authentication
MCP OAuth Proxy incl. dynamic client registration (DCR), MCP prompt analytics and MCP firewall to build enterprise grade MCP servers.
Jetski is an Open Source MCP Analytics and Authentication Platform - part of HyprMCP. It solves the three biggest problems teams face when developing MCP servers with zero code changes:
The Kubernetes Connection Manager CLI.
kconnect is a CLI utility that can be used to discover and securely access Kubernetes clusters across multiple operating environments.
Based on the authentication mechanism chosen the CLI will discover Kubernetes clusters you are allowed to access in a target hosting environment (i.e. EKS, AKS, Rancher) and generate a kubeconfig for a chosen cluster.
Administration control panel for Authelia. A web-based administration interface for managing Authelia authentication server.
OAuth credential MAnager.
Many IMAP/SMTP clients, like msmtp, fdm, isync, aerc, neomutt or mutt can use OAuth2 access tokens but lack the ability to renew and/or authorize OAuth2 credentials. The purpose of oama is to provide these missing capabilities by acting as a kind of smart password manager. In particular, access token renewal happens automatically in the background transparent to the user.
Related contents:
Unlock the Future of Identity. Modern IAM written in Rust.
A blazing-fast IAM, powered by Rust. Open, secure, ready for your cloud journey.
FerrisKey is an open-source IAM solution designed for modern cloud-native environments. With its high-performance API written in Rust and its intuitive web interface developed in Typescript/React, FerrisKey offers a robust and flexible alternative to traditional IAM solutions.
The Single Sign-On Provider that makes securing your applications and resources easy. An Easy to Use and Self-Host Single Sign-On Provider 🐈⬛🔒
VoidAuth is an open-source authentication platform designed to simplify user management and securing access to your self-hosted applications and resources.
ProxyAuth secures backend APIs through a fast authentication gateway. It encrypts tokens using ChaCha20 + HMAC-SHA256, with config-defined secrets. It features built-in rate limiting (on proxy and auth routes) and uses Argon2 with auto-generated salts for secure password hashing. The service is extremely fast, handling 100,000+ requests per second under load.
Related contents:
Login screen for your apps. The simplest way to protect your apps with a login screen.
Tinyauth is a simple authentication middleware that adds a simple login screen or OAuth with Google, Github and any provider to all of your docker apps. It supports all the popular proxies like Traefik, Nginx and Caddy.
Related contents:
Own Your IAM with a Perpetual License. Open source alternative to Auth0 / Firebase Auth.
Authgear is an open-source extensible turnkey solution for all of your consumer authentication needs. Authgear gets you started in 5 minutes with developer-friendly SDKs and a comprehensive portal.
A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
OAuth2-Proxy is a flexible, open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. It provides a simple and secure way to protect your web applications with OAuth2 / OIDC authentication. As a reverse proxy, it intercepts requests to your application and redirects users to an OAuth2 provider for authentication. As a middleware, it can be seamlessly integrated into your existing infrastructure to handle authentication for multiple applications.
Related contents:
Bypass Microsoft Account creation during Windows 11/10 install.
With Microsoft’s recent Windows 11 updates, the bypass for the network requirement (NRO) was "effectively" blocked, forcing users into an online account creation. MSAPatcher brings back the simplicity of the bypassnro.cmd one-liner, allowing you to bypass the NRO without having to manually add registry keys or deal with complex workarounds.
Related contents:
LDAP authentication server for developers. A lightweight LDAP server for development, home use, or CI.
Go-lang LDAP Authentication (GLAuth) is a secure, easy-to-use, LDAP server w/ configurable backends.
A Better Auth plugin enabling secure, passwordless authentication in Expo applications through native biometric authentication.
Expo Passkey bridges the gap between Better Auth's backend capabilities and native biometric authentication on mobile devices. It allows your users to authenticate securely using Face ID, Touch ID, or fingerprint recognition without passwords, providing a modern, frictionless authentication experience.
This plugin implements FIDO2-inspired passkey authentication by connecting Better Auth's backend infrastructure with Expo's client-side biometric capabilities, offering a complete end-to-end solution that you can integrate with minimal configuration.
A simple and easy-to-use OIDC provider that allows users to authenticate with their passkeys to your services.
Related contents:
Torii is a powerful authentication framework for Rust applications that gives you complete control over your users' data.
Torii is a powerful authentication framework for Rust applications that gives you complete control over your users' data. Unlike hosted solutions like Auth0, Clerk, or WorkOS that store user information in their cloud, Torii lets you own and manage your authentication stack while providing modern auth features through a flexible plugin system.
