-
Sorry, this is indeed not very clear. Others already answered well, but if you look at the example[0] config you can see how you would use your own instance of obligator as a client to the instance running at lastlogin.io. This is a bit meta, but applies equally to any client application.
[0]: https://github.com/anderspitman/obligator#running-it
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
-
Personally I went with Keycloak, because it's fairly well documented and also has Docker images available: https://www.keycloak.org/getting-started/getting-started-doc... although the fact that they want you to create an "optimized" image yourself and have a long build/setup process on startup instead is slightly annoying: https://www.keycloak.org/server/containers
Regardless, with something like mod_auth_openidc or another Relying Party implementation, all of the sudden authn/authz becomes easier to manage (you can literally get user information including roles in headers that are passed from your gateway/relying party to apps behind the reverse proxy), regardless of what you have actually running in your APIs: https://github.com/OpenIDC/mod_auth_openidc (there are other options, of course, but I went with that because I already use mod_md).
It's actually cool that there are plentiful options in the space, since OIDC is pretty complex in of itself and attempts at creating something pleasant to actually use are always welcome, I've also heard good things about Authentik: https://goauthentik.io/
-
Personally I went with Keycloak, because it's fairly well documented and also has Docker images available: https://www.keycloak.org/getting-started/getting-started-doc... although the fact that they want you to create an "optimized" image yourself and have a long build/setup process on startup instead is slightly annoying: https://www.keycloak.org/server/containers
Regardless, with something like mod_auth_openidc or another Relying Party implementation, all of the sudden authn/authz becomes easier to manage (you can literally get user information including roles in headers that are passed from your gateway/relying party to apps behind the reverse proxy), regardless of what you have actually running in your APIs: https://github.com/OpenIDC/mod_auth_openidc (there are other options, of course, but I went with that because I already use mod_md).
It's actually cool that there are plentiful options in the space, since OIDC is pretty complex in of itself and attempts at creating something pleasant to actually use are always welcome, I've also heard good things about Authentik: https://goauthentik.io/
-
-
Ory Kratos
Headless cloud-native authentication and identity management written in Go. Scales to a billion+ users. Replace Homegrown, Auth0, Okta, Firebase with better UX and DX. Passkeys, Social Sign In, OIDC, Magic Link, Multi-Factor Auth, SMS, SAML, TOTP, and more. Runs everywhere, runs best on Ory Network. (by ory)
I was expecting hydra / kratos to show up as an alternative.. but did not see any. Does any have any experience, good or bad about it?
https://github.com/ory/kratos
-
I could recommend https://github.com/panva/node-oidc-provider supports most of the oidc/oauth 2 rabbit hole specs.
-
traefik-forward-auth
Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
This looks like it has the same core functionality as Portier? https://github.com/portier/portier-broker
I'm on mobile, so haven't really checked where we differ in details.
-
-
-
Here are some documentation and demos from me and others if you're interested:
https://github.com/eriksjolund/podman-networking-docs
-
podman-nginx-socket-activation
Demo of how to run socket-activated nginx with Podman. Source IP address is preserved.
https://github.com/eriksjolund/podman-nginx-socket-activatio...
-
https://github.com/eriksjolund/podman-nginx-socket-activatio...
-
mariadb-podman-socket-activation
Demo of a templated systemd user service that runs rootless Podman and starts MariaDB with socket activation
https://github.com/eriksjolund/mariadb-podman-socket-activat...
-
https://github.com/eriksjolund/mariadb-podman-socket-activat...
-
podman-socket-activated-services
Various podman container services configured to support running with systemd socket-activation
https://github.com/PhracturedBlue/podman-socket-activated-se...
-
https://github.com/PhracturedBlue/podman-socket-activated-se...
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
