Open-source projects categorized as Authorization | Edit details

Top 23 Authorization Open-Source Projects

  • GitHub repo hydra

    OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.

    Project mention: User account over Internet | reddit.com/r/linuxadmin | 2021-05-10

    If you just have some services/users at a remote location that you want to authenticate/authorize using your existing user directory, I’d recommend using OAuth2/OpenID Connect over https. This has the added benefit of enabling users to enroll multi-factor, federating with other identity providers (if you want), is more future proof (LDAP isn’t cloud native/friendly), and can be exposed to the Internet without the need of a VPN relatively safely. Another benefit is support for remote users and SaaS - for example, enabling users working from home to authenticate to SaaS applications using their directory login (without SSL/agent-VPNs or punching holes in firewall). Examples include: Okta(free tier permits 2000 monthly active users), Keycloak,Dex,ory.sh.

  • GitHub repo casbin

    An authorization library that supports access control models like ACL, RBAC, ABAC in Golang

    Project mention: Permissions, PermissionGroups and GraphQL | reddit.com/r/graphql | 2021-05-30
  • GitHub repo Pundit

    Minimal authorization through OO design and pure Ruby classes

    Project mention: Gnarly Learnings from May | dev.to | 2021-06-01

    Strong parameter assignment via Pundit

  • GitHub repo opa

    An open source, general-purpose policy engine.

    Project mention: Expose Open Policy Agent/Gatekeeper Constraint Violations for Kubernetes Applications with Prometheus and Grafana | dev.to | 2021-06-18

    Open Policy Agent (OPA) and its Kubernetes targeting component Gatekeeper gives you means to enforce policies on Kubernetes clusters. What we mean by policies here, is a formal definition of rules & best practices & behavior that you want to see in your company's Kubernetes clusters. When using OPA, you use a Domain Specific Language called Rego to write policies. By doing this, you leave no room for misinterpretations that would occur if you tried to explain a policy in free text on your company's internal wiki.

  • GitHub repo CanCanCan

    The authorization Gem for Ruby on Rails.

    Project mention: Motor Admin - a modern Admin UI and Business Intelligence Rails engine | reddit.com/r/ruby | 2021-06-03

    I am using cancancan I will check it out when it's done thx!

  • GitHub repo Doorkeeper

    Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.

    Project mention: Authelia is an open-source authentication/authorization server with 2FA/SSO | news.ycombinator.com | 2021-03-10

    One thing that is missing from this list is open source language specific libraries. Projects such as https://oauthlib.readthedocs.io/en/latest/oauth2/server.html and https://github.com/doorkeeper-gem/doorkeeper

    Depending on your use case, for example if you only have one application, you might be better off running something embedded in your app, or independent but using the same runtime/deployment environment. Then, when you are ready to add another app or integration, you should be able to introduce a standalone auth system more easily if appropriate (because all your auth interactions should be relatively standardized). I'm a big fan of standalone auth systems as a way to simplify access control and give a single view of a user/customer, but you can also succeed using open source embedded libraries.

    When the moment comes to introduce a standalone system, you should consider a few dimensions (this list pulled from a previous comment of mine: https://news.ycombinator.com/item?id=26360048 ):

       * open source or not

  • GitHub repo santa

    A binary authorization system for macOS

    Project mention: Does anyone use Google Santa for whitelisting? | reddit.com/r/macsysadmin | 2021-05-20
  • GitHub repo Grant

    OAuth Proxy

  • GitHub repo CASL

    CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access

    Project mention: Roles and Permissions in VueJS from a Laravel backend | reddit.com/r/laravel | 2021-04-27

    You can use casl to limit actions in Vue.

  • GitHub repo rolify

    Role management library with resource scoping

  • GitHub repo bouncer

    Eloquent roles and abilities.

    Project mention: What Laravel permission package do you usually use? Does anyone come with Laravel Gate and Policy? | reddit.com/r/laravel | 2021-05-16
  • GitHub repo OAuthLib

    A generic, spec-compliant, thorough implementation of the OAuth request-signing logic

  • GitHub repo pac4j

    Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

  • GitHub repo rate-limiter-flexible

    Node.js rate limit requests by key with atomic increments in single process or distributed environment.

