Open Source Authentication Software - Page 2
Sort By:
Authentication Software
View 181 business solutions-
Compliant and Reliable File Transfers Backed by Top Security CertificationsStop relying on non-certified, legacy file transfer tools that creak under the weight of modern security demands. Get full audit trails, advanced access controls and more supported by an award-winning team of experts. Start your free 25-day trial today.
-
Gemini 3 and 200+ AI Models on One PlatformBuild, govern, and optimize agents and models with Gemini Enterprise Agent Platform.
-
1
PHP OAuth 2.0 Server
A spec compliant, secure by default
league/oauth2-server is a standards compliant implementation of an OAuth 2.0 authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them. The latest version of this package supports PHP 7.2, PHP 7.3, PHP 7.4, PHP 8.0. The openssl and json extensions are also required. All HTTP messages passed to the server should be PSR-7 compliant. This ensures interoperability with other packages and frameworks. The library uses PHPUnit for unit tests. We use Github Actions, Scrutinizer, and StyleCI for continuous integration. In order to prevent man-in-the-middle attacks, the authorization server MUST require the use of TLS with server authentication as defined by RFC2818 for any request sent to the authorization and token endpoints. The client MUST validate the authorization server’s TLS certificate as defined by RFC6125. -
2
Pocket ID
Easy-to-use OIDC provider that allows to authenticate with passkeys
Pocket-ID is an open-source OpenID Connect (OIDC) identity provider that prioritizes passwordless authentication using modern passkeys, making secure login easier for self-hosted services. By supporting passkeys instead of traditional passwords, Pocket-ID aligns with evolving web authentication standards, letting users sign in with devices, hardware keys like YubiKey, or platform-managed credentials. It’s designed to be simpler to install and use than larger identity solutions like Keycloak or Hydra and integrates smoothly with other self-hosted applications that understand OIDC protocols. With Docker-ready setup and broad community interest, the project supports a fully self-managed authentication stack where you control user identity, sessions, and login flows without relying on third-party services. It has gained popularity in the self-hosted ecosystem as a straightforward way to add single sign-on capabilities and modern security to your apps. -
3
Pow
Robust, modular, and extendable user authentication system
Pow is a robust, modular, and extendable authentication and user management solution for Phoenix and Plug-based apps. Pow is built to be modular, and easy to configure. The configuration is passed to function calls as well as plug options, and they will take priority over any environment configuration. It's ideal in case you got an umbrella app with multiple separate user domains. The easiest way to use Pow with Phoenix is to use a :otp_app in function calls and set the app environment configuration. It will keep a persistent fallback configuration that you configure in one place. Pow ships with a session plug module. You can easily switch it out with a different one. Pow is extremely modular and fully customizable. As your platform scales, each moving part can be modified or replaced ad-hoc. Several extensions are included in Pow so you with no effort can add secure features to your app. -
4
VoidAuth
Single Sign-On for Your Self-Hosted Universe
VoidAuth is a self-hosted, open-source Single Sign-On (SSO) authentication provider that simplifies managing user access and identity for a suite of private applications. Built around standards like OpenID Connect (OIDC), it serves as a central authentication authority so that users can log in once and gain secure access to multiple services without duplicating credentials. The platform offers a user and group management interface where administrators can invite users, enable self-registration, and configure policies like multi-factor authentication and password resets with email verification. Designed with flexibility in mind, VoidAuth supports features such as passkeys and customizable branding, making it adaptable to a wide range of deployment environments and aesthetic preferences. -
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
5
serve
Static file serving and directory listing
Assuming you would like to serve a static site, single page application or just a static file (no matter if on your device or on the local network), this package is just the right choice for you. Once it's time to push your site to production, we recommend using Vercel. In general, serve also provides a neat interface for listing the directory's contents. The quickest way to get started is to just run npx serve in your project's directory. If you prefer, you can also install the package globally using Yarn (you'll need at least Node.js LTS). The core of serve is serve-handler, which can be used as middleware in existing HTTP servers. In order to customize the default behaviour, you can also pass custom routing rules, provide your own methods for interacting with the file system and much more. -
