MFA and TOTP Authentication Libraries

Authelia is a centralized identity and access management server designed to secure web applications through unified authentication and authorization. It functions as an identity authority that enables single sign-on across diverse platforms, allowing users to access multiple services with a single set of credentials. By acting as a standards-compliant provider, it facilitates secure identity propagation and token issuance for client applications. The platform distinguishes itself through its ability to integrate directly with web gateways as a reverse proxy authentication middleware, intercepting requests to validate user identity before granting access to protected resources. It enforces granular access control policies and provides robust multi-factor authentication, supporting various verification methods such as hardware security keys, mobile push notifications, and time-based one-time passwords. To maintain consistency across distributed environments, it utilizes stateless session management via encrypted cookies. Authelia offers a flexible integration surface, featuring a pluggable backend that supports multiple external directory services like LDAP alongside internal database options. Its configuration is managed through a declarative, version-controlled YAML schema, which can be further automated using environment variables. The project provides comprehensive command-line tooling for policy validation and configuration management, with native support for deployment in containerized and orchestrated environments.

This is a Backend as a Service SDK for Apple platforms, providing a collection of libraries that connect iOS and macOS applications to cloud databases, authentication services, and serverless infrastructure. It serves as a developer kit for integrating real-time data synchronization, file storage, and push notifications into native apps. The SDK is distinguished by its generative AI integration, which routes text and multimodal prompts between on-device models and cloud-hosted large language models. It further differentiates itself with a specialized app distribution tool for managing pre-release binaries, tester groups, and stability tracking. The platform covers a broad range of capabilities, including identity management with multi-provider sign-in, global data storage with ACID transactions and offline persistence, and comprehensive observability through crash reporting and performance monitoring. It also provides tools for remote configuration, behavioral messaging, and serverless backend logic execution. Integration is supported via the Swift Package Manager, CocoaPods, and Carthage.

Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes network state using version-controlled manifests. It supports complex connectivity requirements through peer-to-peer NAT traversal, which facilitates direct encrypted connections between nodes, with automatic fallback to server-based relaying when necessary. Additionally, it provides browser-based access to remote resources, eliminating the need for local client software for many common administrative and service-access tasks. Beyond its core tunneling capabilities, the platform includes a comprehensive suite of tools for traffic management, security, and observability. It features granular access control policies based on user identity, geolocation, and network attributes, alongside automated certificate management and multi-factor authentication. The system also provides extensive monitoring, audit logging, and alerting capabilities to track infrastructure health and security events across multi-site deployments. Pangolin is designed for containerized and multi-site environments, offering flexible deployment options through standard packaging and automated reconciliation workflows.

This project is a modular authentication framework designed to manage user identity, session tracking, and access control across web applications. It provides a unified solution for handling email-based credentials and social identity federation, allowing developers to implement secure login and registration flows that maintain consistent user states across client and server environments. The system utilizes a plugin-based architecture and middleware-driven request interception to allow for the extension of core authentication logic. It features type-safe schema generation, which derives database structures and API contracts directly from configuration, and employs a database-agnostic adapter pattern to interface with various storage backends. These capabilities enable the creation of custom security logic and database schemas that adapt to specific application requirements. To support development, the framework includes integrated tooling that provides context-aware knowledge to coding assistants. By configuring agent skills and connecting documentation through standardized protocols, developers can automate the implementation of authentication patterns while ensuring adherence to established conventions and security standards.

Filament is a full-stack framework for building administrative panels and management interfaces within the Laravel ecosystem. It provides a declarative, component-based architecture that allows developers to construct complex, data-driven applications using server-side configuration objects rather than manual HTML. By inspecting database model structures and relationships, the framework automates the generation of CRUD interfaces, forms, and data tables, significantly reducing boilerplate code. The project distinguishes itself through a highly modular and extensible design that supports custom plugins, themes, and specialized dashboard widgets. It features a fluent, object-oriented API for defining UI components, validation rules, and data persistence logic, while maintaining application state between the browser and server over a persistent connection. Developers can further customize the interface through dynamic configuration, custom Blade view embedding, and a comprehensive system for managing user identity, multi-tenancy, and role-based access control. Beyond core CRUD capabilities, the framework includes advanced tools for data presentation, such as interactive charts, statistical summaries, and global search functionality. It also provides robust support for complex data entry, including multistep wizards, repeatable form blocks, and file management. The system is designed for reliability, offering built-in observability, automated testing helpers, and performance optimizations like asset scoping and client-side navigation. The framework is distributed as a set of packages that integrate directly into existing Laravel applications, with command-line utilities available to scaffold resources and administrative components.

