19 Repos
Authentication mechanisms designed for input-constrained devices or command-line interfaces using browser-based flows.
Distinguishing note: Specifically implements the OAuth2 device authorization grant for CLI-based interactive login.
Explore 19 awesome GitHub repositories matching security & cryptography · Device Authentication Flows. Refine with filters or upvote what's useful.
Postiz is an open-source social media management platform designed to centralize the scheduling, publishing, and analysis of content across diverse social networks, community forums, and blogging platforms. It functions as a unified hub where users can coordinate, review, and distribute content through a shared team workspace, while leveraging integrated artificial intelligence to assist in drafting text and generating multimedia assets. The platform distinguishes itself through a modular architecture that utilizes a provider-specific adapter pattern to ensure consistent content distribution
Authorizes command line interfaces by displaying a code and opening a browser to manage sessions without manual configuration.
Komi Store is an Android app store client designed for discovering and installing applications directly from git repository releases. It functions as a git release manager and APK package manager, allowing users to track software versions and assets hosted on git platforms. The project differentiates itself by integrating deep git repository functionality, such as an OAuth repository browser for managing issues and pull requests, and a system for importing starred repositories. It utilizes a multi-provider aggregation model to normalize release data from various git hosting platforms into a u
Handles user authentication by routing device-flow requests through a backend proxy to exchange codes for tokens.
SuperTokens Core is an open-source, self-hosted authentication and identity management platform designed for deployment within private infrastructure. It provides a comprehensive suite for managing user accounts, roles, and secure authentication flows, utilizing a modular, recipe-based architecture that allows developers to enable specific security features without modifying the core codebase. The platform distinguishes itself through its robust multi-tenancy capabilities, which allow for the logical or physical isolation of user records and configuration settings across different organizatio
Identifies and alerts on authentication attempts from previously unseen devices to prevent unauthorized access.
This project is a cloud-native identity and access management platform designed to centralize authentication, authorization, and identity lifecycle management. It functions as a standards-compliant OpenID Connect authorization server, providing secure session management and token issuance for web, mobile, and device-based applications. The platform is built to handle complex identity requirements through stateless token authentication and support for modern passwordless methods, including biometrics and hardware keys. What distinguishes this platform is its native support for multi-tenant env
Implements device-based authorization flows for hardware with limited input capabilities.
This project provides a TypeScript software development kit for the Model Context Protocol, a standard designed to facilitate bidirectional communication between AI applications and external data sources or tools. It serves as a foundational framework for building both clients and servers, enabling language models to interact with external systems through a unified, decoupled interface. The SDK distinguishes itself by implementing a transport-agnostic connection layer that supports both local standard input-output streams and remote HTTP endpoints. It utilizes a JSON-RPC message bus to manage
Verifies identity for publishing using automated device flows initiated through the command line.
This project is a command-line synchronization client for OneDrive and SharePoint libraries on Linux. It functions as a synchronization engine that aligns local filesystems with cloud storage through bidirectional, unidirectional, or download-only workflows. The client supports headless authentication for servers without web browsers and can be deployed as a background service or within a containerized environment. It enables the management of multiple distinct cloud accounts on a single system and integrates with shared SharePoint sites and document libraries. The synchronization engine inc
Supports sign-in via device authorization flows for systems without a web browser.
Talos is a minimal, immutable Linux distribution designed specifically for deploying and managing Kubernetes clusters. It functions as an API-driven infrastructure manager that replaces traditional shell access with a declarative gRPC interface to control operating system state and configuration. The system is distinguished by its use of a read-only root filesystem and a security-hardened kernel, which removes standard GNU utilities to reduce the attack surface. It ensures environment consistency by distributing the operating system as versioned, signed images and utilizes TPM-backed verified
Implements OAuth2 device flow for secure identity verification during remote system configuration downloads.
WatchYourLAN is a self-hosted network discovery and monitoring tool written in Go. It scans local network interfaces using ARP requests to detect connected devices, tracks their online and offline status over time, and identifies when new or previously unseen hosts appear on the network. The application stores host data and connection history in either SQLite or PostgreSQL, and can export metrics to InfluxDB or expose a Prometheus endpoint for long-term storage and visualization in dashboards like Grafana. The tool provides a REST API for programmatic management of monitored hosts, including
Identifies and flags previously unseen devices appearing on the local network.
This project is a PHP library for implementing a spec-compliant OAuth 2.0 authorization server. It serves as an authentication framework for managing user identities and client authorizations, providing the necessary components to issue and validate access and refresh tokens. The server supports a wide range of standardized authorization flows, including authorization code exchange, device grants, implicit flows, and PKCE enforcement. It handles complex token lifecycles through refresh token rotation, scope management, and the use of asymmetric keys for signing digital tokens. The system pro
Implements the OAuth 2.0 device authorization grant for hardware with limited input capabilities.
google-drive-ocamlfuse is a FUSE-based filesystem that mounts a Google Drive account as a local directory, enabling standard file operations on cloud files. It bridges POSIX filesystem calls to the Google Drive API, allowing users to read, write, and manage files through their operating system's native file manager or command line. The project distinguishes itself through support for multiple simultaneous Google Drive accounts, each mounted as an independent local directory with separate authentication and cache state. It handles Google Docs, Sheets, and Slides by exporting them as read-only
Authenticates headless devices to Google Drive using the OAuth2 device authorization grant flow.