6
Apache APISIX
The cloud-native API gateway
Provides rich traffic management features such as load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and more. Based on the Nginx library and etcd. Cloud-native microservices API gateway, delivering the ultimate performance, security, open source and scalable platform for all your APIs and microservices. Apache APISIX is based on Nginx and etcd. Compared with traditional API gateways, APISIX has dynamic routing and plug-in hot loading, which is especially suitable for API management under micro-service system. You can use Apache APISIX as a traffic entrance to process all business data, including dynamic routing, dynamic upstream, dynamic certificates, A/B testing, canary release, blue-green deployment, limit rate, defense against malicious attacks, metrics, monitoring alarms, service observability, service governance, etc. -
7
Casdoor
An open-source Identity and Access Management (IAM)
A UI-first Identity Access Management (IAM) / Single-Sign-On (SSO) platform supporting OAuth 2.0, OIDC, SAML and CAS, integrated with Casbin RBAC and ABAC permission management. Within a few steps, we can setup a Casdoor app and realize our authorization management. Casdoor has a front-end back-end separation architecture, with maneuverable web UI and supporting high concurrency. Casdoor is supporting multi-languages, using i18n to support multi-languages UI. For more languages support, welcome to propose in our community. Casdoor SDK provides many functions, such as identity authentication, user management, resource upload, etc. Access to Casdoor is very convenient, please visit How to Connect to Casdoor for details. Casdoor also support sign up directly. By filling your Username, Display name, Password and Email, after your receive your Email code, you can sign up in Casdoor. -
8
Google Auth Library
Google Auth Library for Node.js
This is Google's officially supported node.js client library for using OAuth 2.0 authorization and authentication with Google APIs. Use Application Default Credentials when you use a single identity for all users in your application. Especially useful for applications running on Google Cloud. Application Default Credentials also support workload identity federation to access Google Cloud resources from non-Google Cloud platforms. Use JWT when you are using a single identity for all users. Especially useful for server->server or server->API communication. Use workload identity federation to access Google Cloud resources from Amazon Web Services (AWS), Microsoft Azure or any identity provider that supports OpenID Connect (OIDC). Use workforce identity federation to access Google Cloud resources using an external identity provider (IdP) to authenticate and authorize a workforce—a group of users, such as employees, partners, and contractors. -
9
Sentry
Cross-platform application monitoring and error tracking software
Sentry is a cross-platform, self-hosted error monitoring solution that helps software teams discover, monitor and fix errors in real-time. The most users and logs will have to provide are the clues, and Sentry provides the answers. Sentry offers enhanced application performance monitoring through information-laden stack traces. It lets you build better software faster and more efficiently by showing you all issues in one place and providing the trail of events that lead to errors. It also provides real-time monitoring and data visualization through dashboards. Sentry’s server is in Python, but its API enables for sending events from any language, in any application. More than fifty-thousand companies already ship better software faster thanks to Sentry; let yours be one of them! -
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
10
Spring Security
Authentication and access-control framework
Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications. Spring Security is a framework that focuses on providing both authentication and authorization to Java applications. Like all Spring projects, the real power of Spring Security is found in how easily it can be extended to meet custom requirements. Spring Security uses a Gradle-based build system. In the instructions, ./gradlew is invoked from the root of the source tree and serves as a cross-platform, self-contained bootstrap mechanism for the build. Be sure that your JAVA_HOME environment variable points to the jdk-11 folder extracted from the JDK download. -
11
LDAP Account Manager (LAM) is a webfrontend for managing accounts stored in an LDAP directory. You can use templates for account creation and use multiple configuration profiles. Account information can be exported as PDF file.
