Go Identity

Open-source Go projects categorized as Identity

Top 16 Go Identity Projects

  • casbin

    An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN

    Project mention: A guide to Auth & Access Control in web apps 🔐 | dev.to | 2023-11-07

    https://casbin.org/ (multiple approaches, multiple languages, provider) Open source authZ library that has support for many access control models (ACL, RBAC, ABAC, …) and many languages (Go, Java, Node.js, JS, Rust, …). While somewhat complex, it is also powerful and flexible. They also have their Casdoor platform, which is authN and authZ provider.

  • Ory Hydra

    OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.

    Project mention: Show HN: Open-source OAuth2 server Ory Hydra now 6x faster | news.ycombinator.com | 2024-02-13
  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • Ory Kratos

    Next-gen identity server replacing your Auth0, Okta, Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more. Golang, headless, API-first. Available as a worry-free SaaS with the fairest pricing on the market! (by ory)

    Project mention: Show HN: Auth0 OSS alternative Ory Kratos now with passwordless and SMS support | news.ycombinator.com | 2024-02-22
  • zitadel

    ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era.

    Project mention: Show HN: Auth0 OSS alternative Ory Kratos now with passwordless and SMS support | news.ycombinator.com | 2024-02-22
  • Pomerium

    Pomerium is an identity and context-aware reverse proxy for zero-trust access to web applications and services.

    Project mention: OAuth server for authorization | /r/googlecloud | 2023-12-05

    Option 3: Pomerium might be an alternative as well.

  • Ory Oathkeeper

    A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.

  • infra

    Infra provides authentication and access management to servers and Kubernetes clusters.

    Project mention: Recommendations for a better way to grant access in K8s on a granular level? | /r/kubernetes | 2023-09-05

    Check out https://infrahq.com. I saw the founder give a talk at the Civo conference in Feb.

  • LearnThisRepo.com

    Learn 300+ open source libraries for free using AI. LearnThisRepo lets you learn 300+ open source repos including Postgres, Langchain, VS Code, and more by chatting with them using AI!

  • openpubkey

    Reference implementation of OpenPubkey

    Project mention: RFC 9420 – A Messaging Layer Security Overview | news.ycombinator.com | 2023-11-13

    You could use OpenPubkey [0, 1] to bind your identity key to your say Google or Okta account. With an MFA Cosigner, a malicious Google wouldn't be able to impersonate you.

    IF you really wanted to go full cipherpunk, you could use the stuff risc.zero [2] is building to could keep your identity secret via ZKPs over ID Token (JWT).

    [0]: OpenPubkey: Augmenting OpenID Connect with User held Signing Keys, https://eprint.iacr.org/2023/296

    [1]: https://github.com/openpubkey/openpubkey

    [2]: "Under the hood is JWT and OIDC verification on top of the RISC Zero zkVM" https://www.risczero.com/news/bonsai-pay

  • pinniped

    Pinniped is the easy, secure way to log in to your Kubernetes clusters.

    Project mention: infra alternatives - paralus and pinniped | libhunt.com/r/infra | 2023-04-07
  • go-scim

    Building blocks for servers implementing Simple Cloud Identity Management v2

  • indigo

    A distributed unique ID generator of using Sonyflake and encoded by Base58 (by osamingo)

  • did

    A golang package to work with Decentralized Identifiers (DIDs)

  • auth-server

    Simple authentication and authorization server

  • goscim

    SCIM server written in Go

  • did-dht-method

    the did:dht method

    Project mention: The Did DHT Method Specification 1.0 | news.ycombinator.com | 2024-02-24

    This is pretty neat, but you should publish a spec for Pkarr -- the layer below did-dht -- first. Right now Pkarr is a software program/library, not a specification. I think this will help you simplify and articulate your work more clearly to people who aren't immersed in it. I think it will also be extremely useful to people who don't need the incredible complexity of w3c DIDs.

    The choice to sign an entire DNS packet seems very strange and probably hasn't been through through properly.

    Why use DNS packets? Presumably because you want to leverage the existing infrastrucure of recursive DNS resolvers. However these resolvers do not preserve packets!. If I send a query to my recursive resolver, and it makes a query to the authoritative server, it can (and almost always does) modify the resulting packet from the authoritative before returning a reply to me.

    The upshot here is: if you're signing packets, almost all recursive resolvers will destroy your signatures. This is why DNSSEC signs individual resource records instead of packets. I think that's what you want to be doing: sign an RR, not a packet. If you absolutely need to sign multiple RRs, you'll need to specify a canonical way to assemble the RRs (i.e. sort them). But I really think you want to sign a single RR, which includes the hash of other RRs.

    Lastly, please take this issue more seriously: https://github.com/TBD54566975/did-dht-method/issues/80#issu... the only response given was that "the DHT-DID [spec] uses Pkarr [a piece of software]" which makes no sense... specs depend on specs, not implementations. Then the issue derailed (as unthreaded discussions always do... gee thanks github for ruining everything) into some side tangent about KRPC and CBOR instead of addressing "why DNS?".

  • Ferrum

    Simple Go OpenId authorization server with Keycloak compatible API (by Wissance)

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-02-24.

Go Identity related posts


What are some of the best open-source Identity projects in Go? This list will help you:

Project Stars
1 casbin 16,583
2 Ory Hydra 14,902
3 Ory Kratos 10,263
4 zitadel 6,385
5 Pomerium 3,789
6 Ory Oathkeeper 3,137
7 infra 1,339
8 openpubkey 528
9 pinniped 498
10 go-scim 138
11 indigo 107
12 did 80
13 auth-server 69
14 goscim 7
15 did-dht-method 7
16 Ferrum 5
Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.