|Keycloak||OPA (Open Policy Agent)|
|4 days ago||2 days ago|
|Apache License 2.0||Apache License 2.0|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Just finished migrating my old tower servers to a Kubernetes cluster on my new rack!
19 projects | reddit.com/r/homelab | 21 Jan 2023
For Authentication and Authorization, I use FreeIPA for LDAP and Keycloak for OAuth2/OpenID Connect. The FreeIPA client automatically pulls my public SSH key into whichever server I sign in to, so I never need to enter my password from my primary PC.
The Chewy Stack
7 projects | dev.to | 19 Jan 2023
In the end, I developed a stack that I liked and re-used across multiple projects, which consisted (mostly) of Postgres, Hasura, Nest.js, Keycloak, and Next.js or Expo. More recently I've started moving away from Keycloak towards Ory Kratos/Oathkeeper. In certain cases, I also deployed AppSmith and Metabase and I considered tools like Meilisearch in a couple instances.
Auth.js Authentication for the Web
10 projects | news.ycombinator.com | 30 Dec 2022
It depends on what context you're operating in. The reality is that most people don't fully understand authentication / authorization properly so they often mess up. When you have a small team of engineers that are spread very thin, it might be better to delegate this responsibility. If you have the time and resources to study the topic in depth and implement it properly then it's fine. It's just not that interesting of an area since the space for innovation and creativity is limited, and since the major problems have already been reliably solved by others at best you end up with an equivalent outcome and at worst you end up with security issues.
If you're operating within an enterprise context, Keycloak  is pretty massive but provides comprehensive coverage for all authN and authZ needs, and it's open source.
Back when I first started studying this topic I found that reading through a lot of NIST guidelines was helpful. I'd recommend at least browsing through SP 800-63-3 , SP 800-63A, SP 800-63B, SP 800-63C to get a good idea of the domain. Admittedly, this might be a lot of overkill for your application and needs.
Ask HN: Lightweight Authentication
4 projects | news.ycombinator.com | 29 Dec 2022
AWS Cognito Alternatives 2023
8 projects | reddit.com/r/aws | 23 Dec 2022
State of OpenID Connect Providers
4 projects | news.ycombinator.com | 22 Dec 2022
Any good free authorization server solutions?
3 projects | reddit.com/r/SoftwareEngineering | 17 Dec 2022
How PoB uses your POESESSID
3 projects | reddit.com/r/pathofexile | 15 Dec 2022
About Desktop OAuth protocol, you could try doing something as a "localhost" server... like Keycloak's (an IAM provider) folk did here: https://github.com/keycloak/keycloak/tree/main/adapters/oidc/installed
Passwortsicherheit bei HDI
2 projects | reddit.com/r/de_EDV | 12 Dec 2022
AD/AAD Authentication for Apps running in Kubernetes Cluster
2 projects | reddit.com/r/kubernetes | 27 Nov 2022
OPA (Open Policy Agent)
What are well-developed web applications in Golang?
10 projects | reddit.com/r/golang | 28 Jan 2023
Cloud Native Applications - Part 2: Security
3 projects | dev.to | 28 Jan 2023
Open Policy Agent
Mangle, a programming language for deductive database programming
12 projects | news.ycombinator.com | 26 Nov 2022
Thanks for sharing Biscuit, I was collecting examples of authentication policy languages.
Datalog is also the basis for Open Policy Agent https://www.openpolicyagent.org/docs/latest/ , more specifically it's Rego language which is also implemented in go https://github.com/open-policy-agent/opa/tree/main/rego
How to authenticate microservices?
4 projects | reddit.com/r/golang | 26 Nov 2022
OPA is a full fledged solution as an external auth provider to reverse proxies like Nginx, Envoy or Traefik...etc. It can be a bit complex and overkill for smaller systems. I have a solution called bouncer as a much simpler and opinionated replacement to OPA. Have a look at it, at least it can give you ideas.
Leverage OPA Security Practices with Monokle
2 projects | dev.to | 23 Nov 2022
We believe in validating your work around complex errors before deploying so you spend less time fixing them. So in our Monokle 1.7.0 release we added support forOPA (OPA) to automate how you validate, identify, and fix mission-critical Kubernetes errors.
Kubernetes Hardening Guidance [pdf]
2 projects | news.ycombinator.com | 5 Oct 2022
Maybe you can add them to OPA? (https://www.openpolicyagent.org/)
What is the coolest Go open source projects you have seen?
84 projects | reddit.com/r/golang | 15 Sep 2022
Goast: Generic static analysis for Go Abstract Syntax Tree by OPA/Rego
5 projects | dev.to | 12 Sep 2022
A useful tool for such applications is the policy description language Rego. Rego is a general-purpose language that can be used to evaluate structured data by OPA. Some of the most popular uses include checking the status of resources used in cloud environments, checking the content of Infrastructure as Code descriptions, and checking authorization for access to servers. Please see this document for more detail of Rego.
Terraform Deployments Automation and Ιnfrastructure Provisioning
2 projects | dev.to | 3 Sep 2022
Spacelift provides a plethora of Policies to allow teams to define and automate rules governing the infrastructure as code. By utilizing Open Policy Agent, users can create their own custom policies and ensure the compliance of Terraform resources.
List of most useful Terraform open-source tools
10 projects | news.ycombinator.com | 28 Aug 2022
Static code analysis:
What are some alternatives?
authelia - The Single Sign-On Multi-Factor portal for web apps
Apache Shiro - Apache Shiro
Spring Security - Spring Security
casbin - An authorization library that supports access control models like ACL, RBAC, ABAC in Golang
IdentityServer - The most flexible and standards-compliant OpenID Connect and OAuth 2.x framework for ASP.NET Core
Ory Keto - Open Source (Go) implementation of "Zanzibar: Google's Consistent, Global Authorization System". Ships gRPC, REST APIs, newSQL, and an easy and granular permission language. Supports ACL, RBAC, and other access models.
Ory Kratos - Next-gen identity server (think Auth0, Okta, Firebase) with Ory-hardened authentication, MFA, FIDO2, TOTP, WebAuthn, profile management, identity schemas, social sign in, registration, account recovery, passwordless. Golang, headless, API-only - without templating or theming headaches. Available as a cloud service.
Vault - A tool for secrets management, encryption as a service, and privileged access management
authentik - The authentication glue you need.
FreeIPA - Mirror of FreeIPA, an integrated security information management solution
caddy-auth-portal - Authentication Plugin for Caddy v2 implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA with App Authenticators and Yubico.
jCasbin - An authorization library that supports access control models like ACL, RBAC, ABAC in Java