Top 19 Go Authorization Projects
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.Project mention: Simple OpenID Connect (OIDC) Provider? | reddit.com/r/selfhosted | 2021-10-23
An authorization library that supports access control models like ACL, RBAC, ABAC in GolangProject mention: PyCasbin: An authorization library that supports access control models like ACL, RBAC, ABAC in Python | reddit.com/r/Python | 2021-11-30
Management API: the primitive API that provides full support for Casbin policy management. See here for examples.
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
An open source, general-purpose policy engine.Project mention: How do businesses apply permissions to their data? | reddit.com/r/learnprogramming | 2021-11-29
There are plenty of different approaches. Role-based access, resources based access, etc. And the authorization can exist on multiple levels, such as network gateways, in a sidecar and so forth.
Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.Project mention: Ory Hydra: Open Source OAuth2/OIDC Provider | reddit.com/r/golang | 2021-01-13
We are using https://github.com/ory/fosite at work with great success.
Inspired by Google's Zanzibar paper, SpiceDB is a database system for managing security-critical application permissions.Project mention: We Turn Authorization Logic into SQL | news.ycombinator.com | 2021-11-23
Disclosure: I'm the founder of Authzed, YC company building a permissions database inspired by Google's Zanzibar paper.
This is actually a really hard problem and depends on the systems with which you are integrating. We call this problem "ACL filtering" and there are two general strategies: pre and post filtering. We have a blog post describing our API for pre-filtering which can stream results that you can then use build into a SQL query or data-structures like bloom filters/bitmaps. We currently have a proposal on GitHub for a an extension to that strategy adding a denormalization/caching layer. You might also be surprised at the performance you can achieve with post-filtering by building an iterator in your programming language of choice that will batch together permission checks and amortize the cost of filtering those results from the set of all results that you pull out of your database. Additionally, if you're interested in running your databases, we've been exploring building direct integrations into various datastores (e.g. Postgres).
A Kubernetes operator that simplifies the management of Role Bindings and Service Accounts.Project mention: RBAC for dynamic namespaces? | reddit.com/r/kubernetes | 2021-02-17
We have a use case similar to this and we use rbac-manager. If you can have something externally provision the namespaces with labels, I think it might work for you. If not, maybe some combination with OPA Gatekeeper could do the trick?
Review Access - kubectl plugin to show an access matrix for k8s server resourcesProject mention: Making Kubernetes Operations Easy with kubectl Plugins | dev.to | 2021-10-01
rakkess - known as access-matrix in krew is plugin for showing and reviewing access to kubernetes resources. This can be very useful when designing RBAC roles - you can for example run kubectl access-matrix --as other-user --namespace some-ns to verify that user or service account has desired access rights in specified namespace.
Run Linux Software Faster and Safer than Linux with Unikernels.
The authentication glue you need.Project mention: Reverse proxy authentication with Authentik | reddit.com/r/navidrome | 2021-12-03
#starting in home folder curl -fsSL https://get.docker.com -o get-docker.sh sudo sh get-docker.sh #Install Docker Compose mkdir -p ~/.docker/cli-plugins curl -sSL https://github.com/docker/compose/releases/download/v2.2.2/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose chmod +x ~/.docker/cli-plugins/docker-compose #Get Authentik mkdir /srv/Authentik curl -sSL https://goauthentik.io/docker-compose.yml -o /srv/Authentik/docker-compose.yml #Important: Now follow the steps in the Authentik guide to generate passwords/secrets #Run Authentik docker compose up
Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster (by FairwindsOps)Project mention: Making Kubernetes Operations Easy with kubectl Plugins | dev.to | 2021-10-01
rbac-lookup - Similar to the first plugin we mentioned, this plugin also helps with RBAC in your cluster. This can be used to perform reverse lookup of roles, giving you a list of roles that user, service account or group has assigned. For example, to find roles bound to service account named my-sa you use the following - kubectl rbac-lookup my-sa --kind serviceaccount --output wide.
A plugin to enforce OPA policies with EnvoyProject mention: OPA + Istio/Envoy: ConfigMap | reddit.com/r/OpenPolicyAgent | 2021-02-23
I'm observing the quick_start.yaml provided by OPA and trying to comprehend what's happening in the inject.rego resource (proper name?) under the ConfigMap. Can anyone break it down for me a bit? I think I have an inkling of what's happening but not sure.
Casbin as a Service (CaaS)
Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.Project mention: OWASP top change visualization from 2004 to now | news.ycombinator.com | 2021-10-20
Here  is a link to the license file on their main repo, and Here  is a screenshot of the link in my previous comment highlighting the license on all of the repos.
A JWT based API for managing users and issuing JWT tokens (by supabase)Project mention: Realtime Postgres RLS Now Available on Supabase (YC S20) | news.ycombinator.com | 2021-12-01
In Supabase we use a separate Auth server . This stores the user in an `auth` schema, and these users can login to receive a JWT. Inside the JWT is a "role", which is, in fact, a PostgreSQL role ("authenticated") that has certain grants associated to it, and the user ID (a UUID).
Inside your RLS Policies you can use anything stored inside the JWT. My cofounder made a video  on this which is quite concise. Our way of handling this is just an extension of the PostgREST Auth recommendations: https://postgrest.org/en/v9.0/auth.html
 Auth server: https://github.com/supabase/gotrue
A highly scalable open-source implementation of an access-control engine inspired by Google Zanzibar-"Google’s Consistent, Global Authorization System"Project mention: SpiceDB – production-ready, open-source Google Zanzibar implementation | reddit.com/r/golang | 2021-09-30
This is very cool! Do you have any comparison with other Zanzibar OSS projects like https://github.com/ory/keto or https://github.com/authorizer-tech/access-controller ?
Simple authentication and authorization serverProject mention: Set up your own authentication and authorization server | reddit.com/r/selfhosted | 2021-10-18
⛩️ Go library for protecting your HTTP handlersProject mention: g8: Library for protecting HTTP handlers with authorization bearer tokens | reddit.com/r/golang | 2021-05-24
FUSE for credentials stored in password managersProject mention: Show HN: Credentialfs, FUSE for your secrets in password manager | news.ycombinator.com | 2021-06-05
Ephemeral One Time/Build-Time gRPC TLS PKI system.Project mention: A gRPC Ephemeral Build Time TLS PKI w/ RPC access control (BETA). | reddit.com/r/grpc | 2021-09-27
Go Authorization related posts
PyCasbin: An authorization library that supports access control models like ACL, RBAC, ABAC in Python
2 projects | reddit.com/r/Python | 30 Nov 2021
Supabase October 2021 Updates
4 projects | dev.to | 8 Nov 2021
Set up your own authentication and authorization server
1 project | reddit.com/r/selfhosted | 18 Oct 2021
Set up your own authentication and authorization service in a flash
1 project | reddit.com/r/golang | 14 Oct 2021
SpiceDB – production-ready, open-source Google Zanzibar implementation
3 projects | reddit.com/r/golang | 30 Sep 2021
10 Minute Tutorial - Full Stack GitHub Authentication with Supabase & React
2 projects | dev.to | 22 Sep 2021
The never-ending product requirements of user authorization
2 projects | reddit.com/r/programming | 16 Sep 2021
What are some of the best open-source Authorization projects in Go? This list will help you:
|3||OPA (Open Policy Agent)||5,868|
Are you hiring? Post a new remote job listing for free.