Top 23 Oidc Open-Source Projects

• next-auth

  203 22,158 9.9 TypeScript

  Authentication for the Web.

  

Project mention: Deploy Full-Stack Next.js T3App with Cognito and Prisma using AWS Lambda | dev.to | 2024-04-15

NextAuth.js is not perfect. One of the shortcomings is that it currently does not implement federated logout. This means that even if a user signs out of the Next.js app, he does NOT get signed out of the Cognito user pool client. As a consequence, the user is not really being logged out (i.e he is able to login again without providing the credentials). You can read more about this problem in this Github thread.

• Keycloak

  229 19,857 10.0 Java

  Open Source Identity and Access Management For Modern Applications and Services

  

Project mention: Securing Vue Apps with Keycloak | dev.to | 2024-04-03

In this article we'll be using Keycloak to secure a Vue.js Web application. We're going to leverage oidc-client-ts to integrate OIDC authentication with the Vue app. The oidc-client-ts package is a well-maintained and used library. It provides a lot of utilities for building out a fully production app.

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• casbin

  38 16,865 7.2 Go

  An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN

  

Project mention: A guide to Auth & Access Control in web apps 🔐 | dev.to | 2023-11-07

https://casbin.org/ (multiple approaches, multiple languages, provider) Open source authZ library that has support for many access control models (ACL, RBAC, ABAC, …) and many languages (Go, Java, Node.js, JS, Rust, …). While somewhat complex, it is also powerful and flexible. They also have their Casdoor platform, which is authN and authZ provider.

• Ory Hydra

  37 15,068 9.1 Go

  OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.

  

Project mention: Show HN: Open-source OAuth2 server Ory Hydra now 6x faster | news.ycombinator.com | 2024-02-13

• dex

  37 9,025 9.4 Go

  OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors

  

Project mention: Navigating Identity Authentication: From LDAP to Modern Protocols | dev.to | 2024-03-28

Dex: https://dexidp.io

• zitadel

  80 7,050 9.8 Go

  ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era.

  

Project mention: Maintainers of Zitadel and Ory discuss their tradeoffs as identity platforms | news.ycombinator.com | 2024-03-30

• authentik

  165 6,685 10.0 Go

  The authentication glue you need.

  

Project mention: Show HN: Stack, the open-source Clerk/Firebase Auth alternative | news.ycombinator.com | 2024-04-14

If you're looking for a system that has more features, is user friendly, a nice admin ui and easy deployments compared to Keycloak. Please give https://goauthentik.io/ a shot. Not affiliated in any way, just a very happy user.

It has

-an admin UI

- Supports (LDAP, SAML, OAUTH, social logins)

- MFA, Passkeys

- Application access based on user groups etc

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• authlib

  3 4,262 7.5 Python

  The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.

• pgrok

  8 3,049 8.3 Go

  Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding (by pgrok)

  

• node-oidc-provider

  15 3,016 8.5 JavaScript

  OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js

Project mention: Question regarding IDAAS | /r/Backend | 2023-11-21

I don't have a direct answer for your questions but do suggest the canonical OAuth 2.0 implementation may be helpful for your learning too. LMK your thoughts. ➔ https://github.com/panva/node-oidc-provider

• OAuthLib

  1 2,740 7.7 Python

  A generic, spec-compliant, thorough implementation of the OAuth request-signing logic

  

• kanidm

  12 2,097 9.8 Rust

  Kanidm: A simple, secure and fast identity management platform

  

Project mention: Identity Management Solutins | /r/openSUSE | 2023-05-25

Check this: https://github.com/kanidm/kanidm/ Maybe not production ready, but looks very promising

• jwx

  8 1,786 8.8 Go

  Implementation of various JWx (Javascript Object Signing and Encryption/JOSE) technologies

  

Project mention: Are there any OIDC Provider libraries for Golang? | /r/golang | 2023-05-15

I made a custom OIDC provider for integ tests using https://github.com/lestrrat-go/jwx, and a server than served out a .well-known/openid-configuration file and a jwks.json referenced by the openid-configuration.

• node-openid-client

  3 1,723 7.8 JavaScript

  OpenID Certified™ Relying Party (OpenID Connect/OAuth 2.0 Client) implementation for Node.js.

