Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

cybersecurity-auth

An ongoing & curated collection of awesome AuthN+Z software, libraries and frameworks, best guidelines and technical resources and cool stuff about Authentication & Authorization & SSO & IAM
https://github.com/paulveillard/cybersecurity-auth

Last synced: about 22 hours ago
JSON representation

  • Authorization Development

    • <a name="authZ-ios"></a>iOS

      • Permission - Unified API to ask for permissions on iOS.

    • <a name="authZ-php"></a>PHP

      • laravel-permission - Allows you to manage user permissions and roles in a database.
      • PHP-Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in PHP.
      • PHP-RBAC - Authorization library for PHP which provides developers with NIST Level 2 hierarchical role-based access control.
      • ezRbac - Simple yet easy to implement role-based access control library for popular PHP framework: [Codeigniter](https://github.com/bcit-ci/CodeIgniter).
      • logical-permissions-php - This is a generic library that provides support for array-based permissions with logic gates such as AND and OR.
      • symfony-logical-authorization-bundle - This Symfony bundle provides a unifying solution for authorization that aims to be flexible, convenient and consistent.
      • php-abac - Attribute-based access control library.

    • <a name="authZ-ruby"></a>Ruby

      • CanCanCan - Authorization for Ruby on Rails.
      • Pundit - Minimal authorization through OO design and pure Ruby classes.
      • Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Ruby.

    • <a name="authZ-golang"></a>Golang

      • Ory Keto - Access control server capable of solving complex use cases (multi-tenant, attribute-based access control, etc.) with access control policies.
      • Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Golang.
      • goRBAC - Lightweight role-based access control implementation in Go.
      • Oso - Batteries-included framework for building authorization in your Go application.
      • Ladon - SDK for access control policies: authorization for the microservice and IoT age.
      • Foulkon - Authorization server that allows or denies access to web resources.
      • Gocialite - Social OAuth login in Go with multiple providers has never been so easy.

    • <a name="authZ-cSharp"></a>C#

      • DotNetOpenAuth - Implementation of the OpenID, OAuth protocols.
      • Casbin.NET - Authorization library that supports access control models like ACL, RBAC, ABAC in .NET (C#).
      • AuthorizationServer - Sample implementation of an OAuth2 authorization server.

    • <a name="authZ-android"></a>Android

      • AndPermission - Android runtime permission, support the right to apply for permission at any place.

    • <a name="authZ-node"></a>Node.js

      • Node-Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Node.js.
      • accesscontrol - Role and attribute-based access control for Node.js.
      • ABAC - Attribute-based access control for Node.js.
      • RBAC - Hierarchical role-based access control for Node.js.

    • <a name="authZ-python"></a>Python

      • Flask-RBAC - Adds RBAC support to [Flask](https://github.com/pallets/flask).
      • PyCasbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Python.
      • Simple RBAC - Simple role-based access control utility for Python.
      • Vakt - Attribute-based access control (ABAC) SDK for Python.

    • <a name="authZ-java"></a>Java

      • jCasbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Java.
      • Apache Sentry - Highly modular system for providing fine grained role based authorization to both data and metadata stored on an Apache Hadoop cluster.
      • TOTP Server-Side Library - TOTP server-side library.
      • AT&T XACML - XACML 3.0 implementation from AT&T.

    • <a name="authZ-rust"></a>Rust

      • Casbin-Rs - Authorization library that supports access control models like ACL, RBAC, ABAC in Rust.

  • `Cloud solutions`

  • `License`

  • `Authentication`

    • `SSO (Single-Sign-On)`

      • Keycloak - Open Source Identity and Access Management.
      • Auth0 - Identity and Access Management as a service
      • LoginRadius - Identity and Access Management as a service
      • FusionAuth - Identity and Access Management, either a service or self-hosted
      • Single sign-on - wiki page about SSO
      • Okta - Identity and Access Management as a service; provides broad integrations
      • buzzfeed/sso - A single sign-on solution for securing internal services (Go based)
      • Authelia - The Single Sign-On Multi-Factor portal for web apps.
      • Central Authentication Service (CAS) - Open Source Enterprise Single Sign On
      • Casdoor - UI-first centralized authentication / Single-Sign-On (SSO) platform supporting OAuth 2.0 / OIDC and SAML.
      • cidaas - Cloud Identity & Access Management (Identity and Access Management as a service)
      • ZITADEL - Cloud-native Identity & Access Management platform for secure authentication, authorization and identity management.
      • Cloud-IAM - Keycloak IAM as a Service
      • PAC4J - The security library for Java

