{"id":49368095,"url":"https://github.com/tinyauthapp/tinyauth","last_synced_at":"2026-05-10T03:09:11.330Z","repository":{"id":273210217,"uuid":"918974884","full_name":"tinyauthapp/tinyauth","owner":"tinyauthapp","description":"The tiniest authentication and authorization server you have ever seen.","archived":false,"fork":false,"pushed_at":"2026-04-26T15:03:25.000Z","size":15453,"stargazers_count":7281,"open_issues_count":23,"forks_count":228,"subscribers_count":13,"default_branch":"main","last_synced_at":"2026-04-26T16:09:20.782Z","etag":null,"topics":["2fa","authentication","caddy","golang","middleware","nginx","oidc","selfhosted","sso","tinyauth","totp","typescipt"],"latest_commit_sha":null,"homepage":"https://tinyauth.app","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tinyauthapp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":"FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"steveiliop56","buy_me_a_coffee":"steveiliop56"}},"created_at":"2025-01-19T11:40:09.000Z","updated_at":"2026-04-26T15:03:29.000Z","dependencies_parsed_at":"2026-03-04T16:04:11.520Z","dependency_job_id":null,"html_url":"https://github.com/tinyauthapp/tinyauth","commit_stats":null,"previous_names":["steveiliop56/tinyauth","tinyauthapp/tinyauth"],"tags_count":125,"template":false,"template_full_name":null,"purl":"pkg:github/tinyauthapp/tinyauth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tinyauthapp%2Ftinyauth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tinyauthapp%2Ftinyauth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tinyauthapp%2Ftinyauth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tinyauthapp%2Ftinyauth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tinyauthapp","download_url":"https://codeload.github.com/tinyauthapp/tinyauth/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tinyauthapp%2Ftinyauth/sbom","scorecard":{"id":1246459,"data":{"date":"2026-04-21T19:20:19Z","repo":{"name":"github.com/steveiliop56/tinyauth","commit":"3906e50925d75c1d22f7ccfcc857accb870eeac2"},"scorecard":{"version":"v5.1.1","commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198"},"score":6.1,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"}},{"name":"Code-Review","score":4,"reason":"Found 9/21 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/nightly.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:9","Warn: no topLevel permission defined: .github/workflows/sponsors.yml:1","Warn: no topLevel permission defined: .github/workflows/stale.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v5.0.7 not signed: https://api.github.com/repos/steveiliop56/tinyauth/releases/310294071","Warn: release artifact nightly not signed: https://api.github.com/repos/steveiliop56/tinyauth/releases/311477135","Warn: release artifact v5.0.7-beta.1 not signed: https://api.github.com/repos/steveiliop56/tinyauth/releases/309748211","Warn: release artifact v5.0.7-alpha.1 not signed: https://api.github.com/repos/steveiliop56/tinyauth/releases/308773280","Warn: release artifact v5.0.6 not signed: https://api.github.com/repos/steveiliop56/tinyauth/releases/304739932","Warn: release artifact v5.0.7 does not have provenance: https://api.github.com/repos/steveiliop56/tinyauth/releases/310294071","Warn: release artifact nightly does not have provenance: https://api.github.com/repos/steveiliop56/tinyauth/releases/311477135","Warn: release artifact v5.0.7-beta.1 does not have provenance: https://api.github.com/repos/steveiliop56/tinyauth/releases/309748211","Warn: release artifact v5.0.7-alpha.1 does not have provenance: https://api.github.com/repos/steveiliop56/tinyauth/releases/308773280","Warn: release artifact v5.0.6 does not have provenance: https://api.github.com/repos/steveiliop56/tinyauth/releases/304739932"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:222: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:248: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:320: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:326: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:331: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:338: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:341: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:364: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:417: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:424: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:431: