Auth Awesome
ver | date |
---|---|
Kerberos 4.0 | 1980s |
LDAPv3 | 1997 |
Kerberos 5.0 | 1993 |
SAML 1.0 | 2002 |
SAML 1.1 | 2003 |
SAML 2.0 | 2005 |
OpenID 1.0 | 2006 |
OpenID 2.0 | 2007 |
OAuth 1.0 | 2010 |
OAuth 2.0 | 2012 |
OpenID Connect 1.0 | 2014 |
WebAuthn Level 1 | 2019-03-04 |
- IAM - Identity and Access Management
- kdeldycke/awesome-iam
- keepassxreboot/keepassxc
- babelouest/glewlwyd
- longguikeji/arkid
- AGPLv3, Python
- bullteam/zeus-admin
- Apache-2.0, Go+Vue
- OpenIdentityPlatform/OpenAM
- Java
- kanidm/kanidm
- MPL-2.0, Rust
- authelia/authelia
- Apache-2.0, Go
- SSO Multi-Factor portal for web apps
- boxyhq/jackson
- Apache-2.0, Typescript
- OpenID Provider (OP), Identity Provider (IDP)
- 实现了 OpenID Connect 和 OAuth 2.0
- Relying Party (RP)
- 应用或网站
- 将用户授权转交给 IdP
- logto-io/logto
- MPLv2, TS
- eicrud/eicrud
- MIT, TS
- CRUD/Authorization framework based on NestJS
Authorization Design
- Google Cloud
- Policies
- IAM permissions reference
- 资源名称
//{api}/{collection-id}/{resource-id}(/{collection-id}/{resource-id})*
//mail.googleapis.com/users/name@example.com/settings/customFrom
- 无传输协议
Authorization
- casbin
- ory/oathkeeper
- Identity & Access Proxy
- osohq/oso
- Apache-2.0, Rust+Python
- 引擎开源/Policy - Rust 实现
- 语言库: Node.js, Python, Go, Rust, Ruby, Java
- 商业化服务平台
- 参考
- stalniy/casl
- Isomorphic Authorization JavaScript library
- @casl/ability - 20.5kB/7kB - @ucast/core, @ucast/js, @ucast/mongo
- @ucast - 条件转换
- @casl/react - 2kB/1kB
Zanzibar
- authzed/spicedb
- Apache-2.0, Go
- AuthZ as a Service
- gRPC API+REST
- 支持 pg, mysql, cockroachdb, hashicorp/go-memdb
- HN
- aserto-dev/topaz
- Apache-2.0, Go
- Open Policy Agent
- BoltDB
- Permify/permify
- Apache-2.0, Go
- 通过 CDC 同步信息
- why-decouple-authorizations
- openfga/openfga
- Apache-2.0, Go
- by Auth0 FGA
- PostgreSQL 14, MySQL 8, SQLite
- ory/keto
- Apache-2.0, Go
- josephglanville/zanzibar-pg
- authorizer-tech/access-controller
- 参考
- RBAC - 角色固定
- ReBAC - 基于关系
- ABAC - 基于属性,任意属性
- HBAC - Host Based Access Control
- What is Zanzibar?
- https://www.osohq.com/learn/google-zanzibar
IAM
- keycloak/keycloak
- Apache-2.0, Java
- zitadel/zitadel
- Apache-2.0, Go
- by CAOS from Switzerland
- 提供 gRPC 接口
- 依赖 CockroachDB
- zitadel vs keycloak
- https://zitadel.ch/v2 WIP
- kanidm/kanidm
- MPL-2.0, Rust
- SSH/PAM/RADIUS/Web OAuth
- oauth design
- compare open-source-sso
- OpenIAM
- Apache Syncope
- FreeIPA
- Python
- WSO2
- apereo/cas - Central Authentication Service
- Okta
- FusionAuth
- LDAP/GSSAPI
- Kerberos
- not use public key crypto
- supertokens/supertokens-core
- Apache-2.0, Java
- goauthentik/authentik
- GPL-3.0, Python
- ory/kratos
Proxy
API 网关通常支持 auth、authz
- ForwardAuth
- oauth2-proxy/oauth2-proxy
- 也支持作为反向代理
- vouch/vouch-proxy
- oauth2-proxy/oauth2-proxy
- pomerium/pomerium
- Apache-2.0, Go
- Pomerium is an identity-aware access proxy.
- Enterprise
- 管理界面
- API
- Session
Reference
Library
- auth0/node-jsonwebtoken
- MIT, JS
- jsonwebtoken
- panva/jose
- MIT, TS, JS
- JWA, JWS, JWE, JWT, JWK, JWKS
- passport
- authts/oidc-client-ts
- Apache-2.0, TS
- panva/node-openid-client
- OpenID Certified™ Relying Party
IdP
- panva/node-oidc-provider
- MIT, NodeJS, JS
- panva/oauth4webapi
- MIT, TS
- OAuth 2 / OpenID Connect
- dexidp/dex
- Apache-2.0, Go
- OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connectors
- ory/hydra
- Apache-2.0, Go
- OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go