprise context, Keycloak [0] is pretty massive but provides comprehensive coverage for all authN and authZ needs, and it's open source.
Back when I first started studying this topic I found that reading through a lot of NIST guidelines was helpful. I'd recommend at least browsing through SP 800-63-3 [1], SP 800-63A, SP 800-63B, SP 800-63C to get a good idea of the domain. Admittedly, this might be a lot of overkill for your application and needs.
- Ask HN: Lightweight Authentication
- AWS Cognito Alternatives 2023
- State of OpenID Connect Providers
- Any good free authorization server solutions?
-
How PoB uses your POESESSID
About Desktop OAuth protocol, you could try doing something as a "localhost" server... like Keycloak's (an IAM provider) folk did here: https://github.com/keycloak/keycloak/tree/main/adapters/oidc/installed
- Passwortsicherheit bei HDI
- AD/AAD Authentication for Apps running in Kubernetes Cluster
jCasbin
We haven't tracked posts mentioning jCasbin yet.
Tracking mentions began in Dec 2020.
What are some alternatives?
authelia - The Single Sign-On Multi-Factor portal for web apps
Apache Shiro - Apache Shiro
Spring Security - Spring Security
IdentityServer - The most flexible and standards-compliant OpenID Connect and OAuth 2.x framework for ASP.NET Core
OPA (Open Policy Agent) - An open source, general-purpose policy engine.
Ory Kratos - Next-gen identity server (think Auth0, Okta, Firebase) with Ory-hardened authentication, MFA, FIDO2, TOTP, WebAuthn, profile management, identity schemas, social sign in, registration, account recovery, passwordless. Golang, headless, API-only - without templating or theming headaches. Available as a cloud service.
Vault - A tool for secrets management, encryption as a service, and privileged access management
authentik - The authentication glue you need.
FreeIPA - Mirror of FreeIPA, an integrated security information management solution
caddy-auth-portal - Authentication Plugin for Caddy v2 implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA with App Authenticators and Yubico.
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
dex - OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors