Quality Authentication & Authorization software and libraries.
Authentication (aka AuthN) and authorization (aka AuthZ) are both security measures. Authentication is the process of verifying who you are. Authorization is the process of verifying that you have access to something. Authorization occurs after successful authentication.
- Xamarin.Auth - Helps developers authenticate users via standard authentication mechanisms (e.g. OAuth 1.0 and 2.0), and store user credentials.
- Kentor Authentication Services - Saml2 authentication services for ASP.NET.
- SimpleAuthentication - ASP.NET library that makes it really easy and simple for developers to add social authentication to an ASP.NET application.
- OwinOAuthProviders - OAuth providers for Owin.
- AspNet.Security.OAuth.Providers - OAuth2 social authentication providers for ASP.NET Core.
- IdentityServer4 - OpenID Connect & OAuth 2.0 framework for ASP.NET Core.
- Casdoor - UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC.
- Ory Hydra - OpenID Connect certified OAuth2 server.
- Ory Kratos - API-first Identity and User Management system built for cloud applications.
- Ory Oathkeeper - Identity/Access proxy inspired by the BeyondCorp/Zero-Trust white paper.
- Ory Fosite - Extensible OAuth 2.0 and OpenID Connect SDK for Golang.
- Apache Shiro - Powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.
- pac4j - Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT.
- Spring Security OAuth - Provides support for using Spring Security with OAuth (1a) and OAuth2.
- Passport - Simple, unobtrusive authentication for Node.js. A comprehensive set of strategies support authentication using a username and password, Facebook, Twitter, and more.
- bell - Third-party authentication plugin for hapi. Ships with built-in support for various well-known sites and simple configuration object will support other OAuth 1.0a and OAuth 2.0 sites.
- Keystone - Provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family.
- Authomatic - Simple yet powerful authorization & authentication client library for Python web applications.
- Python Social Auth - Easy to setup social authentication/registration mechanism with support for several frameworks and auth providers.
- Raider - Web authentication testing framework, which treats the authentication process as finite state machines.
- Authlogic - Clean, simple, and unobtrusive Ruby authentication solution.
- AndPermission - Android runtime permission, support the right to apply for permission at any place.
- Casbin.NET - Authorization library that supports access control models like ACL, RBAC, ABAC in .NET (C#).
- DotNetOpenAuth - Implementation of the OpenID, OAuth protocols.
- AuthorizationServer - Sample implementation of an OAuth2 authorization server.
- Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Golang.
- goRBAC - Lightweight role-based access control implementation in Go.
- Ladon - SDK for access control policies: authorization for the microservice and IoT age.
- Foulkon - Authorization server that allows or denies access to web resources.
- Gocialite - Social OAuth login in Go with multiple providers has never been so easy.
- Ory Keto - Access control server capable of solving complex use cases (multi-tenant, attribute-based access control, etc.) with access control policies.
- Casbin-Rs - Authorization library that supports access control models like ACL, RBAC, ABAC in Rust.
- Permission - Unified API to ask for permissions on iOS.
- jCasbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Java.
- Apache Shiro - Powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.
- pac4j - Security engine for Java (authentication, authorization, multi-frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT.
- AT&T XACML - XACML 3.0 implementation from AT&T.
- Apache Sentry - Highly modular system for providing fine grained role based authorization to both data and metadata stored on an Apache Hadoop cluster.
- TOTP Server-Side Library - TOTP server-side library.
- Node-Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Node.js.
- RBAC - Hierarchical role-based access control for Node.js.
- ABAC - Attribute-based access control for Node.js.
- accesscontrol - Role and attribute-based access control for Node.js.
- PHP-Casbin - Authorization library that supports access control models like ACL, RBAC, ABAC in PHP.
- PHP-RBAC - Authorization library for PHP which provides developers with NIST Level 2 hierarchical role-based access control.
- ezRbac - Simple yet easy to implement role-based access control library for popular PHP framework: Codeigniter.
- php-abac - Attribute-based access control library.
- laravel-permission - Allows you to manage user permissions and roles in a database.
- logical-permissions-php - This is a generic library that provides support for array-based permissions with logic gates such as AND and OR.
- symfony-logical-authorization-bundle - This Symfony bundle provides a unifying solution for authorization that aims to be flexible, convenient and consistent.
- PyCasbin - Authorization library that supports access control models like ACL, RBAC, ABAC in Python.
- Simple RBAC - Simple role-based access control utility for Python.
- Flask-RBAC - Adds RBAC support to Flask.
- Vakt - Attribute-based access control (ABAC) SDK for Python.
- Modeling Authorization with PERM in Casbin
- Basic Role-Based HTTP Authorization in Go with Casbin
- Policy enforcements on Kubernetes with Banzai Cloud's Pipeline and Casbin
- Organizational RBAC in Argo CD with Casbin
PR is welcomed.
This project is licensed under the CC0-1.0 license.