-
12
Doorkeeper
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape
Doorkeeper is a gem (Rails engine) that makes it easy to introduce OAuth 2 provider functionality to your Ruby on Rails or Grape application. Doorkeeper is an oAuth2 provider built in Ruby. It integrates with Ruby on Rails and Grape frameworks. The installation process depends on the framework you're using. Doorkeeper follows Rails maintenance policy and supports only supported versions of the framework. Currently, we support Ruby on Rails 5 and higher. Extensions that are not included by default and can be installed separately. These applications show how Doorkeeper works and how to integrate with it. Start with the oAuth2 server and use the clients to connect with the server. See list of tutorials in order to learn how to use the gem or integrate it with other solutions/gems. -
13
Leapp
Leapp is the DevTool to access your cloud
Let Leapp manage your Cloud credentials locally. Improve your workflow with the only open-source desktop app and CLI you’ll ever need. Your all-in-one solution to assign IAM Cloud access across teams. Cloud credentials are available with a click. Data stored locally encrypted in your System Vault. Work with your Cloud Identities from a single place. Automatic temporary Cloud credentials generation and rotation. Pick your Cloud Provider to add a Leapp Session. Choose from supported access methods or leverage your federated identity with SAML 2.0 compliant identity providers. Automatically provision your sessions from AWS Single Sign-On via Leapp Integration. Start your Session, and Leapp will automatically generate secure short-lived credentials for you. All sensitive data are stored in your local System Vault and used only when needed to provide best-in-class security. -
14
Traefik Forward Auth
Forward authentication service. Google/OpenID oauth based login
A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer. Traefik prepends the namespace to the name of middleware defined via a Kubernetes resource. This is handled automatically when referencing the middleware from another resource in the same namespace (so the namespace does not need to be prepended when referenced). However, the full name, including the namespace, must be used when referenced from static configuration. -
15
ZITADEL
Identity infrastructure, simplified for you
Secure authentication management for your application. Customize as you grow, with easy APIs and programmable workflows. Focus on growing, your login is in good hands. Streamline your application development with our all-in-one identity suite. Designed for all user types, be it consumers, businesses, or employees. Offload complex tasks by using our API as solid abstractions. Benefit from an adaptable identity infrastructure with custom code extensions and robust security defaults. -
16
uuid
Go package for UUIDs based on RFC 4122 and DCE 1.1: Authentication
The uuid package generates and inspects UUIDs based on RFC 4122 and DCE 1.1: Authentication and Security Services. This package is based on the github/pborman/uuid package. It differs from these earlier packages in that a UUID is a 16 byte array rather than a byte slice. One loss due to this change is the ability to represent an invalid UUID (vs a NIL UUID). Full go doc style documentation for the package can be viewed online without installing this package by using the GoDoc site. -
17
Überauth
An Elixir Authentication System for Plug-based Web Applications
Ueberauth is a two-phase authentication framework that provides a clear API, allowing for many strategies to be created and shared within the community. It is heavily inspired by Omniauth. You could call it a port but it is significantly different in operation, but almost the same concept. Huge hat tip to Intridea. Ueberauth provides only the initial authentication challenge, (initial OAuth flow, collecting the information from a login form, etc). It does not authenticate each request, that's up to your application. You could issue a token or put the result into a session for the needs of your application. Libraries like Guardian can help you with that aspect of authentication. Strategies implement the two phases and then may allow the request to flow through to your downstream plugs. Implementing the request and callback phases is optional depending on the strategies requirements. If a strategy does not redirect, the request will be decorated with Ueberauth information. -
18
CID
Insert and manage Linux computers in AD
CID (Closed In Directory) is a set of bash scripts for inserting and managing Linux computers in Active Directory domains. Modifications made to the system allow Linux to behave like a Windows computer within AD. -
19
2FAS Auth Browser Extension
Source code for 2FAS Auth Browser Extension
