Open-source Go projects categorized as SSO

Top 21 Go SSO Projects

  • authelia

    The Single Sign-On Multi-Factor portal for web apps

    Project mention: Keycloak SSO with Docker Compose and Nginx | news.ycombinator.com | 2024-02-11

    It's me and two others though I'm definitely the most active. We put a lot of effort into security best practices and one of my co-developers is currently reviewing the 4.38.0 release. It's a fairly major release with a lot of important code paths that have been improved for the future.

    Our official docs can be found at https://www.authelia.com and you can find docs for a particular PR in the relevant PR. We've also linked the pre-release docs in the pre-release discussions which can be found here: https://github.com/authelia/authelia/discussions/categories/...

  • casbin

    An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN

    Project mention: A guide to Auth & Access Control in web apps 🔐 | dev.to | 2023-11-07

    https://casbin.org/ (multiple approaches, multiple languages, provider) Open source authZ library that has support for many access control models (ACL, RBAC, ABAC, …) and many languages (Go, Java, Node.js, JS, Rust, …). While somewhat complex, it is also powerful and flexible. They also have their Casdoor platform, which is authN and authZ provider.

  • WorkOS

    The modern API for authentication & user identity. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • tailscale

    The easiest, most secure way to use WireGuard and 2FA.

    Project mention: 🛡️4 Top Database Security Tools in 2024 🏆🔥 | dev.to | 2024-02-01

    Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. It enables encrypted point-to-point connections using the open source WireGuard® protocol, which means only devices on your private network can communicate with each other.

  • Ory Hydra

    OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.

    Project mention: Show HN: Open-source OAuth2 server Ory Hydra now 6x faster | news.ycombinator.com | 2024-02-13
  • oauth2-proxy

    A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.

    Project mention: Keycloak SSO with Docker Compose and Nginx | news.ycombinator.com | 2024-02-11

    Recently I looked into having a relatively simple SSO setup for my homelab. My main objective is that I could easily login with Google or GitHub auth. At my previous job I used both JetBrains Hub [1] and Keycloak but I found both of them a bit of a PITA to setup.

    JetBrains Hub was really, really easy to get going. As was my previous experience with them. The only thing that annoyed me was the lack of a latest tag on their Docker registry. Don't get me wrong, pinned versions are great, but for my personal use I mostly just want to update all my Docker containers in one go.

    On the other hand I found Keycloak very cumbersome to get going. It was pretty easy in dev mode, but I stumbled to get it going in production. AFAIK it had something to do with the wildcard Let's Encrypt cert that I tried to use. But after a couple of hours, I just gave up.

    I finally went with Dex [2]. I had previously put it off because of the lack of documentation, but in the end it was extremely easy to setup. It just required some basic YAML, a SQLite database and a (sub)domain. I combined Dex with the excellent OAuth2 Proxy and a custom Nginx (Proxy Manager) template for an easy two line SSO configuration on all of my internal services.

    In addition to this setup, I also added Cloudflare Access and WAF outside of my home to add some security. I only want to add some CrowdSec to get a little more insights.

    1. https://www.jetbrains.com/hub/

    2. https://dexidp.io/

    3. https://github.com/oauth2-proxy/oauth2-proxy

    3. https://github.com/alex3305/unraid-docker-templates

  • zitadel

    ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era.

    Project mention: Show HN: Auth0 OSS alternative Ory Kratos now with passwordless and SMS support | news.ycombinator.com | 2024-02-22
  • authentik

    The authentication glue you need.

    Project mention: Show HN: Auth0 OSS alternative Ory Kratos now with passwordless and SMS support | news.ycombinator.com | 2024-02-22

    Hey, for authentik this is actually something we're actively working on: https://github.com/goauthentik/authentik/pull/8330, and this will be included in our next feature release in April!

    (Disclaimer, I am founder and CTO of authentik)

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • hanko

    Auth and user management for the passkey era

    Project mention: 🚀 Top 12 Open Source Auth Projects Every Developer Should Know 🔑 | dev.to | 2023-12-06


  • cli

    🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc. (by smallstep)

    Project mention: Google will disable all but OAuth for IMAP, SMTP and POP starting Sept. 30 | news.ycombinator.com | 2024-01-18

    https://github.com/smallstep/cli implements some OAuth flows from the CLI, it may be helpful for you.