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:435: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:262: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:268: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:273: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:280: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:283: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:305: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:378: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:385: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:392: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:396: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:455: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:462: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:283: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:287: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:292: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:299: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:302: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:325: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:339: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:346: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:353: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:357: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:228: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:232: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:237: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:244: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:247: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:269: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:380: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:387: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:394: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:398: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:422: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:429: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecard.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/scorecard.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sponsors.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/sponsors.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sponsors.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/sponsors.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sponsors.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/sponsors.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/steveiliop56/tinyauth/stale.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:2","Warn: containerImage not pinned by hash: Dockerfile:23","Warn: containerImage not pinned by hash: Dockerfile:46","Warn: containerImage not pinned by hash: Dockerfile.dev:1: pin your Docker image by updating golang:1.26-alpine3.23 to golang:1.26-alpine3.23@sha256:f85330846cde1e57ca9ec309382da3b8e6ae3ab943d2739500e08c86393a21b1","Warn: containerImage not pinned by hash: Dockerfile.distroless:2","Warn: containerImage not pinned by hash: Dockerfile.distroless:23","Warn: containerImage not pinned by hash: Dockerfile.distroless:48","Warn: containerImage not pinned by hash: frontend/Dockerfile.dev:1: pin your Docker image by updating oven/bun:1.2.16-alpine to oven/bun:1.2.16-alpine@sha256:14beb61b5209e743341a80ff2b05e2eac0ccb794b03902e67735f85f731c2b52","Warn: goCommand not pinned by hash: Dockerfile.dev:11","Info:   2 out of  44 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of  56 third-party GitHubAction dependencies pinned","Info:   0 out of   8 containerImage dependencies pinned","Info:   1 out of   2 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2026-4883 / GHSA-pxq6-2prw-chj9","Warn: Project is vulnerable to: GO-2026-4887 / GHSA-x744-4wpc-v9h2"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/nightly.yml:139"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"}},{"name":"SAST","score":8,"reason":"SAST tool is not run on all commits -- score normalized to 8","details":["Warn: 18 commits out of 21 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'last push approval' is required to merge on branch 'main'","Warn: 'up-to-date branches' is disabled on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"21 out of 21 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"}},{"name":"Contributors","score":0,"reason":"project