12 रिपॉजिटरी
Verification of session tokens against an identity provider to ensure active authentication.
Distinct from Session Authentication: Focuses on the act of validating the token's current validity rather than the overall authentication flow
Explore 12 awesome GitHub repositories matching security & cryptography · Session Token Validation. Refine with filters or upvote what's useful.
Spectrum is an open-source community platform designed for developer teams to host real-time threaded discussions, share code, and collaborate around GitHub projects. It provides a complete environment for creating and managing online communities with organized channels, member roles, and content moderation tools that keep conversations civil and on-topic. The platform integrates directly with GitHub, enabling users to authenticate through GitHub OAuth, search across code repositories and projects, and connect discussions to repository activity. Spectrum offers role-based team permission mana
Issues and validates secure tokens to maintain authenticated user sessions across the platform.
Lucia is an authentication library that provides session management, OAuth integration, and password-based login for web applications. It creates and validates server-side sessions using cryptographically random tokens stored in HttpOnly, Secure, SameSite=Lax cookies, with constant-time token comparison to prevent timing side-channel attacks. The library supports authentication through email and password, GitHub OAuth, Google OAuth, and passkey-based sign-in. It enforces two-factor authentication using time-based one-time passwords (TOTP) from authenticator apps, generates recovery codes for
Manages the full lifecycle of server-side sessions including creation, validation, extension, and idle timeout.
Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey authentication service and an OAuth and SAML SSO gateway, allowing applications to authenticate users and issue tokens via standard identity protocols. The project distinguishes itself through a strong focus on passwordless access using WebAuthn-based passkeys and email-based passcodes. It provides framework-agnostic authentication interfaces as customizable web components that can be embedded directly into web applications to handle login, registration, and profile management.
Verifies session tokens against an API to ensure the user remains authenticated.
AllAboutBugBounty is a curated collection of bug bounty techniques and payloads for web application security testing. It serves as a reference resource covering common web vulnerabilities and exploitation methods for security researchers, providing a structured approach to identifying and exploiting web application security flaws in bug bounty programs. The repository covers a wide range of attack categories including authentication bypass, cross-site scripting injection, server-side request forgery, web cache poisoning, and business logic abuse. It includes techniques for bypassing access co
Covers techniques for bypassing CSRF token validation through value alteration and method switching.
यह एक बैकएंड-एज़-ए-सर्विस SDK है जो वेब और मोबाइल एप्लिकेशन को क्लाउड सेवाओं के एक सूट से जोड़ता है। यह उपयोगकर्ता पहचान प्रबंधित करने, सर्वरलेस लॉजिक निष्पादित करने और क्लाउड ऑब्जेक्ट स्टोरेज को संभालने के लिए एक एकीकृत इंटरफ़ेस प्रदान करती है। यह टूलकिट अपनी रीयल-टाइम डेटा सिंक्रोनाइज़ेशन द्वारा विशेषता है, जो NoSQL डॉक्यूमेंट डेटा को इन-बिल्ट ऑफ़लाइन पर्सिस्टेंस के साथ कई क्लाइंट्स में सुसंगत रहने की अनुमति देता है। यह विभिन्न पहचान प्रदाताओं के माध्यम से सुरक्षित उपयोगकर्ता पहुंच की सुविधा प्रदान करती है और HTTPS अनुरोधों या डेटाबेस इवेंट्स के जवाब में बैकएंड लॉजिक को निष्पादित करने के लिए सर्वरलेस फ़ंक्शन इनवोकेशन का प्रबंधन करती है। यह SDK NoSQL और रिलेशनल डेटाबेस प्रबंधन, क्रैश मॉनिटरिंग और उपयोगकर्ता व्यवहार विश्लेषण सहित परिचालन क्षमताओं की एक विस्तृत श्रृंखला को कवर करती है। यह रिमोट एप्लिकेशन कॉन्फ़िगरेशन, लक्षित पुश नोटिफिकेशन और AI-संचालित सुविधाओं के लिए बड़े भाषा मॉडल के एकीकरण के लिए टूल्स भी प्रदान करती है। यह प्रोजेक्ट TypeScript में कार्यान्वित है और भाषा-विशिष्ट लाइब्रेरी प्रदान करती है जो REST और WebSocket API को उच्च-स्तरीय विधियों में एब्स्ट्रैक्ट करती है।
Generates and verifies authentication tokens to manage privileged sessions and secure access to cloud resources.
