41 Repos
Standardized protocols for verifying user identity and authorizing secure access.
Distinguishing note: Focuses on the implementation of secure authorization flows rather than general authentication.
Explore 41 awesome GitHub repositories matching security & cryptography ยท Authentication Flows. Refine with filters or upvote what's useful.
Puter is a browser-based desktop environment and cloud-native development platform that provides a virtualized graphical workspace. It enables developers to build and deploy full-stack web applications by integrating cloud storage, authentication, and serverless backend logic directly into the browser, eliminating the need for traditional server infrastructure. The platform distinguishes itself through a unified cloud storage layer and a distributed network runtime that facilitates peer-to-peer communication and cross-origin resource fetching. It features a sophisticated cross-window orchestr
Authenticates users automatically when cloud services are accessed, prompting for sign-in only when necessary.
The Google Workspace CLI is a command-line interface and Google API client designed to automate tasks across Google Workspace services. It functions as a cloud productivity automator that uses the Google Discovery Service to dynamically generate command structures and parameter requirements at runtime. The project distinguishes itself by providing a specialized AI agent toolset, exposing a server over standard input and output to provide structured tool definitions and skills for AI clients. It includes security layers for AI content sanitization to protect against prompt injection and utiliz
Provides interactive browser login flows and manual secret configuration to authorize API access.
FastMCP is a Python framework designed for building servers that expose functions, resources, and prompts to AI models using the Model Context Protocol. It simplifies the development process by automatically deriving tool metadata, input schemas, and documentation directly from Python function signatures and type hints. The framework provides a unified container for managing these components, allowing developers to build modular applications that integrate seamlessly with AI assistants. The project distinguishes itself through its support for interactive, server-defined user interface compone
Bypasses browser-based authentication by programmatically performing handshakes for automated testing.
EhviewerCNSXJ is a specialized Android client designed for browsing, searching, and downloading image galleries from remote content platforms. It functions as a third-party interface that enables users to access external media collections through a native mobile experience, complete with persistent session management and offline viewing capabilities. The application distinguishes itself through integrated network configuration tools that allow users to bypass regional restrictions by customizing DNS and security protocols directly within the client. It also provides advanced content discove
Verifies user identity through a browser-based login flow to grant access to protected account features and personalized content.
Authentik is a centralized identity and access management platform designed to serve as a unified authentication authority. It enables enterprise single sign-on across diverse applications and services, providing a cloud-native identity provider that manages user sessions and security protocols from a single location. The platform distinguishes itself through a policy-driven flow engine and a visual orchestration interface. This allows administrators to design complex, custom authentication workflows by chaining modular verification stages and conditional logic. These workflows can be further
Creates custom login processes by chaining verification stages into visual workflows that control user interaction.
Skyvern is an autonomous web navigation agent and browser-based workflow orchestrator that uses large language models to execute multi-step tasks on websites. By translating natural language instructions into actionable browser commands, the framework enables the automation of complex user workflows, including data extraction and interface interaction, without manual intervention. The platform distinguishes itself through a focus on secure, self-hosted infrastructure and stealth-oriented execution. It utilizes containerized browser isolation to maintain consistent environments and employs pro
Handles complex login flows and multi-factor authentication requirements during automated web interactions.
Mimikatz is a security research suite designed for auditing Windows authentication and managing system security configurations. It provides a comprehensive framework for extracting sensitive credentials, manipulating process privileges, and managing digital identity assets directly from system memory or offline memory dumps. The project distinguishes itself through advanced system-level exploitation techniques, including runtime process injection, API hooking, and the ability to bypass cryptographic export restrictions. It features a specialized toolkit for Kerberos protocol operations, allow
Hooks into authentication processes to capture credentials or bypass security checks by modifying memory structures.
Decap CMS is a headless, Git-based content management system designed to provide a visual editing interface for static site workflows. By decoupling the administrative dashboard from the frontend, it allows users to manage content stored directly in version control repositories as structured data. The system maps visual form inputs to repository files, enabling non-technical contributors to update content without requiring direct code changes. The platform distinguishes itself through its Git-centric automation, which handles content lifecycles by creating commits, branches, and pull requests
Enforces proof keys during the authentication handshake to secure identity provider interactions.
Elysia is a high-performance TypeScript web framework designed for building type-safe backend services. It provides a modular, plugin-based architecture that allows developers to compose server logic, middleware, and validation schemas into scalable application instances. By leveraging native web standards, the framework ensures portability across diverse JavaScript runtimes, including Node.js, Deno, and various edge computing environments. The framework distinguishes itself through its focus on end-to-end type safety, automatically synchronizing request and response definitions between the s
Implements secure authentication flows using standard protocols like JWT and OAuth for endpoint protection.
