SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Go Authorization Projects
-
casbin
An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
Ory Hydra
The most scalable and customizable OpenID Certified™ OpenID Connect and OAuth Provider on the market. Become an OpenID Connect and OAuth2 Provider over night. Broad support for related RFCs. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.
Project mention: Show HN: Open-source OAuth2 server Ory Hydra now 6x faster | news.ycombinator.com | 2024-02-13 -
Project mention: Red Hat to contribute container tech (Podman, bootc, ComposeFS, etc.) to CNCF | news.ycombinator.com | 2024-11-14
-
External Authorization System Using Policy engines like SpiceDB, OpenFGA, ORY Keto, OpenPolicy Agent (OPA), let you put your ReBAC rules in an external system and reference them from your queries. The main benefit you get from the centralized relationships model is it makes it possible to manage authorization centrally. This means that development teams can create new applications and add new relationships without needing to update any application code.
-
Project mention: OpenAUTH: Universal, standards-based auth provider | news.ycombinator.com | 2024-12-17
-
permify
An open-source authorization as a service inspired by Google Zanzibar, designed to build and manage fine-grained and scalable authorization systems for any application.
Project mention: Show HN: Permify 1.0 – Open-source fine-grained authorization service | news.ycombinator.com | 2024-08-21 -
cerbos
Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
Project mention: Show HN: Cerbos. Open source, horizontally scalable, stateless authorization | news.ycombinator.com | 2024-12-03 -
Ory Oathkeeper
A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
-
openfga
A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar
Project mention: Who Needs Roles Anymore? Introducing OpenFGA, the Future of SaaS | dev.to | 2025-01-14It’s 2025 y’all, time to retire that ancient, one-size-fits-all approach. OpenFGA gives you the flexibility to handle complex user relationships with elegance. Whether you’re cooking up the next Slack, managing external contractors, or just tired of editing roles for your friends named Bob, ReBAC can save you from permissions purgatory.
-
-
authorizer
Your data, your control. Fully open source, authentication and authorization. No lock-ins. Deployment in Railway in 120 seconds || Spin a docker image as a micro-service in your infra. Built in login page and Admin panel out of the box.
-
Project mention: Launch HN: Stack Auth (YC S24) – An Open-Source Auth0/Clerk Alternative | news.ycombinator.com | 2024-08-08
This is great. Competition is definitely needed in the Authentication/Authorization space.
Quick question. How would this compare to supabase/gotrue [0] and permify [1]?
[0]: https://github.com/supabase/auth
-
caddy-security
🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
Project mention: Caddy-Security: Security App and Plugin for Caddy | news.ycombinator.com | 2024-03-17 -
rbac-manager
A Kubernetes operator that simplifies the management of Role Bindings and Service Accounts.
-
-
warrant
Warrant is a highly scalable, centralized authorization service based on Google Zanzibar. Use it to define, enforce, query, and audit application authorization and access control.
Project mention: Show HN: Permify 1.0 – Open-source fine-grained authorization service | news.ycombinator.com | 2024-08-21I think one major difference between the Zanzibar implementations that are out there is support for the 'zookie' consistency token (as mentioned in the original paper). OpenFGA afaik doesn't implement zookies yet[1]. With zookies, each permission write generates a unique token that represents that particular write. Clients can store that token (per resource) and optionally provide it during runtime checks to ensure checks are consistent up to that write. It also helps the system guard against the 'new-enemy problem' (incorrect permissions checks due to permissions changes being read out of order) by ordering writes.
I'd argue that it also unlocks a variety of caching implementations on the Zanzibar server while still allowing clients to specify desired consistency on a per-request/per-resource level. In other words, a Zanzibar implementation with support for zookies can guarantee consistency at a much higher throughput than one that relies on time (second, millisecond delay). This is important for generic 'read after write' scenarios.
Disclaimer: I'm a former founder of Warrant[2] which was recently acquired by WorkOS. Our team has spent a ton of time building our Zanzibar-based authorization service (WorkOS FGA[3]) which supports zookies[4] and other Zanzibar concepts.
[1] https://openfga.dev/docs/interacting/consistency#future-work
[2] https://warrant.dev/
[3] https://workos.com/docs/fga
[4] https://workos.com/docs/fga/warrant-tokens
-
OPA is a great tool for implementing a policy-as-code system. But if you're trying to use it for application authorization (e.g. fine-grained authz for B2B SaaS or a set of internal applications), you may find that its policy story is strong, but it doesn't really have a "data plane": you either store data in a data.json file and rebuild the policy any time that data changes, or make an http.send call out of the policy to fetch dynamic data.
Check out Topaz [0], which uses OPA as its decision engine, but adds a data plane that is based on the ReBAC ideas explored in the Google Zanzibar [1] paper.
Disclaimer: I work on the team [2] that builds and maintains the Topaz project.
[0] https://www.topaz.sh
[1] https://research.google/pubs/zanzibar-googles-consistent-glo...
[2] https://www.aserto.com
-
-
rbac-tool
Rapid7 | insightCloudSec | Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query
-
rbac-lookup
Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster
-
Clearly, this level of permissions only satisfies the most basic requirements. If you need to integrate with your platform to implement dynamic login authentication, you would need to use an auth_plugin. One officially recommended plugin is mosquitto-go-auth.
-
-
Go Authorization discussion
Go Authorization related posts
-
Who Needs Roles Anymore? Introducing OpenFGA, the Future of SaaS
-
Authorization (authz) and GraphQL
-
Override Go app configuration with Environment variable
-
Show HN: Cerbos. Open source, horizontally scalable, stateless authorization
-
Cerbos: Fine-Grained Access Control in Days NOT Months
-
Stop sending audit and access logs to a graveyard
-
Launch HN: Fortress (YC S24) – Database platform for multi-tenant SaaS
-
A note from our sponsor - SaaSHub
www.saashub.com | 19 Jan 2025
Index
What are some of the best open-source Authorization projects in Go? This list will help you:
# | Project | Stars |
---|---|---|
1 | casbin | 18,052 |
2 | Ory Hydra | 15,770 |
3 | authentik | 14,508 |
4 | OPA (Open Policy Agent) | 9,868 |
5 | zitadel | 9,453 |
6 | permify | 5,074 |
7 | cerbos | 3,547 |
8 | Ory Oathkeeper | 3,298 |
9 | openfga | 3,127 |
10 | fosite | 2,349 |
11 | authorizer | 1,753 |
12 | auth | 1,690 |
13 | caddy-security | 1,568 |
14 | rbac-manager | 1,499 |
15 | rakkess | 1,325 |
16 | warrant | 1,192 |
17 | topaz | 1,137 |
18 | audit2rbac | 1,072 |
19 | rbac-tool | 980 |
20 | rbac-lookup | 896 |
21 | mosquitto-go-auth | 543 |
22 | opa-envoy-plugin | 329 |
23 | casbin-server | 315 |