Top 20 Go openid-connect Projects

openid-connect

• Add a project

1. authelia

   1 175 23,733 9.9 Go

   The Single Sign-On Multi-Factor portal for web apps

   

   Project mention: Authelia: The Single Sign-On Multi-Factor portal for web apps | news.ycombinator.com | 2024-07-11

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. Ory Hydra

   2 38 16,152 9.4 Go

   The only web-scale, fully customizable OpenID Certified™ OpenID Connect and OAuth2 Provider in the world. Become an OpenID Connect and OAuth2 Provider over night. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters. Relied upon by OpenAI and others for web-scale security.

   

   Project mention: Show HN: Graceful token refresh for open source OAuth2 Server Ory Hydra | news.ycombinator.com | 2025-01-21

4. zitadel

   3 89 10,559 9.8 Go

   ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era.

   

   Project mention: Zitadel Supports SCIM | news.ycombinator.com | 2025-02-22

5. Ory Oathkeeper

   4 4 3,353 8.4 Go

   A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.

   

6. fosite

   5 5 2,390 7.8 Go

   Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.

   

7. traefik-forward-auth

   6 33 2,275 1.9 Go

   Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy

   

   Project mention: Ask HN: What type of Auth are you using on your side projects? | news.ycombinator.com | 2024-10-05

   I use Traefik with OpenID Connect for everything, and Google as IdP. It's few enough people that I simply add them manually to traefik-forward-auth's settings in Docker Compose.

   https://github.com/thomseddon/traefik-forward-auth

8. kubelogin

   7 14 1,948 9.4 Go

   kubectl plugin for Kubernetes OpenID Connect authentication (kubectl oidc-login)

   

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. oidc

    8 16 1,557 8.7 Go

    Easy to use OpenID Connect client and server library written for Go and certified by the OpenID Foundation

    

11. opkssh

    9 7 1,484 9.2 Go

    opkssh (OpenPubkey SSH)

    

    Project mention: Use OIDC with SSH (Open Source) | news.ycombinator.com | 2025-03-31

12. openpubkey

    10 12 839 8.8 Go

    Reference implementation of OpenPubkey

    

    Project mention: OpenID Coming to SSH | news.ycombinator.com | 2025-03-25

    I work on opkssh and I agree with everything you have just said.

    The value of opkssh makes sense in an environment in which already have OpenID Connect as the foundation for identity in your system.

    OpenPubkey[0], the protocol opkssh is built on, supports cosigners, which parallel identity attestations. OpenPubkey is currently is designed to use cosigners purely for security, i.e., to remove the IDP as a single point of compromise.

    OpenPubkey is built on JSON Web Signatures and JSON Web Signatures can support any number of signers. One could easily extend OpenPubkey to something like, 0x1234 is Alice's public if her public key signed by 7 out of 10 identity cosigners.

    What you are describing is the same dream I have: decentralized, secure, human-meaningful names. This is hard to build [1] and you have to start sometime, so I started with the existing identity provider infrastructure but that the beginning. If you are interested in building this future, come work on https://github.com/openpubkey/openpubkey/

    [0] OpenPubkey: Augmenting OpenID Connect with User held Signing Keys https://eprint.iacr.org/2023/296

    [1] Zooko's triangle is a trilemma of three properties that some people consider desirable for names of participants in a network protocol https://en.wikipedia.org/wiki/Zooko%27s_triangle

13. s3-proxy

    11 2 346 9.0 Go

    S3 Reverse Proxy with GET, PUT and DELETE methods and authentication (OpenID Connect and Basic Auth)

    

14. heimdall

    12 1 186 8.9 Go

    A cloud native Identity Aware Proxy and Access Control Decision service (by dadrus)

    

15. goiabada

    13 3 149 7.9 Go

    Goiabada is an OAuth2 / OpenID Connect server written in Go.

    

16. authgear-server

    14 1 114 10.0 Go

    Open source alternative to Auth0 / Firebase Auth

    

    Project mention: Launch HN: Stack Auth (YC S24) – An Open-Source Auth0/Clerk Alternative | news.ycombinator.com | 2024-08-08

    Congrats for the launch! We also launched an open sources (Apache 2 licensed) auth0 alternatives with paid hosting / enterprise support as revenue few years ago. Glad to see more efforts to help make software more secure for consumers!

    https://github.com/authgear/authgear-server

17. go-oidc-middleware

    15 7 99 4.9 Go

    OpenID Connect (OIDC) http middleware for Go

    

18. pam-keycloak-oidc

    16 1 82 4.9 Go

    PAM module connecting to Keycloak for user authentication using OpenID Connect/OAuth2, with MFA/2FA/TOTP support

    

19. pam_oidc

    17 1 66 3.7 Go

    pam_oidc authenticates users with an OpenID Connect (OIDC) token.

    

20. lico

    18 1 42 7.8 Go

    LibreGraph Connect implements an OpenID provider (OP) with integrated web login and consent forms.

    

21. Ferrum

    19 2 6 9.0 Go

    Simple and Fast OpenId-Connect authorization server with Keycloak compatible API written in GO. The possibility to increase application clients number and authentication/authorization speed without any modification due to the API compatibility (by Wissance)

    

    Project mention: Override Go app configuration with Environment variable | dev.to | 2024-12-12

    This approach and package could be used not only for containerized applications but for apps running natively too. This package is successfully working on our authorization server.

22. authduck

    20 1 4 8.6 Go

    OIDC Server Playground for development & testing

    

    Project mention: Show HN: Authduck – Playground Server for OpenID Connect Clients | news.ycombinator.com | 2024-12-05

23. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Go openid-connect related posts

• Use OIDC with SSH (Open Source)

  1 project | news.ycombinator.com | 31 Mar 2025

• OpenID Coming to SSH

  11 projects | news.ycombinator.com | 25 Mar 2025

• Open-Sourcing OpenPubkey SSH

  1 project | news.ycombinator.com | 25 Mar 2025

• Override Go app configuration with Environment variable

  2 projects | dev.to | 12 Dec 2024

• OpenPubkey: Protocol for leveraging OpenID to bind identities to public keys

  1 project | news.ycombinator.com | 21 Apr 2024

• 14 DevOps and SRE Tools for 2024: Your Ultimate Guide to Stay Ahead

  10 projects | dev.to | 4 Dec 2023

• Easy to use OpenID Connect client and server library written for Go

  6 projects | news.ycombinator.com | 1 Dec 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 13 May 2025

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

www.influxdata.com

Do not miss the trending Go projects with our weekly report!