cybersecurity-auth

An ongoing & curated collection of awesome AuthN+Z software, libraries and frameworks, best guidelines and technical resources and cool stuff about Authentication & Authorization & SSO & IAM
https://github.com/paulveillard/cybersecurity-auth

Last synced: about 9 hours ago
JSON representation

`Authentication`
- `SSO (Single-Sign-On)`
  - ZITADEL - Cloud-native Identity & Access Management platform for secure authentication, authorization and identity management.
  - Authelia - The Single Sign-On Multi-Factor portal for web apps.
  - Single sign-on - wiki page about SSO
  - Casdoor - UI-first centralized authentication / Single-Sign-On (SSO) platform supporting OAuth 2.0 / OIDC and SAML.
  - Keycloak - Open Source Identity and Access Management.
  - Central Authentication Service (CAS) - Open Source Enterprise Single Sign On
  - Okta - Identity and Access Management as a service; provides broad integrations
  - Auth0 - Identity and Access Management as a service
  - LoginRadius - Identity and Access Management as a service
  - FusionAuth - Identity and Access Management, either a service or self-hosted
  - Cloud-IAM - Keycloak IAM as a Service
  - PAC4J - The security library for Java
  - buzzfeed/sso - A single sign-on solution for securing internal services (Go based)
  - cidaas - Cloud Identity & Access Management (Identity and Access Management as a service)
- `OAuth`
  - Spring Security OAuth - OAuth implementation for Spring
  - OAuth server for PHP - OAuth server for PHP
  - ORY Hydra - Go based OAuth and OIDC server
  - OAuth+JWT in microservices - Good video on how to use tokens in microservices
  - oauth2-proxy - A reverse proxy that provides authentication with Google, Github or other providers.
- `SAML`
  - SAML - Security Assertion Markup Language wiki page
  - Spring Security SAML - SAML implementation for Spring
  - SAMLTest
- `Two-factor authentication`
  - U2F and UAF spec - 2FA specifications
  - Two Factor Auth - List of websites with 2FA info
- `Passwordless authentication`
  - MojoAuth - Email and WebAuthN Authentication
  - Sawolabs - Authentication without OTPs and Passwords
`Authentication Development`
- <a name="authN-cSharp"></a>C#
  - Xamarin.Auth - Helps developers authenticate users via standard authentication mechanisms (e.g. OAuth 1.0 and 2.0), and store user credentials.
  - Kentor Authentication Services - Saml2 authentication services for ASP.NET.
  - SimpleAuthentication - ASP.NET library that makes it really easy and simple for developers to add social authentication to an ASP.NET application.
  - OwinOAuthProviders - OAuth providers for Owin.
  - AspNet.Security.OAuth.Providers - OAuth2 social authentication providers for ASP.NET Core.
  - IdentityServer4 - OpenID Connect & OAuth 2.0 framework for ASP.NET Core.
- <a name="authN-golang"></a>Golang
  - OIDC - OpenID Connect Library (client and server) for Go
  - Ory Hydra - OpenID Connect certified OAuth2 server.
  - Ory Kratos - API-first Identity and User Management system built for cloud applications.
  - Ory Oathkeeper - Identity/Access proxy inspired by the BeyondCorp/Zero-Trust white paper.
  - Ory Fosite - Extensible OAuth 2.0 and OpenID Connect SDK for Golang.
- <a name="authN-java"></a>Java
  - Apache Shiro - Powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.
  - pac4j - Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT.
  - Spring Security OAuth - Provides support for using Spring Security with OAuth (1a) and OAuth2.
- <a name="authN-node"></a>Node.js
  - Passport - Simple, unobtrusive authentication for Node.js. A comprehensive set of strategies support authentication using a username and password, Facebook, Twitter, and more.
  - bell - Third-party authentication plugin for hapi. Ships with built-in support for various well-known sites and simple configuration object will support other OAuth 1.0a and OAuth 2.0 sites.
- <a name="authN-python"></a>Python
  - Keystone - Provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family.
  - Authomatic - Simple yet powerful authorization & authentication client library for Python web applications.
  - Python Social Auth - Easy to setup social authentication/registration mechanism with support for several frameworks and auth providers.
  - Raider - Web authentication testing framework, which treats the authentication process as finite state machines.
- <a name="authN-ruby"></a>Ruby
  - Authlogic - Clean, simple, and unobtrusive Ruby authentication solution.
Authorization
- <a name="authN-ruby"></a>Ruby
  - Role-based access control - wiki page about RBAC
  - XACML - XML-based access control markup language
  - angular-permissions
Authorization Development
- <a name="authZ-android"></a>Android
  - AndPermission - Android runtime permission, support the right to apply for permission at any place.
- <a name="authZ-cSharp"></a>C#
  - Casbin.NET - Authorization library that supports access control models like ACL, RBAC, ABAC in .NET (C#).
  - DotNetOpenAuth - Implementation of the OpenID, OAuth protocols.
  - AuthorizationServer - Sample implementation of an OAuth2 authorization server.
- <a name="authZ-golang"></a>Golang
  - Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Golang.
  - goRBAC - Lightweight role-based access control implementation in Go.
  - Ladon - SDK for access control policies: authorization for the microservice and IoT age.
  - Foulkon - Authorization server that allows or denies access to web resources.
  - Gocialite - Social OAuth login in Go with multiple providers has never been so easy.
  - Ory Keto - Access control server capable of solving complex use cases (multi-tenant, attribute-based access control, etc.) with access control policies.
  - Oso - Batteries-included framework for building authorization in your Go application.
- <a name="authZ-rust"></a>Rust
  - Casbin-Rs - Authorization library that supports access control models like ACL, RBAC, ABAC in Rust.
- <a name="authZ-ios"></a>iOS
  - Permission - Unified API to ask for permissions on iOS.
- <a name="authZ-java"></a>Java
  - jCasbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Java.
  - AT&T XACML - XACML 3.0 implementation from AT&T.
  - Apache Sentry - Highly modular system for providing fine grained role based authorization to both data and metadata stored on an Apache Hadoop cluster.
  - TOTP Server-Side Library - TOTP server-side library.
- <a name="authZ-node"></a>Node.js
  - Node-Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Node.js.
  - RBAC - Hierarchical role-based access control for Node.js.
  - ABAC - Attribute-based access control for Node.js.
  - accesscontrol - Role and attribute-based access control for Node.js.
- <a name="authZ-php"></a>PHP
  - PHP-Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in PHP.
  - PHP-RBAC - Authorization library for PHP which provides developers with NIST Level 2 hierarchical role-based access control.
  - ezRbac - Simple yet easy to implement role-based access control library for popular PHP framework: [Codeigniter](https://github.com/bcit-ci/CodeIgniter).
  - php-abac - Attribute-based access control library.
  - laravel-permission - Allows you to manage user permissions and roles in a database.
  - logical-permissions-php - This is a generic library that provides support for array-based permissions with logic gates such as AND and OR.
  - symfony-logical-authorization-bundle - This Symfony bundle provides a unifying solution for authorization that aims to be flexible, convenient and consistent.
- <a name="authZ-python"></a>Python
  - PyCasbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Python.
  - Simple RBAC - Simple role-based access control utility for Python.
  - Flask-RBAC - Adds RBAC support to [Flask](https://github.com/pallets/flask).
  - Vakt - Attribute-based access control (ABAC) SDK for Python.
- <a name="authZ-ruby"></a>Ruby
  - Pundit - Minimal authorization through OO design and pure Ruby classes.
  - Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Ruby.
  - CanCanCan - Authorization for Ruby on Rails.
Articles
- <a name="authZ-ruby"></a>Ruby
Identity & Access management (IAM)
- <a name="authZ-ruby"></a>Ruby
  - IdentityServer - .NET based IAM server
  - ORY - Open Source Identity Infrastructure and Services (Go based)
  - casbin - Go authorization library
  - OpenAM - (discontinued), successor of OpenSSO
  - WSO2 Identity Server - also has SSO, authZ, ...
Tools
- <a name="authZ-ruby"></a>Ruby
  - Step CLI - A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
  - JWT DEBUGGER - A simple JWT decoder tool, that can help to verify the JWT and with the help of signature.
Other aggregators
- <a name="authZ-ruby"></a>Ruby
  - awesome-keycloak - A curated list of Keycloak related resources
  - casbin/awesome-auth - other auth list
  - OAuth code libraries
  - OIDC code libraries
`Cloud solutions`
- `Amazon Web Services (AWS)`
  - AWS IAM - Identity and Access Management for AWS
  - AWS SSO - Centrally manage single sign-on (SSO) access to multiple AWS accounts
  - Amazon Cognito - SSO for business applications
  - AWS Directory Service - AD in the AWS Cloud
  - AWS STS - AWS Security Token Service for temporary IAM tokens
- `Google Cloud Platform (GCP)`
  - Identity and authentication, the Google Cloud way - Overview of Google approach to identity and access management
- `Microsoft Azure`
  - Microsoft identity platform - Evolution of the Azure Active Directory
`License`
- `Microsoft Azure`
  - cc
  - Paul Veillard

