{"id":50672054,"url":"https://github.com/franzos/forseti","last_synced_at":"2026-06-08T12:04:10.653Z","repository":{"id":361477483,"uuid":"1254118927","full_name":"franzos/forseti","owner":"franzos","description":"A self-service UI and OAuth2 login/consent/logout bridge for Ory Kratos + Ory Hydra","archived":false,"fork":false,"pushed_at":"2026-05-30T19:40:46.000Z","size":664,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-05-30T21:15:31.221Z","etag":null,"topics":["hydra","kratos","oauth2","oidc"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/franzos.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-30T06:58:55.000Z","updated_at":"2026-05-30T19:42:22.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/franzos/forseti","commit_stats":null,"previous_names":["franzos/forseti"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/franzos/forseti","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/franzos%2Fforseti","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/franzos%2Fforseti/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/franzos%2Fforseti/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/franzos%2Fforseti/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/franzos","download_url":"https://codeload.github.com/franzos/forseti/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/franzos%2Fforseti/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34061125,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-08T02:00:07.615Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hydra","kratos","oauth2","oidc"],"created_at":"2026-06-08T12:04:09.932Z","updated_at":"2026-06-08T12:04:10.642Z","avatar_url":"https://github.com/franzos.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"assets/icon.svg\" alt=\"Forseti\" width=\"120\" height=\"120\" /\u003e\n\n  # Forseti\n\n  **A self-service identity portal for [Ory Kratos](https://www.ory.sh/kratos/) and [Ory Hydra](https://www.ory.sh/hydra/)** — login, registration, account recovery, MFA, OAuth2 consent, and admin tooling, all server-rendered in Rust.\n\n  [![CI](https://github.com/franzos/forseti/actions/workflows/ci.yml/badge.svg)](https://github.com/franzos/forseti/actions/workflows/ci.yml)\n  [![Release](https://github.com/franzos/forseti/actions/workflows/release.yml/badge.svg)](https://github.com/franzos/forseti/actions/workflows/release.yml)\n  [![License: AGPL v3](https://img.shields.io/badge/license-AGPLv3-blue.svg)](LICENSE)\n  [![Container](https://img.shields.io/badge/ghcr.io-forseti-097aba?logo=docker\u0026logoColor=white)](https://github.com/franzos/forseti/pkgs/container/forseti)\n\n\u003c/div\u003e\n\nForseti is the web frontend Ory doesn't ship: a single binary that speaks to Kratos (identity) and Hydra (OAuth2/OIDC) and gives your users real screens for every self-service flow, plus an admin surface for operators.\n\n## Download\n\nPrebuilt binaries for x86_64 and aarch64 Linux (glibc) are attached to every [release](https://github.com/franzos/forseti/releases/latest):\n\n```bash\n# binary + the static/ assets it serves\ncurl -L -o forseti.tar.gz https://github.com/franzos/forseti/releases/latest/download/forseti-x86_64-unknown-linux-gnu.tar.gz\ntar -xzf forseti.tar.gz\ncd forseti-x86_64-unknown-linux-gnu\ncp config.example.toml config.toml   # then edit it\n./forseti\n```\n\nOr pull the [container image](https://github.com/franzos/forseti/pkgs/container/forseti) from the GitHub Container Registry:\n\n```bash\npodman pull ghcr.io/franzos/forseti:latest\npodman run --rm -p 3000:3000 \\\n  -v ./config.toml:/app/config.toml:ro \\\n  ghcr.io/franzos/forseti:latest\n```\n\nBoth need a reachable Kratos and Hydra — see the [operator guide](docs/operator-guide.md). The binary reads `./config.toml` (override with `FORSETI_CONFIG_PATH`) and serves `./static` relative to its working directory.\n\n\u003e **Runtime note:** the binary links dynamically against `libpq` (the Postgres client). On a bare host install `libpq5` (Debian/Ubuntu) or `libpq` (most other distros); the container image already includes it. SQLite is bundled, so it needs nothing extra.\n\n## Why Forseti\n\nOry's engines are excellent, but headless. You get APIs; your users need pages. Forseti fills that gap:\n\n- **Every Kratos flow, server-rendered** — login, registration, recovery, verification, settings (profile, password, MFA/TOTP, social logins, sessions)\n- **Hydra OAuth2 bridge** — login, consent, and logout screens for the OAuth2/OIDC authorization-code flow\n- **Admin surface** — manage identities, sessions, OAuth2 clients; append-only audit log; status dashboard\n- **Organizations** — multi-tenant orgs with members, invites, branding, and per-org OIDC claims\n- **Production-minded** — CSRF on every form, signed cookies, rate-limited DCR, account-deletion webhook saga\n\n## Status\n\n**Pre-release / active development.** Core flows work end-to-end against the Ory playground; APIs, config, and schema are still moving. Pin a commit if you build on it.\n\n## Build from source\n\n```bash\n# 1. Bring up the playground (Kratos, Hydra, Mailcrab, Postgres)\nmake stack-up\n\n# 2. Seed a deterministic admin (password + TOTP)\nmake seed-admin\n\n# 3. Run Forseti (debug build) at :3000\nmake run\n```\n\nOpen \u003chttp://localhost:3000\u003e. Register at `/registration`, grab the verification email from Mailcrab at \u003chttp://127.0.0.1:4436\u003e, and you're in.\n\nFor the full OAuth2 dance — register a Hydra client, run an auth-code flow, exchange a token — see [`.claude/skills/ory-up/SKILL.md`](.claude/skills/ory-up/SKILL.md) or the [integration guide](docs/integration-guide.md).\n\n## How it fits together\n\n```\n      Browser\n         |\n         v\n+------------------+        admin (server-only)\n|     Forseti      | --------------------------------+\n|   Rust / Axum    |                                 |\n|       :3000      | --+                             |\n+------------------+   |                             |\n         |             |                             |\n         | browser     | browser                     |\n         |             |                             v\n   +------------+ +------------+             | Kratos admin   |\n   |  Kratos    | |   Hydra    |             | Hydra admin    |\n   |  public    | |  public    |             | (internal only)|\n   +------------+ +------------+             +-----------------+\n         |             |\n         +------+------+\n                |\n                v\n         +--------------+\n         |  Database    |\n         | Postgres /   |\n         |   SQLite     |\n         +--------------+\n```\n\n## Documentation\n\n- [Operator guide](docs/operator-guide.md) — deployment topology, Kratos/Hydra config, secrets, backups\n- [Operator guide — reverse proxy](docs/operator-guide-proxy.md) — proxy topology, cookies, CSRF, CORS\n- [Integration guide](docs/integration-guide.md) — consuming Forseti as an OIDC provider\n- [Organizations](docs/organizations.md) — multi-org model, invites, branding, claims\n\n## License\n\nForseti is dual-licensed:\n\n- **AGPL-3.0** for the open-source core (everything outside `src/commercial/`)\n- **Commercial license** for paid features in `src/commercial/` (see [`MONETIZATION.md`](MONETIZATION.md) and [`LICENSE-COMMERCIAL`](LICENSE-COMMERCIAL))\n\nBuilt on [Ory Kratos](https://www.ory.sh/kratos/) and [Ory Hydra](https://www.ory.sh/hydra/).\n\n---\n\nForseti — named for the Norse god of justice and reconciliation.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffranzos%2Fforseti","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffranzos%2Fforseti","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffranzos%2Fforseti/lists"}