awesome-repositories.com
Blog
awesome-repositories.com

Descubre los mejores repositorios open-source con nuestra búsqueda potenciada por IA.

ExplorarBúsquedas curadasAlternativas open-sourceSoftware autohospedableBlogMapa del sitio
ProyectoAcerca deCómo clasificamosPrensaServidor MCP
Aviso legalPrivacidadTérminos
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
volatiletech avatar

volatiletech/authboss

0
View on GitHub↗
4,189 estrellas·222 forks·Go·MIT·2 vistas

Authboss

Authboss es un framework de autenticación modular diseñado para gestionar la identidad del usuario y la orquestación de cuentas. Proporciona un sistema integral para manejar el registro de usuarios, la verificación por correo electrónico y el ciclo de vida completo de los perfiles de usuario.

El framework se distingue por un conjunto enfocado de herramientas de seguridad e identidad, incluyendo autenticación multifactor mediante contraseñas basadas en tiempo y SMS, e integración de identidad con proveedores externos utilizando protocolos OAuth1 y OAuth2. También incluye un gestor de seguridad de cuentas dedicado que implementa protección contra fuerza bruta mediante bloqueo de cuentas basado en credenciales y hashing de contraseñas adaptativo.

En términos generales, el proyecto cubre la gestión del ciclo de vida de la sesión, incluyendo cookies de inicio de sesión persistentes y tiempos de espera por inactividad, así como flujos de recuperación de cuenta para contraseñas olvidadas. También proporciona middleware de solicitud para el control de acceso a rutas y admite la renderización de vistas de autenticación en HTML o JSON.

Features

  • User Account Management - Manages the full lifecycle of user profiles, from registration and email verification to password resets.
  • Server-Side Session Storages - Stores and retrieves user identity state across requests using server-side storage and secure cookies.
  • Account Brute-Force Protection - Implements brute-force protection by tracking failed attempts and locking accounts in the database.
  • Account Recovery - Provides a secure flow for users to reset forgotten passwords via email verification tokens.
  • Email Verification Flows - Generates secure, short-lived hashes sent via email to verify account ownership during registration and resets.
  • OAuth and Identity Providers - Delegates user authentication to external identity services using OAuth1 and OAuth2 protocols.
  • Email Verifications - Prevents login attempts until users confirm their email addresses to prove account ownership.
  • Identity Authentication - Provides a modular framework for configuring session-based authentication and identity management tailored to project needs.
  • User Identity Verification - Verifies user identities through external providers using standard token-based authentication protocols.
  • Account Registrations - Handles the full account creation process, including the setup of user identities and optional email verification.
  • OAuth1 Implementations - Verifies user identities through external providers using the OAuth1 token protocol.
  • OAuth2 Implementations - Verifies user identities through external providers using the OAuth2 token protocol.
  • Multi-Factor Authentication - Provides a complete multi-factor authentication suite including SMS and TOTP verification.
  • OAuth Provider Integrations - Provides seamless integration with external identity providers like Google and GitHub via OAuth protocols.
  • OAuth Flow Implementations - Implements a standardized sequence of redirects and callback handlers for external identity provider authentication.
  • OAuth2 Integration - Implements secure user authorization and single sign-on via OAuth2 provider integration.
  • One-Time Passwords - Provides a second security layer by validating time-based numeric codes against a shared secret.
  • Middleware Route Filters - Uses request middleware to verify session states and block unauthenticated users from protected routes.
  • Session-Cookie Persistences - Uses persistent cookies and tokens to maintain authenticated sessions across different browser restarts.
  • Session Lifecycle Management - Manages the full session lifecycle, including persistent cookies and inactivity timeouts.
  • Inactivity Session Termination - Automatically terminates user sessions after a configured period of inactivity by monitoring activity timestamps.
  • User Session Termination - Implements mechanisms to explicitly destroy active user sessions for both standard and OAuth2 authentication flows.
  • Session Persistence - Maintains user identity across requests using unique identifiers stored in cookies and server-side storage.
  • Two-Factor Authentication - Adds a second security layer using time-based passwords, SMS codes, or recovery codes.
  • TOTP Enforcers - Enforces a second security layer during login using TOTP authenticator apps or SMS verification.
  • Brute Force Protection - Locks user accounts after repeated failed authentication attempts to stop brute-force attacks.
  • Password Resets - Provides a secure password recovery flow driven by email-based verification tokens.
  • Credential Authentications - Verifies user identities by checking provided passwords against stored records to grant session access.
  • User Registrations - Create new user accounts while preserving input data during validation failures.
  • Session Expiration Policies - Invalidates active login sessions after a set period to force user re-authentication.
  • Authentication Frameworks - Provides a modular PHP-based framework for handling user registration, password resets, and session management.
  • Account Locking - Block account access after repeated failed authentication attempts to prevent unauthorized entry.
  • Adaptive Hashing Costs - Automatically updates password hashes during login to increase computational complexity as hardware improves.
  • Logic Customizers - Offers programmable extensions to customize authentication routing, error handling, and response rendering.
  • Route-Based Access Restrictions - Provides request middleware to block unauthenticated or locked users from accessing specific routes.
  • Session State Persistence - Maintains authenticated user identities across browser restarts using secure long-term tokens.
  • Remember-Me Persistence - Uses persistent cookies to maintain authentication across different browser sessions.
  • Backup Code Management - Generates and validates one-time backup recovery codes for account access when second-factor methods are unavailable.
  • Account Security Policies - Enforces security policies including account locking and adaptive password hashing.
  • Password Changes - Enables updating user passwords while simultaneously adjusting cryptographic hashing costs and invalidating remember-me tokens.
  • Authentication and Authorization - Modular web authentication system.
  • Security & Privacy - Modular authentication system for web applications.