has 0 contributing companies or organizations -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"}}]},"last_synced_at":"2026-04-24T02:32:49.671Z","repository_id":273210217,"created_at":"2026-04-24T02:32:49.672Z","updated_at":"2026-04-24T02:32:49.672Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32370030,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-27T20:07:02.737Z","status":"online","status_checked_at":"2026-04-28T02:00:07.250Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["2fa","authentication","caddy","golang","middleware","nginx","oidc","selfhosted","sso","tinyauth","totp","typescipt"],"created_at":"2026-04-27T21:00:28.067Z","updated_at":"2026-04-28T07:00:37.698Z","avatar_url":"https://github.com/tinyauthapp.png","language":"Go","funding_links":["https://github.com/sponsors/steveiliop56","https://buymeacoffee.com/steveiliop56"],"categories":["Go"],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n    \u003cimg alt=\"Tinyauth\" title=\"Tinyauth\" width=\"96\" src=\"assets/logo-rounded.png\"\u003e\n    \u003ch1\u003eTinyauth\u003c/h1\u003e\n    \u003cp\u003eThe tiniest authentication and authorization server you have ever seen.\u003c/p\u003e\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n    \u003cimg alt=\"License\" src=\"https://img.shields.io/github/license/tinyauthapp/tinyauth\"\u003e\n    \u003cimg alt=\"Release\" src=\"https://img.shields.io/github/v/release/tinyauthapp/tinyauth\"\u003e\n    \u003cimg alt=\"Issues\" src=\"https://img.shields.io/github/issues/tinyauthapp/tinyauth\"\u003e\n    \u003cimg alt=\"Tinyauth CI\" src=\"https://github.com/tinyauthapp/tinyauth/actions/workflows/ci.yml/badge.svg\"\u003e\n    \u003ca title=\"Crowdin\" target=\"_blank\" href=\"https://crowdin.com/project/tinyauth\"\u003e\u003cimg src=\"https://badges.crowdin.net/tinyauth/localized.svg\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://scorecard.dev/viewer/?uri=github.com/tinyauthapp/tinyauth\" target=\"_blank\" title=\"OpenSSF Scorecard\"\u003e\n      \u003cimg src=\"https://api.scorecard.dev/projects/github.com/tinyauthapp/tinyauth/badge\"\u003e\n    \u003c/a\u003e\n\u003c/div\u003e\n\n\u003cbr /\u003e\n\nTinyauth is the simplest and tiniest authentication and authorization server you have ever seen. It is designed to both work as an authentication middleware for your apps, offering support for OAuth, LDAP and access-controls, and as a standalone authentication server. It supports all the popular proxies like Traefik, Nginx and Caddy.\n\n![Screenshot](assets/screenshot.png)\n\n\u003e [!WARNING]\n\u003e Tinyauth is in active development and configuration may change often. Please make sure to carefully read the release notes before updating.\n\n\u003e [!NOTE]\n\u003e This is the main development branch. For the latest stable release, see the [documentation](https://tinyauth.app) or the latest stable tag.\n\n\u003e [!NOTE]\n\u003e Tinyauth is in the process of migrating to the new [tinyauthapp](https://github.com/tinyauthapp) organization. The organization **is official** and it will host all of the Tinyauth related repositories in the future.\n\n## Getting Started\n\nYou can get started with Tinyauth by following the guide in the [documentation](https://tinyauth.app/docs/getting-started). There is also an available [docker-compose](./docker-compose.example.yml) file that has Traefik, Whoami and Tinyauth to demonstrate its capabilities (keep in mind that this file lives in the development branch so it may have updates that are not yet released).\n\n## Demo\n\nIf you are still not sure if Tinyauth suits your needs you can try out the [demo](https://demo.tinyauth.app). The default username is `user` and the default password is `password`.\n\n## Documentation\n\nYou can find documentation and guides on all of the available configuration of Tinyauth in the [website](https://tinyauth.app).\n\nIf you wish to contribute to the documentation head over to the [repository](https://github.com/tinyauthapp/docs).\n\n## Discord\n\nTinyauth has a [Discord](https://discord.gg/eHzVaCzRRd) server. Feel free to hop in to chat about self-hosting, homelabs and of course Tinyauth. See you there!\n\n## Contributing\n\nAll contributions to the codebase are welcome! If you have any free time, feel free to pick up an [issue](https://github.com/tinyauthapp/tinyauth/issues) or add your own missing features. Make sure to check out the [contributing guide](./CONTRIBUTING.md) for instructions on how to get the development server up and running.