SaaSHub helps you find the best software and product alternatives Learn more →
Top 16 Go Identity Projects
-
Ory Hydra
The only web-scale, fully customizable OpenID Certified™ OpenID Connect and OAuth2 Provider in the world. Become an OpenID Connect and OAuth2 Provider over night. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters. Relied upon by OpenAI and others for web-scale security.
Project mention: Show HN: Graceful token refresh for open source OAuth2 Server Ory Hydra | news.ycombinator.com | 2025-01-21 -
InfluxDB
InfluxDB high-performance time series database. Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems.
-
Ory Kratos
Headless cloud-native authentication and identity management written in Go. Scales to a billion+ users. Replace Homegrown, Auth0, Okta, Firebase with better UX and DX. Passkeys, Social Sign In, OIDC, Magic Link, Multi-Factor Auth, SMS, SAML, TOTP, and more. Runs everywhere, runs best on Ory Network. (by ory)
Project mention: OpenAI uses open source Ory to authenticate over 400M weekly active users | news.ycombinator.com | 2025-03-20That is definitely possible when you use our identity product, which is also open source: https://github.com/ory/kratos
There you can combine all authentication methods in any shape or form you wish!
-
-
Pomerium
Pomerium is an identity and context-aware reverse proxy for zero-trust access to web applications and services.
View on GitHub
-
Ory Oathkeeper
A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
-
💚Infra 🔥🔥🔥 - Infra enables you to discover and access infrastructure (e.g. Kubernetes, databases). We help you connect an identity provider such as Okta or Azure active directory, and map users/groups with the permissions you set to your infrastructure.
-
I work on opkssh and I agree with everything you have just said.
The value of opkssh makes sense in an environment in which already have OpenID Connect as the foundation for identity in your system.
OpenPubkey[0], the protocol opkssh is built on, supports cosigners, which parallel identity attestations. OpenPubkey is currently is designed to use cosigners purely for security, i.e., to remove the IDP as a single point of compromise.
OpenPubkey is built on JSON Web Signatures and JSON Web Signatures can support any number of signers. One could easily extend OpenPubkey to something like, 0x1234 is Alice's public if her public key signed by 7 out of 10 identity cosigners.
What you are describing is the same dream I have: decentralized, secure, human-meaningful names. This is hard to build [1] and you have to start sometime, so I started with the existing identity provider infrastructure but that the beginning. If you are interested in building this future, come work on https://github.com/openpubkey/openpubkey/
[0] OpenPubkey: Augmenting OpenID Connect with User held Signing Keys https://eprint.iacr.org/2023/296
[1] Zooko's triangle is a trilemma of three properties that some people consider desirable for names of participants in a network protocol https://en.wikipedia.org/wiki/Zooko%27s_triangle
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
-
-
-
-
-
Project mention: Launch HN: Stack Auth (YC S24) – An Open-Source Auth0/Clerk Alternative | news.ycombinator.com | 2024-08-08
Congrats for the launch! We also launched an open sources (Apache 2 licensed) auth0 alternatives with paid hosting / enterprise support as revenue few years ago. Glad to see more efforts to help make software more secure for consumers!
https://github.com/authgear/authgear-server
-
-
Links: Hacktoberfest Project Hub | Contributing Guide
-
-
Ferrum
Simple and Fast OpenId-Connect authorization server with Keycloak compatible API written in GO. The possibility to increase application clients number and authentication/authorization speed without any modification due to the API compatibility (by Wissance)
This approach and package could be used not only for containerized applications but for apps running natively too. This package is successfully working on our authorization server.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
Go Identity discussion
Go Identity related posts
-
Open-Sourcing OpenPubkey SSH
-
OpenAI uses open source Ory to authenticate over 400M weekly active users
-
I’m joining Pomerium!
-
OpenAUTH: Universal, standards-based auth provider
-
Show HN: Identifier First Auth and OTP MFA for Open Source Auth0 Alternative Ory
-
Show HN: OSS Auth0 Alternative Ory Kratos Now with Full PassKey Support
-
OpenPubkey: Protocol for leveraging OpenID to bind identities to public keys
-
A note from our sponsor - SaaSHub
www.saashub.com | 17 Apr 2025
Index
What are some of the best open-source Identity projects in Go? This list will help you:
| # | Project | Stars |
|---|---|---|
| 1 | Ory Hydra | 16,072 |
| 2 | Ory Kratos | 11,790 |
| 3 | zitadel | 10,279 |
| 4 | Pomerium | 4,206 |
| 5 | Ory Oathkeeper | 3,334 |
| 6 | infra | 1,405 |
| 7 | openpubkey | 825 |
| 8 | pinniped | 646 |
| 9 | go-scim | 149 |
| 10 | indigo | 109 |
| 11 | did | 92 |
| 12 | authgear-server | 91 |
| 13 | auth-server | 76 |
| 14 | did-dht | 39 |
| 15 | goscim | 7 |
| 16 | Ferrum | 6 |
Sponsored
InfluxDB high-performance time series database
Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems.
influxdata.com