    Project mention: How to rate limit a login route in Express using node-rate-limiter-flexible and Redis | dev.to | 2021-05-31

    Rate limiting is a method used for controlling network traffic. It limits the number of actions a user can make per unit of time 1. In this tutorial, we will rate limit a login route to help protect it from brute force attacks. This limits the number of password guesses that can be made by an attacker. We'll use the npm package node-rate-limiter-flexible to count and limit the number of login attempts by key. Each key will have a points value that will count the number of failed login attempts. The keys will expire after a set amount of time. The key-value pairs will be stored in Redis, which is an open-source in-memory data structure store. It has many different use cases. We will use it as a simple database. Redis is simple to use and it is very fast. We'll create an online instance of Redis, connect it to an express application, and then use the Redis command-line interface (redis-cli) to view the database. A prerequisite for this tutorial is an ExpressJS application with a login route and user authentication.

  • GitHub repo fosite

    Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.

    Project mention: Ory Hydra: Open Source OAuth2/OIDC Provider | reddit.com/r/golang | 2021-01-13

    We are using https://github.com/ory/fosite at work with great success.

  • GitHub repo node-casbin

    An authorization library that supports access control models like ACL, RBAC, ABAC in Node.js and Browser

    Project mention: Social network on microservices | reddit.com/r/node | 2021-06-17

    If you are looking for something a little more complex, declarative and flexible, casbin has been around for quite some time. Also consider, oso. It looks like a more modern and feature-rich tool to me.

  • GitHub repo jCasbin

    An authorization library that supports access control models like ACL, RBAC, ABAC in Java

    Project mention: Casbin: An authorization library that supports access control models like ACL, RBAC, ABAC in Java | reddit.com/r/java | 2021-04-08
  • GitHub repo Sentinel

    A framework agnostic authentication & authorization system. (by cartalyst)

  • GitHub repo django-rules

    Awesome Django authorization, without the database

  • GitHub repo ueberauth

    An Elixir Authentication System for Plug-based Web Applications

  • GitHub repo Pow

    Robust, modular, and extendable user authentication system

    Project mention: Questions about Nuxt auth & refresh tokens | reddit.com/r/Nuxt | 2021-04-04

    I have a Nuxt.js app with Nuxt Auth module for authentication. My backend is in Phoenix with Pow used to handle authentication. When I log in I get 2 tokens from my backend: access token and a refresh token. I can't find any relevant documentation on how to make use of the refresh tokens with Nuxt Auth, so any advice would be highly appreciated.

  • GitHub repo Declarative Authorization

    An unmaintained authorization plugin for Rails. Please fork to support current versions of Rails

  • GitHub repo generator-starhackit

    StarHackIt: React/Native/Node fullstack starter kit with authentication and authorisation, data backed by SQL, the infrastructure deployed with GruCloud

    Project mention: Setup KOPS on AWS with GruCloud | dev.to | 2021-04-26

    Would you like to deploy a full stack application on EKS ? Choose the flavour depending on who is reponsible to create the load balancer, target groups, listener and rules:

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-06-18.


What are some of the best open-source Authorization projects? This list will help you:

Project Stars
1 hydra 11,067
2 casbin 9,592
3 Pundit 7,303
4 opa 5,186
5 CanCanCan 4,915
6 Doorkeeper 4,827
7 santa 3,460
8 Grant 3,355
9 CASL 3,170
10 rolify 2,911
11 bouncer 2,683
12 OAuthLib 2,225
13 pac4j 2,014
14 rate-limiter-flexible 1,696
15 fosite 1,624
16 node-casbin 1,572
17 jCasbin 1,407
18 Sentinel 1,360
19 django-rules 1,323
20 ueberauth 1,297
21 Pow 1,287
22 Declarative Authorization 1,261
23 generator-starhackit 1,259