Go Authorization

Open-source Go projects categorized as Authorization

Missing quite a few other open source projects in this space like SuperTokens (https://supertokens.com) and Keycloak.

Top 23 Go Authorization Projects

  • casbin

    An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN

    Project mention: A guide to Auth & Access Control in web apps 🔐 | dev.to | 2023-11-07

    https://casbin.org/ (multiple approaches, multiple languages, provider) Open source authZ library that has support for many access control models (ACL, RBAC, ABAC, …) and many languages (Go, Java, Node.js, JS, Rust, …). While somewhat complex, it is also powerful and flexible. They also have their Casdoor platform, which is authN and authZ provider.

  • Ory Hydra

    OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.

    Project mention: Show HN: Open-source OAuth2 server Ory Hydra now 6x faster | news.ycombinator.com | 2024-02-13
  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • OPA (Open Policy Agent)

    Open Policy Agent (OPA) is an open source, general-purpose policy engine.

    Project mention: Build and Push to GAR and Deploy to GKE - End-to-End CI/CD Pipeline | dev.to | 2024-01-02

    Harness Policy As Code uses Open Policy Agent (OPA) as the central service to store and enforce policies for the different entities and processes across the Harness platform. In this section, you will define a policy that will deny a pipeline execution if there is no approval step defined in a deployment stage.

  • zitadel

    ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era.

    Project mention: Show HN: Auth0 OSS alternative Ory Kratos now with passwordless and SMS support | news.ycombinator.com | 2024-02-22
  • authentik

    The authentication glue you need.

    Project mention: Show HN: Auth0 OSS alternative Ory Kratos now with passwordless and SMS support | news.ycombinator.com | 2024-02-22

    Hey, for authentik this is actually something we're actively working on: https://github.com/goauthentik/authentik/pull/8330, and this will be included in our next feature release in April!

    (Disclaimer, I am founder and CTO of authentik)

  • Ory Oathkeeper

    A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.

  • permify

    Permify is an open-source authorization service inspired by Google Zanzibar.

    Project mention: Implementing JWT Authentication in a Golang Application | dev.to | 2024-01-30

    At that point consider exploring our solution, Permify. It's a Google Zanzibar-based open-source authorization service that helps to build scalable authorization systems.

  • Onboard AI

    ChatGPT with full context of any GitHub repo. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at app.getonboardai.com.

  • cerbos

    Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.

    Project mention: Nuxt authorization: How to implement fine-grained access control | dev.to | 2024-01-15

    In this tutorial you will learn how to use Cerbos to add fine-grained access control to any Nuxt web application, simplifying authorization as a result.

  • fosite

    Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.

    Project mention: Golang library for AuthN/AuthZ | /r/golang | 2023-06-06

    You can take a look to https://github.com/ory/fosite

  • openfga

    A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar

    Project mention: 🚀 Top 12 Open Source Auth Projects Every Developer Should Know 🔑 | dev.to | 2023-12-06


  • rbac-manager

    A Kubernetes operator that simplifies the management of Role Bindings and Service Accounts.

  • authorizer

    Your data, your control. Fully open source, authentication and authorization. No lock-ins. Deployment in Railway in 120 seconds || Spin a docker image as a micro-service in your infra. Built in login page and Admin panel out of the box.

    Project mention: Authorizer, an open source authentication and authorization solution | news.ycombinator.com | 2023-09-12
  • rakkess

    Review Access - kubectl plugin to show an access matrix for k8s server resources

  • caddy-security

    🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐

    Project mention: Security flaws in an SSO plugin for Caddy | news.ycombinator.com | 2024-02-12

    There is no "refusal" as far as I can tell. The issues were reported [1] in September 2023 (as was this blog post) and the simplest one has been fixed (insecure random seed). I'm not aware of any public statements from the plugin maintainers, and there is no hostility in the issue comments.

    [1]: https://github.com/greenpau/caddy-security/issues?q=is%3Aiss...

  • gotrue

    A JWT based API for managing users and issuing JWT tokens (by supabase)

    Project mention: Ask HN: Microsoft crawls private links – how can this be legal? | news.ycombinator.com | 2024-01-06

    > Microsoft scans to check the website contains malware. IMHO the security blunder is a self-implemented magic link.

    It's not self-implemented, you can check it out here: https://github.com/supabase/gotrue

    > Not password protected if the password is part of the URL.

    It's a token that's valid for a couple of minutes – just like a password reset token. Indeed, in the given implementation, it's the very same as the password reset token. If you consider this implementation as "not password protected", any website with a password reset functionality is "not password protected".

  • audit2rbac

    Autogenerate RBAC policies based on Kubernetes audit logs

  • warrant

    Warrant is a highly scalable, centralized authorization service based on Google Zanzibar, used for defining, querying, and auditing application authorization models and access control rules.

    Project mention: A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev | dev.to | 2024-02-05

    Warrant — Hosted enterprise-grade authorization and access control service for your apps. The free tier includes 1 million monthly API requests and 1,000 authz rules.

  • topaz

    Cloud-native authorization for modern applications and APIs (by aserto-dev)

    Project mention: Show HN: Topaz 0.30 – OSS authz service combining the best of OPA and Zanzibar | news.ycombinator.com | 2023-11-06

    You can, simply use the topazd.exe binary from the topaz_windows_x86_64.zip from the GH releases page (https://github.com/aserto-dev/topaz/releases). Note this is currently not a Windows Service, so not net start topaz. Let me know if that would be interesting.

  • rbac-tool

    Rapid7 | insightCloudSec | Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query

  • rbac-lookup

    Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster

  • mosquitto-go-auth

    Auth plugin for mosquitto.

    Project mention: Securing MQTT: A Guide to Basic Authentication | dev.to | 2023-10-02

    Check auth plugin for more complex use cases.

  • opa-envoy-plugin

    A plugin to enforce OPA policies with Envoy

  • casbin-server

    Casbin as a Service (CaaS)

  • WorkOS

    The modern API for authentication & user identity. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-02-22.

Go Authorization related posts


What are some of the best open-source Authorization projects in Go? This list will help you:

Project Stars
1 casbin 16,543
2 Ory Hydra 14,902
3 OPA (Open Policy Agent) 8,920
4 zitadel 6,329
5 authentik 5,867
6 Ory Oathkeeper 3,137
7 permify 2,323
8 cerbos 2,270
9 fosite 2,216
10 openfga 1,980
11 rbac-manager 1,391
12 authorizer 1,342
13 rakkess 1,250
14 caddy-security 1,149
15 gotrue 1,054
16 audit2rbac 1,038
17 warrant 946
18 topaz 928
19 rbac-tool 834
20 rbac-lookup 816
21 mosquitto-go-auth 464
22 opa-envoy-plugin 298
23 casbin-server 290
The modern API for authentication & user identity.
The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.