Go Authentication and OAuth

Open-source Go projects categorized as Authentication and OAuth | Edit details

Top 23 Go Authentication and OAuth Projects

  • authelia

    The Single Sign-On Multi-Factor portal for web apps

    Project mention: NGINX-PM + Authelia + FreeIPA With Multiple Security Groups | reddit.com/r/homelab | 2022-01-20

    # yamllint disable rule:comments-indentation # https://github.com/authelia/authelia # https://www.authelia.com/docs/configuration/ # https://dbt3ch.com/books/authelia-for-nginx-proxy-manager # https://shownotes.opensourceisawesome.com/authelia-authentication/ --- ############################################################################### # Authelia Configuration # ############################################################################### theme: dark jwt_secret: REDACTED default_redirection_url: https://home.DOMAIN.TLD/ # Log Configuration log: level: info format: json file_path: /config/authelia.log keep_stdout: false # Server Configuration server: host: 0.0.0.0 port: 9091 path: "" asset_path: /assets/ #Site static configs. read_buffer_size: 4096 write_buffer_size: 4096 enable_pprof: false enable_expvars: false disable_healthcheck: false # Certificates directory for all other certificates used to verify TLS. certificates_directory: /certs/ # NTP Configuration ntp: address: "pool.ntp.org:123" version: 4 max_desync: 3s disable_startup_check: false disable_failure: false # TOTP Configuration totp: issuer: DOMAIN.TLD_SSO algorithm: sha256 digits: 6 period: 30 skew: 1 # Authentication Backend Provider Configuration authentication_backend: disable_reset_password: false refresh_interval: 5m ldap: implementation: custom url: ldaps://ipa.DOMAIN.TLD:636 timeout: 5s start_tls: false tls: server_name: ipa.DOMAIN.TLD skip_verify: true minimum_version: TLS1.2 base_dn: dc=DOMAIN,dc=TLD username_attribute: uid group_name_attribute: cn display_name_attribute: sn users_filter: (&({username_attribute}={input})(objectClass=person)(!(nsaccountlock=TRUE))) groups_filter: (&(member=uid={input},cn=users,cn=accounts,dc=DOMAIN,dc=TLD)(objectClass=groupOfNames)(|(cn=apps-security)(cn=apps-users))) #Bind credentials user: uid=BIND-USER,cn=users,cn=accounts,dc=DOMAIN,dc=TLD password: REDACTED # Access Control Configuration access_control: default_policy: deny # Network rule definitions. networks: - name: internal networks: - 10.0.0.0/8 # Rules for access to apps. rules: - domain: auth.DOMAIN.TLD policy: bypass - domain: - app-sec01.DOMAIN.TLD - app-sec02.DOMAIN.TLD - app-sec03.DOMAIN.TLD network: internal subject: "group:apps-security" policy: two_factor - domain: - app-user01.DOMAIN.TLD - app-user02.DOMAIN.TLD - app-user03.DOMAIN.TLD subject: "group:apps-users" policy: two_factor # Session Provider Configuration session: name: authelia_session domain: DOMAIN.TLD same_site: lax secret: REDACTED expiration: 24h inactivity: 120m remember_me_duration: 1M redis: host: REDIS-CONTAINER-NAME port: 6379 password: REDACTED database_index: 0 maximum_active_connections: 8 minimum_idle_connections: 0 # Regulation Configuration regulation: max_retries: 6 find_time: 2m ban_time: 5m # Storage Provider Configuration storage: encryption_key: REDACTED mysql: host: MARIADB-CONTAINER-NAME port: 3306 database: authelia username: authelia password: REDACTED timeout: 5s # Notification Provider notifier: disable_startup_check: false filesystem: filename: /config/notification.txt ...

  • casbin

    An authorization library that supports access control models like ACL, RBAC, ABAC in Golang

    Project mention: What do other famous frameworks(Django, laravel, springboot etc) use for implementing access control models? | reddit.com/r/golang | 2022-01-23

    I just discovered go has this library https://github.com/casbin/casbin for access control model implementations which seems great. But It got me curious to know what other language frameworks use to implement these models or whether they have such libraries at all.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • jwt-go

    ARCHIVE - Golang implementation of JSON Web Tokens (JWT). This project is now maintained at:

    Project mention: go-doudou series 01: How to develop a monolithic RESTful service with go-doudou | dev.to | 2022-01-24

    The code logic is query user record from database by input parameter username, if not found, return Incorrect username or password error, if password was correct, issue token. The jwt library used here is golang-jwt/jwt

  • oauth2

    Go OAuth2

    Project mention: What do if no progress in MR about year? | reddit.com/r/golang | 2021-09-10

    My wife sent MR into golang oauth2 library https://github.com/golang/oauth2/pull/450

  • goth

    Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applications.

