Awesome Authentication & Authorization & SSO & IAM

Quality Authentication & Authorization & SSO & IAM software and libraries.

Authentication (aka AuthN) and authorization (aka AuthZ) are both security measures. Authentication is the process of verifying who you are. Authorization is the process of verifying that you have access to something. Authorization occurs after successful authentication.

Contents

• SSO

• Authentication

  • C#
  • Golang
  • Java
  • Node.js
  • Python
  • Ruby

• Authorization

  • Android
  • C#
  • Golang
  • Rust
  • iOS
  • Java
  • Node.js
  • PHP
  • Python
  • Ruby

• Articles

SSO (Single-Sign-On), IAM (Identity Access Management)

• Casdoor - UI-first centralized authentication / Single-Sign-On (SSO) platform supporting OAuth 2.0 / OIDC and SAML.
• Keycloak - Open Source Identity and Access Management.
• Authelia - The Single Sign-On Multi-Factor portal for web apps.
• ZITADEL - Cloud-native Identity & Access Management platform for secure authentication, authorization and identity management.

Authentication

C#

• Xamarin.Auth - Helps developers authenticate users via standard authentication mechanisms (e.g. OAuth 1.0 and 2.0), and store user credentials.
• Kentor Authentication Services - Saml2 authentication services for ASP.NET.
• SimpleAuthentication - ASP.NET library that makes it really easy and simple for developers to add social authentication to an ASP.NET application.
• OwinOAuthProviders - OAuth providers for Owin.
• AspNet.Security.OAuth.Providers - OAuth2 social authentication providers for ASP.NET Core.
• IdentityServer4 - OpenID Connect & OAuth 2.0 framework for ASP.NET Core.

Golang

• Casdoor - UI-first centralized authentication / Single-Sign-On (SSO) platform supporting OAuth 2.0 / OIDC and SAML.
• OIDC - OpenID Connect Library (client and server) for Go
• Ory Hydra - OpenID Connect certified OAuth2 server.
• Ory Kratos - API-first Identity and User Management system built for cloud applications.
• Ory Oathkeeper - Identity/Access proxy inspired by the BeyondCorp/Zero-Trust white paper.
• Ory Fosite - Extensible OAuth 2.0 and OpenID Connect SDK for Golang.
• ZITADEL - Cloud-native Identity & Access Management platform for secure authentication, authorization and identity management.

Java

• Apache Shiro - Powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.
• pac4j - Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT.
• Spring Security OAuth - Provides support for using Spring Security with OAuth (1a) and OAuth2.

Node.js

• Passport - Simple, unobtrusive authentication for Node.js. A comprehensive set of strategies support authentication using a username and password, Facebook, Twitter, and more.
• bell - Third-party authentication plugin for hapi. Ships with built-in support for various well-known sites and simple configuration object will support other OAuth 1.0a and OAuth 2.0 sites.

Python

• Keystone - Provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family.
• Authomatic - Simple yet powerful authorization & authentication client library for Python web applications.
• Python Social Auth - Easy to setup social authentication/registration mechanism with support for several frameworks and auth providers.
• Raider - Web authentication testing framework, which treats the authentication process as finite state machines.

Ruby

• Authlogic - Clean, simple, and unobtrusive Ruby authentication solution.

Authorization

Android

• AndPermission - Android runtime permission, support the right to apply for permission at any place.

C#

• Casbin.NET - Authorization library that supports access control models like ACL, RBAC, ABAC in .NET (C#).
• DotNetOpenAuth - Implementation of the OpenID, OAuth protocols.
• AuthorizationServer - Sample implementation of an OAuth2 authorization server.

Golang

• Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Golang.
• goRBAC - Lightweight role-based access control implementation in Go.
• Ladon - SDK for access control policies: authorization for the microservice and IoT age.
• Foulkon - Authorization server that allows or denies access to web resources.
• Gocialite - Social OAuth login in Go with multiple providers has never been so easy.
• OIDC - OpenID Connect Library (client and server) for Go
• Ory Keto - Access control server capable of solving complex use cases (multi-tenant, attribute-based access control, etc.) with access control policies.
• Oso - Batteries-included framework for building authorization in your Go application.
• ZITADEL - Cloud-native Identity & Access Management platform for secure authentication, authorization and identity management.

Rust

• Casbin-Rs - Authorization library that supports access control models like ACL, RBAC, ABAC in Rust.
• Oso - Batteries-included framework for building authorization in your Rust application.

iOS

• Permission - Unified API to ask for permissions on iOS.

Java

• jCasbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Java.
• Apache Shiro - Powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.
• pac4j - Security engine for Java (authentication, authorization, multi-frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT.
• AT&T XACML - XACML 3.0 implementation from AT&T.
• Apache Sentry - Highly modular system for providing fine grained role based authorization to both data and metadata stored on an Apache Hadoop cluster.
• TOTP Server-Side Library - TOTP server-side library.
• Oso - Batteries-included framework for building authorization in your Java application.

Node.js

• Node-Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Node.js.
• RBAC - Hierarchical role-based access control for Node.js.
• ABAC - Attribute-based access control for Node.js.
• accesscontrol - Role and attribute-based access control for Node.js.
• Oso - Batteries-included framework for building authorization in your Node.js application.

PHP

• PHP-Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in PHP.
• PHP-RBAC - Authorization library for PHP which provides developers with NIST Level 2 hierarchical role-based access control.
• ezRbac - Simple yet easy to implement role-based access control library for popular PHP framework: Codeigniter.
• php-abac - Attribute-based access control library.
• laravel-permission - Allows you to manage user permissions and roles in a database.
• logical-permissions-php - This is a generic library that provides support for array-based permissions with logic gates such as AND and OR.
• symfony-logical-authorization-bundle - This Symfony bundle provides a unifying solution for authorization that aims to be flexible, convenient and consistent.

Python

• PyCasbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Python.
• Simple RBAC - Simple role-based access control utility for Python.
• Flask-RBAC - Adds RBAC support to Flask.
• Vakt - Attribute-based access control (ABAC) SDK for Python.
• Oso - Batteries-included framework for building authorization in your Python application.

Ruby

• Oso - Batteries-included framework for building authorization in your Ruby application.
• Pundit - Minimal authorization through OO design and pure Ruby classes.
• Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Ruby.
• CanCanCan - Authorization for Ruby on Rails.

Articles

• Modeling Authorization with PERM in Casbin
• Basic Role-Based HTTP Authorization in Go with Casbin
• Policy enforcements on Kubernetes with Banzai Cloud's Pipeline and Casbin
• Organizational RBAC in Argo CD with Casbin
• Authorization Academy: A series of technical guides for building application authorization
• Why Authorization is Hard

Contribute

PR is welcomed.

License

This project is licensed under the CC0-1.0 license.