Kanidm is a simple and secure identity management platform, allowing other applications and services to offload the challenge of authenticating and storing identities to Kanidm.
Login screen for your apps.
The simplest way to protect your apps with a login screen.
Tinyauth is a simple authentication middleware that adds simple username/password login or OAuth with Google, Github and any generic OAuth provider to all of your docker apps. It is made for traefik but it can be extended to work with all reverse proxies like caddy and nginx.
An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications.
Related contents:
This package provides secure first factor one-time passwords (OTPs) for Laravel applications. Users enter their email and receive a one-time code to sign in.
WebAuthn Based Authentication Easy to use webauthn client library and backend for authentication and encryption.
Wembat enables developers to authenticate users and encrypt data via the PRF extension of WebAuthn.
▦ Universal, standards-based auth provider.
OpenAuth is a standards-based auth provider for web apps, mobile apps, single pages apps, APIs, or 3rd party clients.
The easiest way to access your cloud A CLI application which provides the world’s best developer UX for finding and accessing cloud roles to multiple cloud accounts, fast!
Granted is a command line interface (CLI) application which simplifies access to cloud roles and allows multiple cloud accounts to be opened in your web browser simultaneously.
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
🛡️ Windows Hello™ style facial authentication for Linux.
Howdy provides Windows Hello™ style authentication for Linux. Use your built-in IR emitters and camera in combination with facial recognition to prove who you are.
Using the central authentication system (PAM), this works everywhere you would otherwise need your password: Login, lock screen, sudo, su, etc.
Light LDAP implementation
This project is a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication. It integrates with many backends, from KeyCloak to Authelia to Nextcloud and more!
It comes with a frontend that makes user management easy, and allows users to edit their own details or reset their password by email.
Related contents:
An authorization library that supports access control models like ACL, RBAC, ABAC for Golang, Java, C/C++, Node.js, Javascript, PHP, Laravel, Python, .NET (C#), Delphi, Rust, Ruby, Swift (Objective-C), Lua (OpenResty), Dart (Flutter) and Elixir.
Authentication and User Management. The most comprehensive User Management Platform.
Need more than just a sign-in box? Clerk is a complete suite of embeddable UIs, flexible APIs, and admin dashboards to authenticate and manage your users.
Open Source Clerk Alternative. The complete Authentication and User Management solution for developers.
Hanko is a lightweight, open source user authentication solution that takes you on the journey beyond passwords.
Employee and Customer Identity Solutions. Everything starts with Identity.
Identity can create great user experiences, increase customer sign-ups, improve employee productivity, and get apps to market faster.
2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop.
2FAuth's purpose is to simplify how you use and manage your 2FA with a clean and suitable interface, no matter what device you use. In front of your computer without your smartphone and dealing with a code request? No problemo, just open your 2FAuth instance in a browser tab and voilà!
The most comprehensive authentication library for TypeScript.
Better Auth is framework-agnostic authentication (and authorization) library for TypeScript. It provides a comprehensive set of features out of the box and includes a plugin ecosystem that simplifies adding advanced functionalities with minimal code in short amount of time. Whether you need 2FA, multi-tenant support, or other complex features. It lets you focus on building your actual application instead of reinventing the wheel.
Related contents:
Effortless OAuth and Authentication, Built for Flexibility and Control.
Melody Auth is turnkey OAuth & authentication system that can be seamlessly deployed on Cloudflare’s infrastructure, utilizing Workers, D1, and KV, or self-hosted with Node.js, Redis, and PostgreSQL. It provides a robust and user-friendly solution for implementing and hosting your own oauth and authentication system with minimal configuration required.
Open Source Fine-Grained Authorization.
An open-source authorization as a service inspired by Google Zanzibar, designed to build and manage fine-grained and scalable authorization systems for any application.
Build Your Authorization System Fast Without Extra Engineering Resources
Implement fine-grained, scalable and extensible access controls within minutes to days instead of months. Inspired by Google’s cons
A simple OIDC provider that allows users to authenticate with their passkeys to your services.
Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.
A free, secure, well integrated, reusable authentication solution for the Django framework, covering all functionality related to local and social user accounts, multi-factor authentication, in various configurations, with flows that just work.
🧑🚀 The better identity infrastructure for developers and the open-source alternative to Auth0.