  • S.S.Octopus

    sso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal services

  • pgrok

    Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding (by pgrok)

    Project mention: pgrok is a poor man's ngrok | /r/programming | 2023-03-13
  • vouch-proxy

    an SSO and OAuth / OIDC login solution for Nginx using the auth_request module

    Project mention: I'm looking for an SSO server/reverse proxy with features I'm not sure exist | /r/selfhosted | 2023-06-23
  • caddy-security

    🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐

    Project mention: Security flaws in an SSO plugin for Caddy | news.ycombinator.com | 2024-02-12

    There is no "refusal" as far as I can tell. The issues were reported [1] in September 2023 (as was this blog post) and the simplest one has been fixed (insecure random seed). I'm not aware of any public statements from the plugin maintainers, and there is no hostility in the issue comments.

    [1]: https://github.com/greenpau/caddy-security/issues?q=is%3Aiss...

  • granted

    The easiest way to access your cloud.

    Project mention: Ask HN: How do you manage many profiles and credentials for cloud tooling? | news.ycombinator.com | 2023-10-03

    You're going to love https://granted.dev. It can be extended further, as we've done internally: https://www.duckbillgroup.com/blog/overhauling-aws-account-a...

  • WireGuard-Guide

    WireGuard Guide. Learn all about WireGuard for Networking and in the Cloud (Microsoft Azure, AWS, and Google Cloud).

  • glide

    Automate permissions to your cloud and critical applications. (by common-fate)

  • go-scim

    Building blocks for servers implementing Simple Cloud Identity Management v2

  • goiabada

    Goiabada is an OAuth2 / OpenID Connect server written in Go.

    Project mention: Seeking feedback on a project of my mine (identity management / OAuth2 / OIDC) | /r/cybersecurity | 2023-12-01
  • idp-scim-sync

    Keep your AWS Single Sign-On (SSO) groups and users in sync with your Google Workspace directory

    Project mention: Sync Slack, Google, and GitHub Groups | /r/Slack | 2023-03-25

    For AWS there is this https://github.com/awslabs/ssosync and another https://github.com/slashdevops/idp-scim-sync

  • kc-ssh-pam

    KC SSH PAM is built to streamline the process of user authentication to access Linux systems through SSH with keycloak oidc

    Project mention: Linux System Authentication with Keycloak SSO! | /r/selfhosted | 2023-04-16

    kc-ssh-pam provides Single Sign-On (SSO) solution for Linux systems, it integrates with Keycloak to obtain a password grant token based on the user's login credentials. This includes their username and password and also supports OTP code for two-factor authentication. Github Project: https://github.com/kha7iq/kc-ssh-pam

  • go-saml

    High Level API Implementation of SAML 2.0 (Currently Supported Identity Provider Implementation) Single Sign On

  • LearnThisRepo.com

    Learn 300+ open source libraries for free using AI. LearnThisRepo lets you learn 300+ open source repos including Postgres, Langchain, VS Code, and more by chatting with them using AI!

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-02-22.

Go SSO related posts


What are some of the best open-source SSO projects in Go? This list will help you:

Project Stars
1 authelia 18,805
2 casbin 16,543
3 tailscale 15,531
4 Ory Hydra 14,875
5 oauth2-proxy 8,320
6 zitadel 6,329
7 authentik 5,867
8 hanko 5,270
9 cli 3,427
10 S.S.Octopus 3,044
11 pgrok 2,998
12 vouch-proxy 2,583
13 caddy-security 1,149
14 granted 824
15 WireGuard-Guide 321
16 glide 230
17 go-scim 138
18 goiabada 112
19 idp-scim-sync 91
20 kc-ssh-pam 44
21 go-saml 9
Learn 300+ open source libraries for free using AI.
LearnThisRepo lets you learn 300+ open source repos including Postgres, Langchain, VS Code, and more by chatting with them using AI!