Historial de estrellas

Gráfico del historial de estrellas de volatiletech/authbossGráfico del historial de estrellas de volatiletech/authboss

Búsqueda con IA

Explora más repositorios increíbles

Describe lo que necesitas en lenguaje sencillo: la IA clasifica miles de proyectos open-source curados por relevancia.

Start searching with AI

Alternativas open-source a Authboss

Proyectos open-source similares, clasificados según cuántas características comparten con Authboss.
  • aarondl/authbossAvatar de aarondl

    aarondl/authboss

    4,189Ver en GitHub↗

    Authboss is a modular HTTP authentication framework for managing user identity, session lifecycles, and password security. It provides a system of identity access middleware to control route access and synchronize user identity across requests via standard web protocols. The framework is distinguished by a pluggable architecture that allows for the registration of independent modules to extend identity logic. It utilizes a hook-based event system to execute custom business logic during authentication state changes and employs a selector-verifier token pattern to protect against timing attacks

    Go
    Ver en GitHub↗4,189
  • teamhanko/hankoAvatar de teamhanko

    teamhanko/hanko

    8,801Ver en GitHub↗

    Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey authentication service and an OAuth and SAML SSO gateway, allowing applications to authenticate users and issue tokens via standard identity protocols. The project distinguishes itself through a strong focus on passwordless access using WebAuthn-based passkeys and email-based passcodes. It provides framework-agnostic authentication interfaces as customizable web components that can be embedded directly into web applications to handle login, registration, and profile management.

    Go2faauthenticationciam
    Ver en GitHub↗8,801
  • laravel/jetstreamAvatar de laravel

    laravel/jetstream

    4,060Ver en GitHub↗

    Jetstream is an application scaffold for Laravel that provides a pre-built identity system and team collaboration framework. It serves as a starter kit that integrates user authentication, profile management, and organizational tools into a unified project structure. The project is distinguished by its comprehensive team management capabilities, which include shared workspace organization, member invitation workflows, and role-based access control. It also features an integrated API token manager for issuing and controlling secure access tokens for external clients. The platform covers a bro

    PHPauthlaraveltailwind
    Ver en GitHub↗4,060
  • quantumnous/new-apiAvatar de QuantumNous

    QuantumNous/new-api

    39,722Ver en GitHub↗

    This project is an AI model API gateway and proxy server designed to provide a unified interface for interacting with diverse artificial intelligence service providers. It functions as a centralized middleware platform that routes, load balances, and translates API requests across multiple models, enabling developers to access text, image, audio, and video generation capabilities through a single, standardized integration. The gateway distinguishes itself through comprehensive administrative and financial controls, including event-driven usage accounting, real-time token consumption tracking,

    Goai-gatewayclaudedeepseek
    Ver en GitHub↗39,722
Ver las 30 alternativas a Authboss→

Preguntas frecuentes

¿Qué hace volatiletech/authboss?

Authboss es un framework de autenticación modular diseñado para gestionar la identidad del usuario y la orquestación de cuentas. Proporciona un sistema integral para manejar el registro de usuarios, la verificación por correo electrónico y el ciclo de vida completo de los perfiles de usuario.

¿Cuáles son las características principales de volatiletech/authboss?

Las características principales de volatiletech/authboss son: User Account Management, Server-Side Session Storages, Account Brute-Force Protection, Account Recovery, Email Verification Flows, OAuth and Identity Providers, Email Verifications, Identity Authentication.

¿Qué alternativas de código abierto existen para volatiletech/authboss?

Las alternativas de código abierto para volatiletech/authboss incluyen: aarondl/authboss — Authboss is a modular HTTP authentication framework for managing user identity, session lifecycles, and password… teamhanko/hanko — Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey… laravel/jetstream — Jetstream is an application scaffold for Laravel that provides a pre-built identity system and team collaboration… quantumnous/new-api — This project is an AI model API gateway and proxy server designed to provide a unified interface for interacting with… nextauthjs/next-auth-example — This project is a reference implementation and boilerplate for managing user authentication and session state within… lucia-auth/lucia — Lucia is an authentication library that provides session management, OAuth integration, and password-based login for…