2FAS Auth Browser Extension is a cross-browser plugin that integrates the 2FAS multi-factor authentication platform directly into the user’s web browsing workflow, helping streamline login flows by interfacing with web pages and 2FA token generation in a seamless way. Once installed in browsers like Chrome, Firefox, or others that support standard extension APIs, it can detect 2FA prompts on login forms and offer to fill or suggest one-time passwords generated by your 2FAS mobile clients or local vault, reducing friction and manual copy-paste steps. The extension communicates securely with companion mobile or desktop clients to fetch or synchronize token data, respecting encryption and privacy boundaries so that secrets are never exposed to the extension itself without user consent. It also lets users manage or view registered accounts, add new ones by scanning QR codes via companion apps, and handle token organization from within browser UI elements. -
20
MaxKey
MaxKey SSO ,Leading-Edge IAM-IDaas(Identity and Access Management)
Maxkey Single Sign On System, which means the Maximum key, Leading-Edge IAM/IDaas Identity and Access Management product, supports OAuth 2.x/OpenID Connect, SAML 2.0, JWT, CAS, SCIM, and other standard protocols, and provide Secure, Standard and Open Identity management (IDM), Access management (AM), Single Sign On (SSO), RBAC permission management and Resource management. MaxKey focuses on performance, security, and ease of use in enterprise scenarios, is widely used in industries such as healthcare, finance, government, and manufacturing. -
21
Tesseral
Open source auth infrastructure for B2B SaaS
Tesseral is an open-source authentication and identity management platform tailored for B2B SaaS applications, offering enterprise-grade features like SAML SSO, SCIM provisioning, RBAC, API key management, and audit logging through a unified API-first service. Tesseral is a multi-tenant, API-first service designed to run on the cloud. It is not an authentication library tied to a particular language or framework; Tesseral works with any tech stack. Tesseral is open source auth infrastructure for business software (i.e., B2B SaaS). Tesseral is built for B2B SaaS. Your customer's admins control how their users log in to their tenant, and can add or remove users at will. -
22
appwrite
Secure Backend Server for Web, Mobile & Flutter Developers
Appwrite is a self-hosted and cloud backend-as-a-service platform that provides developers with all the core APIs required to build any application. Build your entire backend within minutes and scale effortlessly using Appwrite's open-source platform. Add Authentication, Databases, Functions, Storage, and Messaging to your projects using the frameworks and languages of your choice. -
23
jwt-auth
JSON web token authentication for Laravel and Lumen
jwt-auth provides a simple means of authentication within Laravel using JSON Web Tokens (spec). There are several ways to create a token within the package. There are simple ways to do it, and more advanced methods if you want greater control. The most common way to create a token would be to authenticate the user via their login credentials, and if successful return a token corresponding to that user. You can also skip user authentication and just pass in a User object. Once a user has logged in with their credentials, then the next step would be to make a subsequent request, with the token, to retrieve the users' details, so you can show them as being logged in. To make authenticated requests via http using the built in methods, you will need to set an authorization header. If you don't like the idea of catching mulitple exceptions inline, then you are free to add a global exception handler with Laravel. -
24
LDAP Explorer is a multi platform, graphical LDAP tool that enables you to browse, modify and manage LDAP servers.
-
25
nuBuilder Forte
nuBuilder Forte is a cloud database builder.
nuBuilder Forte is the 4th version of nuBuilder. A open-source browser-based tool created for developing web-based database applications. nuBuilder uses either MySQL or MariaDB databases and gives its users the ability to do database operations like... • Search, Create, Insert, Read, Update, Delete ✪ With low-code tools that create ... - Forms with the Form Builder - Fast Reports - Database queries with the SQL Builder - Customised date and number formats with the Format Builder - Calculated fields with the Formula Builder - Email Templates - Move and resize objects. - Further customisation that can be done with JavaScript and PHP. ✪ nuBuilder stores all forms, reports, company data and PHP/JavaScript code in MySQL. You can backup your entire application within a single database file. ✪ Easy installation: - Download and unzip the nuBuilder files - Upload to your webserver - Create a database (e.g. nubuilder4) and optionally a user - Make a copy of