Wasp is a declarative full-stack web framework that enables developers to build and deploy applications by defining their architecture in a centralized configuration. By using a high-level specification, the framework automates the orchestration of frontend, backend, and database components, ensuring that infrastructure concerns like routing, authentication, and data modeling are handled consistently across the entire stack. The framework distinguishes itself through its compiler-driven approach, which translates declarative configurations into cohesive, production-ready codebases. It provide
Supports user authentication across the entire application stack using social providers and email-password combinations.
LangChain.js is a framework for building, executing, and monitoring stateful agentic applications. It provides an orchestration engine that models workflows as directed graphs, allowing developers to connect language models, data sources, and external tools into modular, multi-step processes. The platform distinguishes itself through its focus on stateful execution and human-in-the-loop control. It manages agent lifecycles by persisting execution state across threads, enabling fault tolerance and the ability to pause workflows at designated breakpoints for manual review or modification. This
Synchronizes authentication state by pausing execution until OAuth flows complete.
TinyGo is a specialized compiler and development toolkit designed to bring the Go programming language to resource-constrained microcontrollers and WebAssembly environments. It provides a bare-metal runtime environment that enables high-level code execution without the need for a traditional operating system, utilizing an LLVM-based backend to generate efficient machine instructions. The project distinguishes itself through aggressive optimization techniques tailored for small hardware, including a static memory allocation strategy and whole-program dead code elimination that significantly re
Controls custom hardware state machines using dedicated programmable blocks for specialized timing and communication.
Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program
Protects web applications by delegating authentication to OIDC providers using the authorization code flow.
Capacitor is a cross-platform mobile framework that enables developers to build native applications using web technologies. It functions as a hybrid app container, wrapping web assets within a native runtime that provides a standardized bridge to device hardware and system-level services. By exposing native functionality through a plugin-based architecture, it allows web applications to access platform-specific features while maintaining a consistent interface across mobile and desktop environments. The project distinguishes itself by maintaining native project files as source assets, allowin
Requires proof keys during authentication flows to prevent token interception via custom URL schemes.
SuperTokens Core is an open-source, self-hosted authentication and identity management platform designed for deployment within private infrastructure. It provides a comprehensive suite for managing user accounts, roles, and secure authentication flows, utilizing a modular, recipe-based architecture that allows developers to enable specific security features without modifying the core codebase. The platform distinguishes itself through its robust multi-tenancy capabilities, which allow for the logical or physical isolation of user records and configuration settings across different organizatio
Executes core sign-up and sign-in flows by managing user credential submission and validation.
Kratos is a centralized identity and access management server designed to handle user registration, authentication, and profile management. It functions as an identity flow orchestrator, managing the state and security of authentication processes across web, mobile, and command-line interfaces. The system provides a standards-compliant authorization server that issues tokens and manages delegated access for third-party applications and internal services, supporting multi-factor authentication and custom identity schemas to secure user accounts. The project distinguishes itself through a headl
Supports headless authentication workflows via JSON APIs for flexible integration across web, mobile, and desktop platforms.
This project is a cloud-native identity and access management platform designed to centralize authentication, authorization, and identity lifecycle management. It functions as a standards-compliant OpenID Connect authorization server, providing secure session management and token issuance for web, mobile, and device-based applications. The platform is built to handle complex identity requirements through stateless token authentication and support for modern passwordless methods, including biometrics and hardware keys. What distinguishes this platform is its native support for multi-tenant env
Allows developers to inject custom logic and external data into login flows using event-driven scripts.
๐ฎ Graphile's Crystal Monorepo; home to Grafast, PostGraphile, pg-introspection, pg-sql2 and much more!
Add custom resolvers, types, and business logic while keeping the schema structure intact.
The Google API PHP Client Library is a development kit for interacting with Google Cloud services and APIs. It provides standardized service interfaces to retrieve and manipulate data, serving as a comprehensive SDK for executing network requests across Google cloud platforms. The library features a specialized authentication handler for OAuth 2.0, managing authorization flows, access tokens, and offline access via refresh tokens. It includes a service account authenticator that uses JSON key files or application default credentials for server-to-server communication, as well as mechanisms fo
Implements Proof Key for Code Exchange (PKCE) to secure authorization code flows when client secrets are unavailable.
This project is an open-source 3D game engine designed for building high-fidelity games, simulations, and cinematic environments. It functions as a robotics simulation platform with native integration for ROS 2 to model robot controllers and sensors. The engine features a multi-threaded Forward+ physically based renderer that supports hardware-accelerated ray tracing and global illumination. The system is built on a modular extension architecture using Gems to add or replace features without modifying core binaries. It includes a native SDK for AWS cloud integration, enabling IAM authenticati
Implements secure cloud authentication and resource sharing via AWS SDK and OpenID token flows.