ZenML is an extensible machine learning orchestration framework designed to manage the end-to-end lifecycle of data pipelines and AI agent workflows. It functions as a durable orchestrator that executes machine learning tasks as directed acyclic graphs, ensuring that every step is containerized for consistent performance across local, cloud, and hybrid infrastructure. By decoupling pipeline code from underlying compute and storage backends, the platform allows developers to define infrastructure-agnostic stacks that remain portable across diverse environments. The project distinguishes itself
Links local clients to servers using web-based login and issues time-limited tokens based on device trust status.
ZenML is an orchestration platform designed for building, deploying, and monitoring reproducible machine learning pipelines and agentic workflows. It provides a unified framework that manages the entire lifecycle of machine learning assets, from data processing and model training to the deployment of persistent inference services. By decoupling pipeline logic from underlying compute and storage, the platform enables teams to transition workflows seamlessly from local development environments to production-grade cloud infrastructure. The platform distinguishes itself through a service-oriented
Implements browser-based authentication flows for command-line interfaces to issue time-limited access tokens.
This project is a remote desktop software suite and administration tool designed for controlling remote devices via web browsers or desktop applications across different operating systems. It functions as a secure remote access gateway and device manager, providing a centralized backend for auditing sessions and deploying private infrastructure to target machines. The system distinguishes itself through the use of GPU-accelerated video streaming and hardware encoding to reduce latency. It enables multi-device monitoring via a screen wall and supports the creation of virtual display emulations
Implements a secure handshake process using unique device identifiers and tokens to validate remote access requests.
Spring Authorization Server is an OAuth 2.1 and OpenID Connect 1.0 authorization server built on Spring Security. It implements the full protocol surface for issuing access and refresh tokens, including authorization code, client credentials, device code, and token exchange grants, as well as pushed authorization requests and user consent management. The server also functions as an OpenID Connect provider, supporting ID tokens, userinfo, discovery, logout, and dynamic client registration. The project distinguishes itself through an extensible framework that allows custom grant types, pluggabl
Processes device authorization requests, providing a verification URI and user code for secondary device authentication and consent.
Dieses Projekt ist eine OAuth 2.0-Client-Bibliothek und ein OpenID Connect SDK für die Integration von Microsoft-Identitätsplattformen in JavaScript-Anwendungen. Es dient als plattformübergreifender Authentifizierungs-Client für die Verwaltung von Benutzeridentitäten und Daemon-Diensten in browserbasierten und serverseitigen Umgebungen. Die Bibliothek bietet Tools zum Erwerb und zur Verwaltung von JSON Web Tokens zur Sicherung des Zugriffs auf geschützte Web-APIs. Sie unterstützt verschiedene Authentifizierungsabläufe, einschließlich Single-Page-Application-Authentifizierung, serverseitigem Identitätsmanagement in Node.js und nicht-interaktiver Authentifizierung für Hintergrunddienste. Zu den Funktionen gehört die Verwaltung von Token-Caches mit Unterstützung für Persistenz und Verschlüsselung. Das Toolkit deckt zudem die Identitätsüberprüfung über Unternehmens-, persönliche und soziale Anbieter ab sowie spezialisierte Abläufe wie Device-Code-Authentifizierung und Plattform-Broker-Integration.
Provides the device authorization grant flow for authenticating users on input-constrained devices.
2FAuth is a self-hosted two-factor authentication server and credential vault. It functions as a web-based authenticator app used to organize and generate time-based one-time passwords and other security codes for multiple accounts in a central location. The system distinguishes itself as an API-driven security manager, allowing authentication codes to be integrated into automated workflows and external applications. It also supports shared security credentialing through the use of isolated vaults and shared folders for team collaboration. The project covers a broad range of security and dat
Sends email alerts when failed logins occur or when an account is accessed from a new device.
Kaneo is an open-source project management platform built around a kanban board interface for organizing tasks into columns with drag-and-drop status management. It functions as a self-hosted task manager that supports multiple workspaces, organizations, and role-based access control, with all persistent data stored in a PostgreSQL relational database and exposed through a RESTful JSON API. The platform distinguishes itself through deep external integration capabilities, connecting project workflows to GitHub, Gitea, Slack, Discord, and Telegram with automated event-driven actions. A webhook
Supports secure user authorization via the OAuth2 device flow for input-constrained clients.
gptel is an LLM Emacs client and multi-backend AI integration system that allows users to interact with large language models directly inside the Emacs text editor. It serves as an AI-powered text refactoring tool and a context-aware prompt manager, providing a unified interface to connect with various AI providers, including local Ollama instances, AWS Bedrock, and Gemini. The project distinguishes itself as a Model Context Protocol client, connecting to MCP servers to provide language models with external tools and data sources. It enables context-augmented prompting by aggregating text fro
Provides a device authorization flow for signing into AI providers without manual secret key entry.
This project is a curated collection of deployment files and configurations for hosting a wide variety of open-source services on a home server. It primarily utilizes Docker and Docker Compose to automate the orchestration, lifecycle management, and deployment of containerized applications. The repository provides a comprehensive suite for self-hosted infrastructure, covering network management tools, media streaming, and home automation. It includes specialized configurations for securing internal services via reverse proxies, WireGuard VPN tunnels, and automated SSL/TLS certificate manageme
Alerts administrators via webhooks when unknown MAC addresses are detected on the network.