wg-jit
obligator
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wg-jit
- Show HN: WireGuard JIT (Code and Implementation)
-
JIT WireGuard
I thought this was brilliant and made a little POC here as I couldn't find the code anywhere: https://github.com/realrasengan/wg-jit
This doesn't implement the completion (replay or reverse initiate) which I think both are also novel approaches to this.
So exciting!
obligator
-
JIT WireGuard
The deployment experience is awesome, but for me[0] the killer feature of Fly.io is their Anycast network and features such as FLY_REPLAY and LiteFS that make clusering a breeze[1].
[0]: using them for https://lastlogin.io
[1]: Here's all the fly-specific code necessary to run LastLogin in a globally distributed way: https://github.com/lastlogin-io/obligator/blob/37f75cc861f1b...
-
Keycloak SSO with Docker Compose and Nginx
I use obligator with ephemeral storage, no db, 100% code driven setup.
In my opinion this is the simplist option.
https://github.com/lastlogin-io/obligator
-
Google OAuth is broken (sort of)
See the table here: https://github.com/lastlogin-io/obligator#comparison-is-the-...
- FLaNK Stack Weekly 16 October 2023
-
Show HN: Obligator – An OpenID Connect server for self-hosters
Sorry, this is indeed not very clear. Others already answered well, but if you look at the example[0] config you can see how you would use your own instance of obligator as a client to the instance running at lastlogin.io. This is a bit meta, but applies equally to any client application.
[0]: https://github.com/anderspitman/obligator#running-it
What are some alternatives?
TheIdServer - OpenID/Connect, OAuth2, WS-Federation and SAML 2.0 server based on Duende IdentityServer and ITFoxtec Identity SAML 2.0 with its admin UI
OpenID - OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x
podman-nginx-socket-activation - Demo of how to run socket-activated nginx with Podman
node-oidc-provider - OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js
dex - OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors [Moved to: https://github.com/dexidp/dex]
traefik-forward-auth - Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy
authentik - The authentication glue you need.
caddy-security - 🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
Ory Kratos - Next-gen identity server replacing your Auth0, Okta, Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more. Golang, headless, API-first. Available as a worry-free SaaS with the fairest pricing on the market!
mariadb-podman-socket-activat
mariadb-podman-socket-activation - Demo of a templated systemd user service that runs rootless Podman and starts MariaDB with socket activation
louketo-proxy - A OpenID / Proxy service