    Project mention: เขียน Go ต่อ Oauth ทุกค่าย | dev.to | 2021-11-02
  • authboss

    The boss of http auth.

  • go-oauth2-server

    A standalone, specification-compliant, OAuth2 server written in Golang.

  • OPS

    OPS - Build and Run Open Source Unikernels. Quickly and easily build and deploy open source unikernels in tens of seconds. Deploy in any language to any cloud.

  • loginsrv

    JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, ..

  • gologin

    Go login handlers for authentication providers (OAuth1, OAuth2)

  • gorbac

    goRBAC provides a lightweight role-based access control (RBAC) implementation in Golang.

    Project mention: Restrict - RBAC/ABAC hybrid authorization library | reddit.com/r/golang | 2021-12-15

    I know there is a lot of authorization libraries out there, so I was trying to create something a little bit different, in between of lightweight tools like gorbac and all-in-one solutions like Casbin.

  • scs

    HTTP Session Management for Go

    Project mention: REST API + limit number of seats | reddit.com/r/golang | 2021-09-02

    Unfortunately I haven't written a cookie/session based auth flow in Golang before so can't recommend any libraries. A quick google led me to https://github.com/alexedwards/scs which may or may not be helpful.

  • paseto

    Platform-Agnostic Security Tokens implementation in GO (Golang) (by o1egl)

    Project mention: Am I doing authorization correctly? I'm doing http-only cookie-based auth and to get the current user I call an API route that reads the cookie and returns the info | reddit.com/r/golang | 2021-08-15

    Check out paseto tokens

  • permissions2

    :closed_lock_with_key: Middleware for keeping track of users, login states and permissions

  • go-guardian

    Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication.

    Project mention: After 2 years of Django, I'm starting using Go for building web servers. Do you guys have any suggestions? | reddit.com/r/golang | 2021-05-24

    https://github.com/labstack/echo This is going to be my next project I look at. Alternatively you can incorporate the security bits manually by importing something like: https://github.com/shaj13/go-guardian

  • jeff

    🍍Jeff provides the simplest way to manage web sessions in Go.

  • jwt-auth

    This package provides json web token (jwt) middleware for goLang http servers (by adam-hanna)

  • httpauth

    HTTP Authentication middlewares

  • auth

    Authenticator via oauth2 (by go-pkgz)

  • branca

    :key: Secure alternative to JWT. Authenticated Encrypted API Tokens for Go.

    Project mention: SAML is insecure by design | reddit.com/r/programming | 2021-08-06

    Better alternatives would be PASETO or Branca.

  • webauthn

    Go package for easy WebAuthn integration (by koesie10)

  • yubigo

    Yubigo is a Yubikey client API library that provides an easy way to integrate the Yubico Yubikey into your existing Go-based user authentication infrastructure.

  • sessionup

    Straightforward HTTP session management

  • otpgen

    Library to generate TOTP/HOTP codes

    Project mention: Show HN: Otpgen – Library to generate TOTP/HOTP codes written in Go | news.ycombinator.com | 2021-08-15
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-01-24.

Go Authentication and OAuth related posts

Index

What are some of the best open-source Authentication and OAuth projects in Go? This list will help you:

Project Stars
1 authelia 11,499
2 casbin 11,177
3 jwt-go 10,131
4 oauth2 3,979
5 goth 3,492
6 authboss 2,980
7 go-oauth2-server 1,846
8 loginsrv 1,841
9 gologin 1,476
10 gorbac 1,244
11 scs 1,024
12 paseto 568
13 permissions2 443
14 go-guardian 338
15 jeff 234
16 jwt-auth 213
17 httpauth 213
18 auth 200
19 branca 159
20 webauthn 142
21 yubigo 117
22 sessionup 114
23 otpgen 113
Find remote jobs at our new job board 99remotejobs.com. There are 30 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
Deliver Cleaner and Safer Code - Right in Your IDE of Choice!
SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.
www.sonarlint.org