Go Authorization

Open-source Go projects categorized as Authorization | Edit details

Top 19 Go Authorization Projects

  • GitHub repo hydra

    OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.

    Project mention: Simple OpenID Connect (OIDC) Provider? | reddit.com/r/selfhosted | 2021-10-23
  • GitHub repo casbin

    An authorization library that supports access control models like ACL, RBAC, ABAC in Golang

    Project mention: PyCasbin: An authorization library that supports access control models like ACL, RBAC, ABAC in Python | reddit.com/r/Python | 2021-11-30

    Management API: the primitive API that provides full support for Casbin policy management. See here for examples.

  • Scout APM

    Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.

  • GitHub repo OPA (Open Policy Agent)

    An open source, general-purpose policy engine.

    Project mention: How do businesses apply permissions to their data? | reddit.com/r/learnprogramming | 2021-11-29

    There are plenty of different approaches. Role-based access, resources based access, etc. And the authorization can exist on multiple levels, such as network gateways, in a sidecar and so forth.

  • GitHub repo fosite

    Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.

    Project mention: Ory Hydra: Open Source OAuth2/OIDC Provider | reddit.com/r/golang | 2021-01-13

    We are using https://github.com/ory/fosite at work with great success.

  • GitHub repo spicedb

    Inspired by Google's Zanzibar paper, SpiceDB is a database system for managing security-critical application permissions.

    Project mention: We Turn Authorization Logic into SQL | news.ycombinator.com | 2021-11-23

    Disclosure: I'm the founder of Authzed, YC company building a permissions database[0] inspired by Google's Zanzibar paper.

    This is actually a really hard problem and depends on the systems with which you are integrating. We call this problem "ACL filtering"[1] and there are two general strategies: pre and post filtering. We have a blog post[2] describing our API for pre-filtering which can stream results that you can then use build into a SQL query or data-structures like bloom filters/bitmaps. We currently have a proposal on GitHub[3] for a an extension to that strategy adding a denormalization/caching layer. You might also be surprised at the performance you can achieve with post-filtering by building an iterator in your programming language of choice that will batch together permission checks and amortize the cost of filtering those results from the set of all results that you pull out of your database. Additionally, if you're interested in running your databases, we've been exploring building direct integrations into various datastores (e.g. Postgres).

    [0]: https://github.com/authzed/spicedb

    [1]: https://docs.authzed.com/reference/glossary#acl-filtering

    [2]: https://authzed.com/blog/acl-filtering-in-authzed/

    [3]: https://github.com/authzed/spicedb/issues/207

  • GitHub repo rbac-manager

    A Kubernetes operator that simplifies the management of Role Bindings and Service Accounts.

    Project mention: RBAC for dynamic namespaces? | reddit.com/r/kubernetes | 2021-02-17

    We have a use case similar to this and we use rbac-manager. If you can have something externally provision the namespaces with labels, I think it might work for you. If not, maybe some combination with OPA Gatekeeper could do the trick?

  • GitHub repo rakkess

    Review Access - kubectl plugin to show an access matrix for k8s server resources

    Project mention: Making Kubernetes Operations Easy with kubectl Plugins | dev.to | 2021-10-01

    rakkess - known as access-matrix in krew is plugin for showing and reviewing access to kubernetes resources. This can be very useful when designing RBAC roles - you can for example run kubectl access-matrix --as other-user --namespace some-ns to verify that user or service account has desired access rights in specified namespace.

  • Nanos

    Run Linux Software Faster and Safer than Linux with Unikernels.

  • GitHub repo authentik

    The authentication glue you need.

    Project mention: Reverse proxy authentication with Authentik | reddit.com/r/navidrome | 2021-12-03

    #starting in home folder curl -fsSL https://get.docker.com -o get-docker.sh sudo sh get-docker.sh #Install Docker Compose mkdir -p ~/.docker/cli-plugins curl -sSL https://github.com/docker/compose/releases/download/v2.2.2/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose chmod +x ~/.docker/cli-plugins/docker-compose #Get Authentik mkdir /srv/Authentik curl -sSL https://goauthentik.io/docker-compose.yml -o /srv/Authentik/docker-compose.yml #Important: Now follow the steps in the Authentik guide to generate passwords/secrets #Run Authentik docker compose up

  • GitHub repo rbac-lookup

    Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster (by FairwindsOps)

    Project mention: Making Kubernetes Operations Easy with kubectl Plugins | dev.to | 2021-10-01

    rbac-lookup - Similar to the first plugin we mentioned, this plugin also helps with RBAC in your cluster. This can be used to perform reverse lookup of roles, giving you a list of roles that user, service account or group has assigned. For example, to find roles bound to service account named my-sa you use the following - kubectl rbac-lookup my-sa --kind serviceaccount --output wide.

