opkssh is a tool which enables ssh to be used with OpenID Connect allowing SSH access management via identities like alice@example.com instead of long-lived SSH keys. It does not replace ssh, but rather generates ssh public keys that contain PK Tokens and configures sshd to verify the PK Token in the ssh public key. These PK Tokens contain standard OpenID Connect ID Tokens. This protocol builds on the OpenPubkey which adds user public keys to OpenID Connect without breaking compatibility with existing OpenID Provider.

Related contents:

• Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH @ The Cloudflare Blog.

Open Source Enterprise SSO & VPN. The only open-source solution with real WireGuard MFA/2FA & integrated OpenID Connect SSO.

• devguard @ GitHub.

OpenPubkey is an open source project that binds public keys and workload identities using standard SSO and OpenID Connect.

Use OpenPubkey today to SSH to machines on your network without SSH keys.

• OpenPubkey @ GitHub.
• OpenPubkey: Augmenting OpenID Connect with User held Signing Keys @ Cryptology ePrint Archive.
• How to Use OpenPubkey to Solve Key Management via SSO @ Docker Blog.

Authentication for the Web.

Auth.js is a complete open-source authentication solution for web applications.

• Auth.js @ GitHub.
• NextAuth.js.
• Secure Next.js Applications with Role-Based Authentication Using NextAuth @ freeCodeCamp.

Reference implementation of OpenPubkey.

OpenPubkey adds user generated cryptographic signatures to OpenID Connect (OIDC) to enable users to sign messages or artifacts under their OpenID identity. Verifiers can check that these signatures are valid and associated with the signing OpenID identity. OpenPubkey does not add any new trusted parties beyond what is required for OpenID Connect and is fully compatible with existing OpenID Providers (Google, Azure/Microsoft, Okta, OneLogin, Keycloak) without any changes to the OpenID Provider.

• Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol @ Security Week.
• Ce qu’il faut savoir sur le projet OpenPubkey @ Goodtech.info .

Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy.

A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer.

Community-ID is an OpenID implementation in PHP which is OpenID 2.0 compliant. Community-ID is build to 100% on Open Source software and is release under the BSD license. Users can keep track of their trusted sites and manage them. The login to C-ID can be username/passowrd or a One Time Password with Yubikey. A user can have multiple profiles like with privat or business contact information.