Programming Languages

Go 14 Java 9 Python 8 C# 7 PHP 6 Ruby 4 JavaScript 4 Rust 2 TypeScript 2 Swift 1

cybersecurity-auth

`Authentication`

`SSO (Single-Sign-On)`

`OAuth`

`SAML`

`Two-factor authentication`

`Passwordless authentication`

`Authentication Development`

<a name="authN-cSharp"></a>C#

<a name="authN-golang"></a>Golang

<a name="authN-java"></a>Java

<a name="authN-node"></a>Node.js

<a name="authN-python"></a>Python

<a name="authN-ruby"></a>Ruby

Authorization

<a name="authN-ruby"></a>Ruby

Authorization Development

<a name="authZ-android"></a>Android

<a name="authZ-cSharp"></a>C#

<a name="authZ-golang"></a>Golang

<a name="authZ-rust"></a>Rust

<a name="authZ-ios"></a>iOS

<a name="authZ-java"></a>Java

<a name="authZ-node"></a>Node.js

<a name="authZ-php"></a>PHP

<a name="authZ-python"></a>Python

<a name="authZ-ruby"></a>Ruby

Articles

<a name="authZ-ruby"></a>Ruby

Identity & Access management (IAM)

<a name="authZ-ruby"></a>Ruby

Tools

<a name="authZ-ruby"></a>Ruby

Other aggregators

<a name="authZ-ruby"></a>Ruby

`Cloud solutions`

`Amazon Web Services (AWS)`

`Google Cloud Platform (GCP)`

`Microsoft Azure`

`License`

`Microsoft Azure`