  • GitHub repo caddy-authorize

    Authorization Plugin for Caddy v2 (JWT/PASETO)

    Project mention: Single Sign On (SSO) with subdomains using Caddy v2 | dev.to | 2021-05-29

    There's a caveat though: one of your subdomains/routes needs to be marked as primary yes (for reasons explained here), but the sso snippet we defined didn't have this. So, you'll need to copy and paste the config into one of your routes and add primary yes before you can just use import sso in the rest.

  • GitHub repo opa-envoy-plugin

    A plugin to enforce OPA policies with Envoy

    Project mention: OPA + Istio/Envoy: ConfigMap | reddit.com/r/OpenPolicyAgent | 2021-02-23

    I'm observing the quick_start.yaml provided by OPA and trying to comprehend what's happening in the inject.rego resource (proper name?) under the ConfigMap. Can anyone break it down for me a bit? I think I have an inkling of what's happening but not sure.

  • GitHub repo casbin-server

    Casbin as a Service (CaaS)

    Project mention: Why Authorization Is Hard | news.ycombinator.com | 2021-09-15

    casbin is super flexible and it support many models[1]


  • GitHub repo cerbos

    Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.

    Project mention: OWASP top change visualization from 2004 to now | news.ycombinator.com | 2021-10-20

    Here [0] is a link to the license file on their main repo, and Here [1] is a screenshot of the link in my previous comment highlighting the license on all of the repos.

    [0] - https://github.com/cerbos/cerbos/blob/main/LICENSE

  • GitHub repo gotrue

    A JWT based API for managing users and issuing JWT tokens (by supabase)

    Project mention: Realtime Postgres RLS Now Available on Supabase (YC S20) | news.ycombinator.com | 2021-12-01

    In Supabase we use a separate Auth server [0]. This stores the user in an `auth` schema, and these users can login to receive a JWT. Inside the JWT is a "role", which is, in fact, a PostgreSQL role ("authenticated") that has certain grants associated to it, and the user ID (a UUID).

    Inside your RLS Policies you can use anything stored inside the JWT. My cofounder made a video [1] on this which is quite concise. Our way of handling this is just an extension of the PostgREST Auth recommendations: https://postgrest.org/en/v9.0/auth.html

    [0] Auth server: https://github.com/supabase/gotrue

    [1] RLS Video: https://supabase.com/docs/learn/auth-deep-dive/auth-row-leve...

  • GitHub repo access-controller

    A highly scalable open-source implementation of an access-control engine inspired by Google Zanzibar-"Google’s Consistent, Global Authorization System"

    Project mention: SpiceDB – production-ready, open-source Google Zanzibar implementation | reddit.com/r/golang | 2021-09-30

    This is very cool! Do you have any comparison with other Zanzibar OSS projects like https://github.com/ory/keto or https://github.com/authorizer-tech/access-controller ?

  • GitHub repo auth-server

    Simple authentication and authorization server

    Project mention: Set up your own authentication and authorization server | reddit.com/r/selfhosted | 2021-10-18
  • GitHub repo g8

    ⛩️ Go library for protecting your HTTP handlers

    Project mention: g8: Library for protecting HTTP handlers with authorization bearer tokens | reddit.com/r/golang | 2021-05-24
  • GitHub repo credentialfs

    FUSE for credentials stored in password managers

    Project mention: Show HN: Credentialfs, FUSE for your secrets in password manager | news.ycombinator.com | 2021-06-05
  • GitHub repo pkisauce

    Ephemeral One Time/Build-Time gRPC TLS PKI system.

    Project mention: A gRPC Ephemeral Build Time TLS PKI w/ RPC access control (BETA). | reddit.com/r/grpc | 2021-09-27
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-12-03.

Go Authorization related posts


What are some of the best open-source Authorization projects in Go? This list will help you:

Project Stars
1 hydra 11,802
2 casbin 10,759
3 OPA (Open Policy Agent) 5,868
4 fosite 1,731
5 spicedb 1,652
6 rbac-manager 967
7 rakkess 866
8 authentik 801
9 rbac-lookup 558
10 caddy-authorize 225
11 opa-envoy-plugin 221
12 casbin-server 201
13 cerbos 126
14 gotrue 118
15 access-controller 55
16 auth-server 54
17 g8 32
18 credentialfs 6
19 pkisauce 3
Find remote jobs at our new job board 99remotejobs.com. There are 32 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives