#Oidc

Open-source projects categorized as Oidc | Edit details

Top 13 Oidc Open-Source Projects

  • GitHub repo hydra

    OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.

    Project mention: User account over Internet | reddit.com/r/linuxadmin | 2021-05-10

    If you just have some services/users at a remote location that you want to authenticate/authorize using your existing user directory, I’d recommend using OAuth2/OpenID Connect over https. This has the added benefit of enabling users to enroll multi-factor, federating with other identity providers (if you want), is more future proof (LDAP isn’t cloud native/friendly), and can be exposed to the Internet without the need of a VPN relatively safely. Another benefit is support for remote users and SaaS - for example, enabling users working from home to authenticate to SaaS applications using their directory login (without SSL/agent-VPNs or punching holes in firewall). Examples include: Okta(free tier permits 2000 monthly active users), Keycloak,Dex,ory.sh.

  • GitHub repo Keycloak

    Open Source Identity and Access Management For Modern Applications and Services

    Project mention: User account over Internet | reddit.com/r/linuxadmin | 2021-05-10

    If you just have some services/users at a remote location that you want to authenticate/authorize using your existing user directory, I’d recommend using OAuth2/OpenID Connect over https. This has the added benefit of enabling users to enroll multi-factor, federating with other identity providers (if you want), is more future proof (LDAP isn’t cloud native/friendly), and can be exposed to the Internet without the need of a VPN relatively safely. Another benefit is support for remote users and SaaS - for example, enabling users working from home to authenticate to SaaS applications using their directory login (without SSL/agent-VPNs or punching holes in firewall). Examples include: Okta(free tier permits 2000 monthly active users), Keycloak,Dex,ory.sh.

  • GitHub repo dex

    OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors

    Project mention: User account over Internet | reddit.com/r/linuxadmin | 2021-05-10

    If you just have some services/users at a remote location that you want to authenticate/authorize using your existing user directory, I’d recommend using OAuth2/OpenID Connect over https. This has the added benefit of enabling users to enroll multi-factor, federating with other identity providers (if you want), is more future proof (LDAP isn’t cloud native/friendly), and can be exposed to the Internet without the need of a VPN relatively safely. Another benefit is support for remote users and SaaS - for example, enabling users working from home to authenticate to SaaS applications using their directory login (without SSL/agent-VPNs or punching holes in firewall). Examples include: Okta(free tier permits 2000 monthly active users), Keycloak,Dex,ory.sh.

  • GitHub repo authlib

    The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.

  • GitHub repo OAuthLib

    A generic, spec-compliant, thorough implementation of the OAuth request-signing logic

  • GitHub repo node-oidc-provider

    OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js

  • GitHub repo angular-auth-oidc-client

    npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow

    Project mention: Secure Angular 11 App with Code Flow PKCE and IdentityServer4 | reddit.com/r/Angular2 | 2021-04-12

    The AuthInterceptor is provided by the angular-auth-oidc-client library. I did not go into detail about AuthInterceptor. To configure this feature, when doing code walk-thru of auth-config.module.ts, I pointed out the secureRoutes parameter setting to activate the AuthInterceptor (to automatically append the JTW in the header by DNS).

  • GitHub repo glewlwyd

    Single Sign On server, OAuth2, Openid Connect, multiple factor authentication with, HOTP/TOTP, FIDO2, TLS Certificates, etc. extensible via plugins

    Project mention: Authelia is an open-source authentication/authorization server with 2FA/SSO | news.ycombinator.com | 2021-03-10

    I tried several of these recently and I ended up with glewlwyd:

    https://github.com/babelouest/glewlwyd

  • GitHub repo authentik

    The authentication glue you need.

    Project mention: Stateless alternative to Keycloak? | reddit.com/r/selfhosted | 2021-05-09

    Authelia uses Redis. Authentik uses Redis and Postgres.

  • GitHub repo TheIdServer

    OpenID/Connect server based on IdentityServer4 with its admin UI

    Project mention: Startup architecture | reddit.com/r/Blazor | 2021-05-02

    I feel like it can work well together with https://github.com/Aguafrommars/TheIdServer which is an administrative frontend for your auth with IdentityServer4.

  • GitHub repo zitadel

    ZITADEL - Cloud Native Identity and Access Management

    Project mention: Okta Signs Definitive Agreement to Acquire Auth0 | news.ycombinator.com | 2021-03-03

    We are building a cloud-native IAM over here https://github.com/caos/zitadel

    It is written in Go and built around event sourcing for a great audit trail. We already support OIDC, Passwordless, RBAC and working on more features each day.

    For those who want to run it on-prem we have a kubernetes operator ready in the next few weeks who also manages the database (cockroach).

    We run our own service here https://zitadel.ch with a free tier as well

    Feel free to engage with us on GitHub discussions.

  • GitHub repo SATOSA

    Proxy translating between different authentication protocols (SAML2, OpenID Connect and OAuth2)

    Project mention: Looking for some sort of "SAML Proxy" with group management and SCIM | reddit.com/r/sysadmin | 2021-03-30

    Some SAML expert friends usually recommend SATOSA for similar scenarios.

  • GitHub repo aws-runas

    aws-runas rewritten in Go

    Project mention: Forcing users to authenticate with MFA | reddit.com/r/aws | 2021-04-16

    I can't comment on your particular MFA policy issue, but you could consider adding aws-runas to your workflow. Although mostly written for assuming roles, I have used it with session tokens with much success. The logic to assume roles using MFA actually calls the get-session-token API under the covers so the session token credentials indicating MFA was used are leveraged to get the role credentials.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-05-10.

Index

What are some of the best open-source Oidc projects? This list will help you:

Project Stars
1 hydra 10,813
2 Keycloak 8,748
3 dex 5,697
4 authlib 2,470
5 OAuthLib 2,197
6 node-oidc-provider 1,639
7 angular-auth-oidc-client 607
8 glewlwyd 301
9 authentik 262
10 TheIdServer 201
11 zitadel 120
12 SATOSA 82
13 aws-runas 47