supabase-js is a comprehensive client library designed to integrate frontend applications with a hosted backend-as-a-service. It provides a unified interface for interacting with a PostgreSQL database, identity management systems, cloud object storage, and real-time data synchronization. The library features an isomorphic client design that operates across both browser and server environments. It distinguishes itself through a type-safe approach, utilizing TypeScript to map database schemas directly to client-side definitions, and employs a PostgREST-based API to translate JavaScript calls in
Validates one-time passwords used for account sign-ups, magic links, and password recovery flows.
This is a JSON Web Token authentication package for the Django REST Framework that manages stateless user identities. It serves as an authentication provider and token manager used to issue and validate signed tokens to maintain user sessions across multiple requests. The project implements a dual-token lifecycle, issuing short-lived access tokens and long-lived refresh tokens to balance security with session persistence. It features token rotation to prevent replay attacks and a blacklisting system to invalidate compromised credentials. Additionally, it supports sliding-window expiration to
Tracks invalidated or rotated tokens in a database to prevent the reuse of compromised credentials.
This project is a technical tutorial and guide for implementing user identity and session management using JSON Web Tokens. It focuses on building a secure login system that verifies user identities in web and mobile applications. The material covers the full lifecycle of token-based security, including the issuance and validation of authentication tokens and the management of stateless sessions. It provides instructions on maintaining persistent user sessions through client-side storage and implementing session revocation to invalidate specific or all active tokens. The implementation detai
Verifies the signature and expiration of tokens found in request headers to authorize users.
GodotSteam is a game engine plugin and API wrapper that integrates the Steamworks SDK into the Godot engine. It serves as a bridge between the engine's scripting layer and platform services, allowing applications to access social features and platform-specific connectivity. The project utilizes a C++ wrapper and a C-compatible foreign function interface to bind the Steamworks SDK. It includes a session manager that handles application ID initialization and enforces that the application is launched through the Steam client to validate ownership and session integrity. The integration covers se
Checks for an active Steam client process to establish a valid authenticated session.
Kaneo is an open-source project management platform built around a kanban board interface for organizing tasks into columns with drag-and-drop status management. It functions as a self-hosted task manager that supports multiple workspaces, organizations, and role-based access control, with all persistent data stored in a PostgreSQL relational database and exposed through a RESTful JSON API. The platform distinguishes itself through deep external integration capabilities, connecting project workflows to GitHub, Gitea, Slack, Discord, and Telegram with automated event-driven actions. A webhook
Validates the current request's authentication token to ensure a secure and active user session.
This project is an authentication and authorization platform built on the Spring framework that functions as a centralized identity provider and authorization server. It manages user identities and protects resources by implementing standardized protocols to verify credentials and issue secure tokens for web applications. The platform distinguishes itself by providing a comprehensive framework for managing complex authorization flows and identity verification. It supports dynamic client registration to automate the onboarding of third-party applications and utilizes relational database persis
Maintains state consistency for tokens and authorization grants by persisting session data in relational database tables.
Screwdriver is a continuous delivery platform designed to orchestrate automated build, test, and deployment workflows. It functions as a containerized build orchestrator that manages the entire delivery lifecycle, from event-driven pipeline triggering to the execution of tasks within isolated, pluggable container environments. The platform distinguishes itself through a modular architecture that decouples build logic from underlying compute resources, allowing for consistent execution across diverse infrastructures. It provides robust pipeline configuration management, enabling teams to defin
Fetches current authentication tokens associated with active sessions to facilitate secure communication.