GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → gnur → beyondauth

gnur / beyondauth

Licence: GPL-3.0 license
a traefik / nginx companion to create an identity aware proxy like beyondcorp

Programming Languages

go
31211 projects - #10 most used programming language
Dockerfile
14818 projects

Labels

identityauthorizationopenid-connecttraefikbeyondcorp

Projects that are alternatives of or similar to beyondauth

Oauthlib
A generic, spec-compliant, thorough implementation of the OAuth request-signing logic
Stars: ✭ 2,323 (+8834.62%)
Mutual labels:  identity, authorization, openid-connect
logto
🧑‍🚀 Logto helps you build the sign-in, auth, and user identity within minutes. We provide an OIDC-based identity service and the end-user experience with username, phone number, email, and social sign-in, with extendable multi-language support.
Stars: ✭ 3,421 (+13057.69%)
Mutual labels:  identity, authorization, openid-connect
Hydra
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.
Stars: ✭ 11,884 (+45607.69%)
Mutual labels:  identity, authorization, openid-connect
Zitadel
ZITADEL - Cloud Native Identity and Access Management
Stars: ✭ 105 (+303.85%)
Mutual labels:  identity, openid-connect
Epilink
Authenticate people on your Discord servers and give them roles automatically. All-in-one server back-end, Discord bot and front-end. Works with Google, Microsoft and any OpenID Connect provider.
Stars: ✭ 36 (+38.46%)
Mutual labels:  identity, openid-connect
Identityserver4
OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
Stars: ✭ 8,428 (+32315.38%)
Mutual labels:  identity, openid-connect
Doorkeeper
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.
Stars: ✭ 4,917 (+18811.54%)
Mutual labels:  identity, authorization
Identitybase
IdentityBase is a Universal Identity Platform for web, mobile and IoT built on top of IdentityServer.
Stars: ✭ 112 (+330.77%)
Mutual labels:  identity, openid-connect
Security.identity
.NET DevPack Identity is a set of common implementations to help you implementing Identity, Jwt, claims validation and another facilities
Stars: ✭ 165 (+534.62%)
Mutual labels:  identity, authorization
Identityserver
An open-source, standards-compliant, and flexible OpenID Connect and OAuth 2.x framework for ASP.NET Core
Stars: ✭ 223 (+757.69%)
Mutual labels:  identity, openid-connect
Stormpath Sdk Java
Official Java SDK for the Stormpath User Management REST API
Stars: ✭ 221 (+750%)
Mutual labels:  identity, authorization
Authing
🔥Authing - IDaaS/IAM solution that can Auth to web and mobile applications.
Stars: ✭ 247 (+850%)
Mutual labels:  identity, openid-connect
Jpproject.identityserver4.adminui
🔧 ASP.NET Core 3 & Angular 8 Administration Panel for 💞IdentityServer4 and ASP.NET Core Identity
Stars: ✭ 717 (+2657.69%)
Mutual labels:  identity, openid-connect
Identitymodel
.NET standard helper library for claims-based identity, OAuth 2.0 and OpenID Connect.
Stars: ✭ 693 (+2565.38%)
Mutual labels:  identity, openid-connect
Cierge
🗝️ Passwordless OIDC authentication done right
Stars: ✭ 1,245 (+4688.46%)
Mutual labels:  identity, openid-connect
Aspnet5identityserverangularimplicitflow
OpenID Connect Code / Implicit Flow with Angular and ASP.NET Core 5 IdentityServer4
Stars: ✭ 670 (+2476.92%)
Mutual labels:  identity, authorization
token-cli
Command line utility for interacting with OAuth2 infrastructure to generate tokens
Stars: ✭ 19 (-26.92%)
Mutual labels:  identity, authorization
Django Oidc Provider
OpenID Connect and OAuth2 provider implementation for Djangonauts.
Stars: ✭ 320 (+1130.77%)
Mutual labels:  identity, openid-connect
Product Is
Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
Stars: ✭ 435 (+1573.08%)
Mutual labels:  identity, authorization
Pomerium
Pomerium is an identity-aware access proxy.
Stars: ✭ 2,860 (+10900%)
Mutual labels:  identity, beyondcorp
View All Similar Projects ➔

BeyondAuth

BeyondAuth can be used as a forward authenticating agent to make Traefik or nginx (untested) an Identity Aware Proxy. Inspired by the BeyondCorp papers by Google.

implementation

BeyondAuth uses OpenID Connect to authenticate users and sets a domain cookie with a JWT after a successful login to persist logins. As of v0.1 it has been tested to be compatible with Google, Auth0 and Keycloak. Every request made to the reverse proxy sends an additional request to BeyondAuth to verify if it is allowed or not.
BeyondAuth is stateless, so no data store is needed. This does mean however that issued JWTs cannot be revoked, unless you change the secret and ALL JWTs will be revoked. Every incoming requests is classified into groups, a user can be a member of multiple groups and a subdomain can grant access to multiple groups. So if a user is member of a group that is allowed access, the request is allowed.

todo

  • Write comprehensive readme
  • Create a better getKey function
  • document example

example config

see example.toml

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].