Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Maybe https://github.com/zitadel/zitadel could be an alternative to you.
Its written in Go, can be self-hosted or used from a cloud service.
It will also soon (end of May) provide SAML 2.0 support besides the current OpenID Connect and OAuth support.
Disclaimer: I am one of the authors ;-)
Authentik is also worth checking out: https://goauthentik.io/
The biggest benefit is that Authentik supports Forward Auth out of box. This means that you might not need oauth2proxy.
Spring has an oauth2 authorization server that is currently in early release: https://github.com/spring-projects/spring-authorization-serv...
I'm building something with it currently and it's quite nice, especially if you are already familiar with spring security. Documentation is quite sparse tho.
Spring has an oauth2 authorization server that is currently in early release: https://github.com/spring-projects/spring-authorization-serv...
I'm building something with it currently and it's quite nice, especially if you are already familiar with spring security. Documentation is quite sparse tho.
We're actually working on a new version of the Administration UI at the moment (I'm one of the devs) so this is useful feedback. We're looking for folks to try it out, so take a look at https://github.com/keycloak/keycloak-admin-ui/.
You can try it out on the latest Keycloak by passing the --features=admin2 flag on startup.
I used Keycloak about 4 or 5 years ago in a former job. It did work very well. Note however, that we did not need to customize anything nor did we have to deal with scaling (in house web-app where it was rare to have more than 100 people using on it at any given day).
Right now, I'm looking into https://supertokens.com/
Another OAuth2 server, that's well on the other side of the heavyweight spectrum vs. keycloak:
https://github.com/curveball/a12n-server
Can't speak for Keycloak, but FusionAuth supports localization of both user facing HTML and email/SMS messages. (Not the admin screens, alas.)
More details here: https://fusionauth.io/docs/v1/tech/core-concepts/localizatio...
15 languages have user facing translations: https://github.com/FusionAuth/fusionauth-localization/
Disclosure: I work for FusionAuth.
There is a document meant for best practices for browser-based apps such as SPA/PWA, which includes use of code flow.
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-brows...
(disclaimer - co-author)
The catch is that since the client web origin and AS web origin are often different sites, the AS has to actually implement CORS on their token endpoint.
Some implementations unfortunately (perhaps due to a misunderstanding about what CORS is meant to accomplish) make this a per-tenant/per-installation allowlist of origins on the AS.
Auth0 and Ping Identity (my employer) document CORS settings for products. I'm not sure about AWS and you might need to add CORS via API gateway. Azure AD supports CORS for the token endpoint, but they may limit domains in some manner (such as redirect uri of registered clients).
FWIW, I created a demo ages ago (at https://github.com/pingidentity/angular-spa-sample), which by default is configured to target Google for OpenID Connect and uses localhost for local development/testing. It hasn't aged particularly well in terms of library choices, but I do keep it running.
A deployment based on older Angular is also at https://angular-appauth.herokuapp.com to try - IIRC I used a node server just to deal with wildcard path resolution of the index file, but there's otherwise no local logic.
Is there a minimal config to run and setup keycloak with docker for local development? Most sources suggest exporting and reusing a reale-export.json, but it is missing the user datas and includes lots of (default) options and random uuids. There is a example repo, but it seems out of date and missing some settings: https://github.com/keycloak/keycloak-demo/blob/master/demo-r...
I really like https://tools.ietf.org/html/draft-ietf-oauth-security-topics with it's evergreen approach and looking forward to oauth2.1 to sum up the current best practices.
Depending on your use case I have good experience with https://github.com/zmartzone/mod_auth_openidc and https://github.com/panva/node-oidc-provider.
https://github.com/OpenIDC/pyoidc also might be a good choice as security researchers in that area did take a look in it...
I really like https://tools.ietf.org/html/draft-ietf-oauth-security-topics with it's evergreen approach and looking forward to oauth2.1 to sum up the current best practices.
Depending on your use case I have good experience with https://github.com/zmartzone/mod_auth_openidc and https://github.com/panva/node-oidc-provider.
https://github.com/OpenIDC/pyoidc also might be a good choice as security researchers in that area did take a look in it...
I really like https://tools.ietf.org/html/draft-ietf-oauth-security-topics with it's evergreen approach and looking forward to oauth2.1 to sum up the current best practices.
Depending on your use case I have good experience with https://github.com/zmartzone/mod_auth_openidc and https://github.com/panva/node-oidc-provider.
https://github.com/OpenIDC/pyoidc also might be a good choice as security researchers in that area did take a look in it...
(Caddy maintainer here) I don't use that plugin myself but AFAICT most users ask questions on the GitHub repo so probably best to ask for help there if you need it.
As an aside, I've been working on making the Forward Auth usecase viable with Caddy, and we just got it working today https://github.com/caddyserver/caddy/pull/4739