Our great sponsors
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
-
glewlwyd
Experimental Single Sign On server, OAuth2, Openid Connect, multiple factor authentication with, HOTP/TOTP, FIDO2, TLS Certificates, etc. extensible via plugins
-
oauth2-proxy
A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Looks like Keycloak's certificate is only valid with `www.`: https://www.keycloak.org/
> - Keycloak (you won't get fired for picking this)[0]
Curious what you mean with "you won't get fired for picking this". Do you mean that it's good and easy to run, or something else?
One thing that is missing from this list is open source language specific libraries. Projects such as https://oauthlib.readthedocs.io/en/latest/oauth2/server.html and https://github.com/doorkeeper-gem/doorkeeper
Depending on your use case, for example if you only have one application, you might be better off running something embedded in your app, or independent but using the same runtime/deployment environment. Then, when you are ready to add another app or integration, you should be able to introduce a standalone auth system more easily if appropriate (because all your auth interactions should be relatively standardized). I'm a big fan of standalone auth systems as a way to simplify access control and give a single view of a user/customer, but you can also succeed using open source embedded libraries.
When the moment comes to introduce a standalone system, you should consider a few dimensions (this list pulled from a previous comment of mine: https://news.ycombinator.com/item?id=26360048 ):
* open source or not
These dimensions all matter to varying degrees depending on your team and needs.
Disclosure: I work for https://fusionauth.io/ which has open source supporting libraries and docs, but which is itself not open source.
I tried several of these recently and I ended up with glewlwyd:
https://github.com/babelouest/glewlwyd
oauth2_proxy is a great tool that lets you create a transparent OAuth proxy to provide SSO for any internal service. https://github.com/oauth2-proxy/oauth2-proxy
There's also S.S.Octopus, and Pomerium. https://github.com/buzzfeed/sso https://github.com/pomerium/pomerium
They all have different OAuth providers, so check them each out to see which one works with your identity provider.
Thanks for the pointer to Express API Gateway.
A took a look at Krakend a while back, and it didn't seem to support it either [1]
[1] https://github.com/devopsfaith/krakend/issues/274