    • `SAML`

    • `Passwordless authentication`

      • MojoAuth - Email and WebAuthN Authentication
      • Sawolabs - Authentication without OTPs and Passwords

    • `OAuth`

    • `Two-factor authentication`

  • Identity & Access management (IAM)

    • <a name="authZ-ruby"></a>Ruby

  • Articles

  • Authorization

  • Tools

    • <a name="authZ-ruby"></a>Ruby

      • JWT DEBUGGER - A simple JWT decoder tool, that can help to verify the JWT and with the help of signature.
      • Step CLI - A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

  • Other aggregators

  • `Authentication Development`

    • <a name="authN-node"></a>Node.js

      • Passport - Simple, unobtrusive authentication for Node.js. A comprehensive set of strategies support authentication using a username and password, Facebook, Twitter, and more.
      • bell - Third-party authentication plugin for hapi. Ships with built-in support for various well-known sites and simple configuration object will support other OAuth 1.0a and OAuth 2.0 sites.

    • <a name="authN-golang"></a>Golang

      • Ory Kratos - API-first Identity and User Management system built for cloud applications.
      • Ory Hydra - OpenID Connect certified OAuth2 server.
      • Ory Fosite - Extensible OAuth 2.0 and OpenID Connect SDK for Golang.
      • Ory Oathkeeper - Identity/Access proxy inspired by the BeyondCorp/Zero-Trust white paper.
      • OIDC - OpenID Connect Library (client and server) for Go

    • <a name="authN-python"></a>Python

      • Python Social Auth - Easy to setup social authentication/registration mechanism with support for several frameworks and auth providers.
      • Authomatic - Simple yet powerful authorization & authentication client library for Python web applications.
      • Keystone - Provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family.
      • Raider - Web authentication testing framework, which treats the authentication process as finite state machines.

    • <a name="authN-ruby"></a>Ruby

      • Authlogic - Clean, simple, and unobtrusive Ruby authentication solution.

    • <a name="authN-java"></a>Java

      • pac4j - Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT.
      • Apache Shiro - Powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.
      • Spring Security OAuth - Provides support for using Spring Security with OAuth (1a) and OAuth2.

    • <a name="authN-cSharp"></a>C#

Programming Languages
Go 14 Java 9 Python 8 C# 7 PHP 6 Ruby 4 JavaScript 4 Rust 2 TypeScript 2 Swift 1
Categories
Authorization Development 35 `Authentication` 26 `Authentication Development` 21 `Cloud solutions` 7 Articles 6 Identity & Access management (IAM) 5 Other aggregators 4 Authorization 3 Tools 2 `License` 2
Sub Categories
<a name="authZ-ruby"></a>Ruby 20 `SSO (Single-Sign-On)` 14 <a name="authZ-php"></a>PHP 7 <a name="authZ-golang"></a>Golang 7 <a name="authN-cSharp"></a>C# 6 `Amazon Web Services (AWS)` 5 `OAuth` 5 <a name="authN-golang"></a>Golang 5 <a name="authZ-java"></a>Java 4 <a name="authZ-python"></a>Python 4 <a name="authN-ruby"></a>Ruby 4 <a name="authN-python"></a>Python 4 <a name="authZ-node"></a>Node.js 4 <a name="authZ-cSharp"></a>C# 3 `Microsoft Azure` 3 <a name="authN-java"></a>Java 3 `SAML` 3 `Two-factor authentication` 2 <a name="authN-node"></a>Node.js 2 `Passwordless authentication` 2 <a name="authZ-rust"></a>Rust 1 <a name="authZ-android"></a>Android 1 <a name="authZ-ios"></a>iOS 1 `Google Cloud Platform (GCP)` 1
Keywords
authorization 20 rbac 12 authentication 11 abac 11 access-control 11 auth 11 security 10 acl 10 permission 10 authz 8 oauth 8 sso 8 casbin 7 oauth2 7 openid-connect 6 python 6 golang 5 java 5 saml 4 go 4 oidc 4 permissions 4 nodejs 4 iam 3 mfa 3 ldap 3 openid 3 php 3 authn 3 rust 2 casdoor 2 cas 2 shiro 2 ruby 2 identity 2 webauthn 2 library 2 totp 2 sso-authentication 2 oauth-provider 2 roles 2 server 2 docker 2 oauth2-client 1 oauth-client 1 social 1 python-social 1 users 1 user-profiles 1 user-profile 1