Logto is an Auth0 alternative designed for modern apps and SaaS products. It offers a seamless developer experience and is well-suited for individuals and growing companies.
Docker Authorization Plugin.
A basic extendable Docker authorization plugin that runs directly on the host or inside a container. The framework depends on docker authentication plugin support. Basic authorization is provided when Docker daemon is started with --tlsverify flag (username is extracted from the certificate common name).
A Simple Hardware Authenticator
an SSO and OAuth / OIDC login solution for Nginx using the auth_request module.
An SSO solution for Nginx using the auth_request module. Vouch Proxy can protect all of your websites at once.
Vouch Proxy supports many OAuth and OIDC login providers and can enforce authentication
TOTP Authenticator.
A modern and secure Windows app for managing your 2FA authentication codes. It's free, open source, and easy to use. Download it now and get started in minutes.
API-first Identity Management, Authentication and Authorization. For Secure, Global, GDPR-compliant Apps. The New Identity Stack you have been waiting for.
Traditional IAM solutions do not scale, they are not easy to customize, they are limited in their deployment models, and they don't meet your or your customers' needs
An open-source PAM tool alternative to CyberArk
JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser.
🐘 👥 Manage PostgreSQL roles and privileges from YAML or LDAP
Postgres is able to check password of an existing role using the LDAP protocol out of the box. ldap2pg automates the creation, update and removal of PostgreSQL roles and users from an entreprise directory.
This tool can lead to password exposure.
Non-interactive ssh password auth download.
Sshpass is a tool for non-interactivly performing password authentication with SSH's so called "interactive keyboard password authentication". Most user should use SSH's more secure public key authentiaction instead.
Authentication for the Web.
Auth.js is a complete open-source authentication solution for web applications.
Identity, Policy, Audit.
Manage Linux users and client hosts in your realm from one central location with CLI, Web UI or RPC access. Enable Single Sign On authentication for all your systems, services and applications.
Related contents:
The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more. The Dogtag Certificate System can be downloaded for free and set up in less than an hour.
FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools.
FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers.
Simple & secure two-factor authentication via mobile & desktop app that's free to users. Authy's 2FA API is by Twilio.
Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy.
A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer.
A better alternative for securing our sensitive information online.
The Web Authentication API (also known as WebAuthn) is a specification written by the W3C and FIDO, with the participation of Google, Mozilla, Microsoft, Yubico, and others. The API allows servers to register and authenticate users using public key cryptography instead of a password.
Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services.
Lucia is a simple yet flexible user and session management library that provides an abstraction layer between your app and your database. It's bare-bones by design, keeping everything easy to use and understand, and ensures type-safetly so you can use it confidently.
The Burp extension helps you to find authorization bugs. Just navigate through the web application with a high privileged user and let the Auth Analyzer repeat your requests for any defined non-privileged user. With the possibility to define Parameters the Auth Analyzer is able to extract and replace parameter values automatically. With this for instance, CSRF tokens or even whole session characteristics can be auto extracted from responses and replaced in further requests. Each response will be analyzed and tagged on its bypass status.
Open Source Identity and Access Management. Add authentication to applications and secure services with minimum effort. No need to deal with storing users or authenticating users. Keycloak provides user federation, strong authentication, user management, fine-grained authorization, and more.
Related contents:
Making authentication simple.
authentik is an open-source Identity Provider focused on flexibility and versatility. It can be seamlessly integrated into existing environments to support new protocols. authentik is also a great solution for implementing sign-up, recovery, and other similar features in your application, saving you the hassle of dealing with them.
Sources:
- GoAuthentik de A à Y @ Une tasse de café :fr:.
- La veille des Ours n°31 @ Bearstech's LinkedIn :fr:.
- Ultimate Authentik Docker Compose Guide with Traefik 2025 @ SmartHomeBeginner.
- Improving Security with Hardware Keys - Authentik & Pocket-ID @ Jim's Garage's YouTube.
- Secure Jellyfin with Authentik (SSO + LDAP + 2FA/MFA Tutorial) @ IBRACORP's YouTube.
- Manage Authentik Resources in Terraform @ Christian Lempa's YouTube.
LDAP Tool Box project
Because even LDAP administrators need help
the open source solution for two factor authentication. LinOTP accommodates many different OTP algorithms using a modular approach. This includes the OATH standards such as HMAC (RFC 4226) and time-based HMAC. But LinOTP's design makes it easy to create your own tokens with different algorithms, including challenge-response tokens, tokens based on QR codes, and tokens based on push-type messages.