\n\n## Localization\n\nIf you like, you can help translate Tinyauth into more languages by visiting the [Crowdin](https://crowdin.com/project/tinyauth) page.\n\n## License\n\nTinyauth is licensed under the GNU General Public License v3.0. TL;DR — You may copy, distribute and modify the software as long as you track changes/dates in source files. Any modifications to or software including (via compiler) GPL-licensed code must also be made available under the GPL along with build \u0026 install instructions. For more information about the license check the [license](./LICENSE) file.\n\n## Sponsors\n\nA big thank you to the following people for providing me with more coffee:\n\n\u003c!-- sponsors --\u003e\u003ca href=\"https://github.com/erwinkramer\"\u003e\u003cimg src=\"https:\u0026#x2F;\u0026#x2F;github.com\u0026#x2F;erwinkramer.png\" width=\"64px\" alt=\"User avatar: erwinkramer\" /\u003e\u003c/a\u003e\u0026nbsp;\u0026nbsp;\u003ca href=\"https://github.com/nicotsx\"\u003e\u003cimg src=\"https:\u0026#x2F;\u0026#x2F;github.com\u0026#x2F;nicotsx.png\" width=\"64px\" alt=\"User avatar: nicotsx\" /\u003e\u003c/a\u003e\u0026nbsp;\u0026nbsp;\u003ca href=\"https://github.com/SimpleHomelab\"\u003e\u003cimg src=\"https:\u0026#x2F;\u0026#x2F;github.com\u0026#x2F;SimpleHomelab.png\" width=\"64px\" alt=\"User avatar: SimpleHomelab\" /\u003e\u003c/a\u003e\u0026nbsp;\u0026nbsp;\u003ca href=\"https://github.com/jmadden91\"\u003e\u003cimg src=\"https:\u0026#x2F;\u0026#x2F;github.com\u0026#x2F;jmadden91.png\" width=\"64px\" alt=\"User avatar: jmadden91\" /\u003e\u003c/a\u003e\u0026nbsp;\u0026nbsp;\u003ca href=\"https://github.com/tribor\"\u003e\u003cimg src=\"https:\u0026#x2F;\u0026#x2F;github.com\u0026#x2F;tribor.png\" width=\"64px\" alt=\"User avatar: tribor\" /\u003e\u003c/a\u003e\u0026nbsp;\u0026nbsp;\u003ca href=\"https://github.com/eliasbenb\"\u003e\u003cimg src=\"https:\u0026#x2F;\u0026#x2F;github.com\u0026#x2F;eliasbenb.png\" width=\"64px\" alt=\"User avatar: eliasbenb\" /\u003e\u003c/a\u003e\u0026nbsp;\u0026nbsp;\u003ca href=\"https://github.com/afunworm\"\u003e\u003cimg src=\"https:\u0026#x2F;\u0026#x2F;github.com\u0026#x2F;afunworm.png\" width=\"64px\" alt=\"User avatar: afunworm\" /\u003e\u003c/a\u003e\u0026nbsp;\u0026nbsp;\u003ca href=\"https://github.com/chip-well\"\u003e\u003cimg src=\"https:\u0026#x2F;\u0026#x2F;github.com\u0026#x2F;chip-well.png\" width=\"64px\" alt=\"User avatar: chip-well\" /\u003e\u003c/a\u003e\u0026nbsp;\u0026nbsp;\u003ca href=\"https://github.com/Lancelot-Enguerrand\"\u003e\u003cimg src=\"https:\u0026#x2F;\u0026#x2F;github.com\u0026#x2F;Lancelot-Enguerrand.png\" width=\"64px\" alt=\"User avatar: Lancelot-Enguerrand\" /\u003e\u003c/a\u003e\u0026nbsp;\u0026nbsp;\u003ca href=\"https://github.com/allgoewer\"\u003e\u003cimg src=\"https:\u0026#x2F;\u0026#x2F;github.com\u0026#x2F;allgoewer.png\" width=\"64px\" alt=\"User avatar: allgoewer\" /\u003e\u003c/a\u003e\u0026nbsp;\u0026nbsp;\u003ca href=\"https://github.com/NEANC\"\u003e\u003cimg src=\"https:\u0026#x2F;\u0026#x2F;github.com\u0026#x2F;NEANC.png\" width=\"64px\" alt=\"User avatar: NEANC\" /\u003e\u003c/a\u003e\u0026nbsp;\u0026nbsp;\u003ca href=\"https://github.com/ax-mad\"\u003e\u003cimg src=\"https:\u0026#x2F;\u0026#x2F;github.com\u0026#x2F;ax-mad.png\" width=\"64px\" alt=\"User avatar: ax-mad\" /\u003e\u003c/a\u003e\u0026nbsp;\u0026nbsp;\u003ca href=\"https://github.com/stegratech\"\u003e\u003cimg src=\"https:\u0026#x2F;\u0026#x2F;github.com\u0026#x2F;stegratech.png\" width=\"64px\" alt=\"User avatar: stegratech\" /\u003e\u003c/a\u003e\u0026nbsp;\u0026nbsp;\u003c!-- sponsors --\u003e\n\n## Acknowledgements\n\n- **Freepik** for providing the police hat and badge.\n- **Renee French** for the original gopher logo.\n- **Coderabbit AI** for providing free AI code reviews.\n- **Syrhu** for providing the background image of the app.\n\n## Star History\n\n[![Star History Chart](https://api.star-history.com/svg?repos=tinyauthapp/tinyauth\u0026type=Date)](https://www.star-history.com/#tinyauthapp/tinyauth\u0026Date)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftinyauthapp%2Ftinyauth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftinyauthapp%2Ftinyauth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftinyauthapp%2Ftinyauth/lists"}