• jackson

  26 1,571 9.9 TypeScript

  🔥 Streamline your web application's authentication with Jackson, an SSO service supporting SAML and OpenID Connect protocols. Beyond enterprise-grade Single Sign-On, it also supports Directory Sync via the SCIM 2.0 protocol for automatic user and group provisioning/de-provisioning. 🤩 (by boxyhq)

  

Project mention: Building a Managed Service Provider Business With Open Source | dev.to | 2024-04-04

BoxyHQ SAML Jackson - GitHub

• uaa

  2 1,549 9.9 Java

  CloudFoundry User Account and Authentication (UAA) Server

  

• kubelogin

  14 1,511 8.8 Go

  kubectl plugin for Kubernetes OpenID Connect authentication (kubectl oidc-login)

Project mention: Giving Kyma a little spin ... a SpinKube | dev.to | 2024-04-09

Authenticating with Kyma is a (in my opinion) unnecessary challenge as it leverages the OIDC-login plugin for kubectl. You find a description of the setup here. This works fine when on a Mac but can give you some headaches on a Windows and on Linux machine especially when combined with restrictive setups in corporate environments. For Windows I can only recommend installing krew via chocolatey and then install the OIDC plugin via kubectl krew install oidc-login. At least for me that was the only way to get this working on Windows.

• infra

  20 1,350 7.4 Go

  Infra provides authentication and access management to servers and Kubernetes clusters.

  

Project mention: Recommendations for a better way to grant access in K8s on a granular level? | /r/kubernetes | 2023-09-05

Check out https://infrahq.com. I saw the founder give a talk at the Civo conference in Feb.

• IdentityServer

  16 1,327 9.5 JavaScript

  The most flexible and standards-compliant OpenID Connect and OAuth 2.x framework for ASP.NET Core

  

Project mention: Identity server 4 | /r/dotnet | 2023-12-11

Its deprecated in favor of Duende Identityserver which introduced a license model.

• oidc

  16 1,189 9.1 Go

  Easy to use OpenID Connect client and server library written for Go and certified by the OpenID Foundation

  

Project mention: Easy to use OpenID Connect client and server library written for Go | /r/hackernews | 2023-12-04

• oidc-client-ts

  7 1,183 9.3 TypeScript

  OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications

  

Project mention: I can't persuade our lead software architecture that this is not going to work | /r/learnjavascript | 2023-06-27

• angular-auth-oidc-client

  6 1,097 9.0 TypeScript

  npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow

• OpenID

  10 947 9.3 C

  OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x

  

Project mention: Keycloak SSO with Docker Compose and Nginx | news.ycombinator.com | 2024-02-11

I did something similar, though picked Apache with mod_auth_openidc, which is a certified Relying Party implementation: https://github.com/OpenIDC/mod_auth_openidc

In other words, I can protect arbitrary applications through my reverse proxy and require either certain claims/roles, or simplify auth to the point where my downstream app/API will just receive a bunch of headers like OIDC_CLAIM_sub, OIDC_CLAIM_name, OIDC_CLAIM_email through the internal network, not making me bother with configuring OIDC libraries for all of my APIs and configure them in each stack that I might use, but rather contain all of that complexity in the web server.

Basically:

  user <==> Apache (with mod_auth_openidc) <==> API (with OIDC_ headers, if logged in)

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Oidc related posts

• Learn OAuth by building a client with Node.js
  1 project | news.ycombinator.com | 16 Apr 2024
• Securing Vue Apps with Keycloak
  3 projects | dev.to | 3 Apr 2024
• User Management and Identity Brokering for On-Prem Apps with Keycloak
  1 project | dev.to | 3 Apr 2024
• Satosa: Proxy translating between different authentication protocols
  1 project | news.ycombinator.com | 31 Mar 2024
• Maintainers of Zitadel and Ory discuss their tradeoffs as identity platforms
  1 project | news.ycombinator.com | 30 Mar 2024
• Navigating Identity Authentication: From LDAP to Modern Protocols
  2 projects | dev.to | 28 Mar 2024
• Ask HN: No-code, simple-setup user management
  1 project | news.ycombinator.com | 11 Mar 2024
• A note from our sponsor - SaaSHub
  www.saashub.com | 25 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com