This project is a comprehensive cryptographic toolkit that provides a collection of standard security algorithms and protocols for implementing data encryption and network communication. It serves as a foundational library for securing software applications through a wide range of cryptographic functions. The architecture is defined by a modular provider system that allows for the dynamic loading of external cryptographic implementations without requiring modifications to the core application binary. It supports metadata-driven algorithm querying, which resolves security primitives by matching requested properties against available provider capabilities. Furthermore, the library enables the creation of isolated security contexts, allowing different application components to maintain independent configuration states and security parameters within the same process. The toolkit includes support for FIPS-validated module encapsulation, which restricts cryptographic operations to a hardened boundary to meet strict government and industry compliance standards. It also utilizes a dispatch-table abstraction to decouple high-level security requests from underlying algorithm logic. Comprehensive technical documentation is available to assist with security operations, migration, and compliance validation.

Dockhand is a multi-host Docker manager and container management interface used to control the lifecycle of containers, images, volumes, and networks. It functions as a Docker Compose orchestrator and GitOps deployment tool, enabling the synchronization of application stacks directly from remote Git repositories. The project distinguishes itself as an enterprise Docker access controller, providing role-based access control and identity verification through OIDC, LDAP, and multi-factor authentication. It secures sensitive data using AES-256-GCM encryption for credentials at rest and handles native TLS termination for its interface and API. The platform covers a broad range of operational capabilities, including real-time resource monitoring, log streaming, and image vulnerability scanning. It provides tools for remote Docker orchestration via sockets or TCP, as well as interactive web-based terminals and visual filesystem browsers for managing container data. Automation is handled through scheduled image updates, maintenance tasks, and webhook-driven deployment triggers.

Ente is a privacy-focused platform for end-to-end encrypted storage and two-factor authentication management. It functions as a zero-knowledge identity provider, ensuring that all cryptographic operations, key derivation, and data encryption occur locally on the user's device. By maintaining this architecture, the service provider remains unable to access or decrypt any stored personal information or authentication credentials. The platform distinguishes itself through a combination of on-device intelligence and resilient data distribution. It utilizes a local machine learning engine to perform resource-intensive tasks such as semantic image searching and facial recognition directly on the user's hardware, ensuring that sensitive visual data never leaves the device. To guarantee high availability and data permanence, the system replicates encrypted information across multiple independent cloud providers and geographic regions, protecting against provider outages or regional failures. Beyond its core storage and security capabilities, the project includes sophisticated resource scheduling that monitors device telemetry to manage background processing tasks efficiently. It also provides a comprehensive authentication manager that supports secure token imports and offline operation, allowing users to maintain control over their credentials with or without cloud synchronization.

Dokploy is a self-hosted platform-as-a-service designed to simplify the deployment and management of containerized applications and databases. It provides a centralized control plane that decouples administrative management from application workloads, allowing users to oversee infrastructure across multiple server nodes through a unified web interface or a command-line tool. The platform distinguishes itself through an extensive library of pre-configured application templates, enabling the rapid deployment of databases, identity providers, and various productivity or development tools. It supports complex orchestration by allowing users to define multi-container services using standard configuration files, which can be managed through automated build pipelines, Git integration, and real-time performance monitoring. Beyond core deployment, the system includes robust infrastructure management capabilities such as automated backups to external object storage, horizontal and vertical scaling, and granular access control. It also provides secure configuration management, including environment variable synchronization, HTTPS certificate handling, and zero-downtime deployment strategies to ensure application stability and security. The platform is designed for ease of use, offering an interactive API documentation interface and instructional resources to guide users through installation and configuration. It supports a wide range of modern web frameworks and runtimes, providing a flexible environment for hosting and maintaining services on private server hardware.

This project is a cross-platform credential management suite designed to store sensitive information in encrypted local databases. It functions as a secure desktop application that provides a unified environment for organizing secrets, generating passwords, and managing multi-factor authentication tokens. By utilizing industry-standard file formats, the application ensures that stored credentials remain secure and interoperable across different operating systems. The software distinguishes itself through deep integration with hardware-backed security and system-level services. It supports physical security tokens for challenge-response authentication, requiring hardware-based verification to unlock databases. Additionally, the application features an automated bridge for browser extensions to facilitate form filling and credential retrieval, alongside a system agent integration that dynamically manages SSH keys based on the current lock state of the database. Beyond core credential storage, the project includes a modular engine for performing administrative tasks such as security audits and data migrations. It also supports secondary protection layers, allowing users to require specific key files alongside master passwords to authorize access. The development process relies on containerized build environments to ensure consistent and reproducible native binaries for Windows, macOS, and Linux.

Docmost is an open-source knowledge management system designed as a collaborative documentation platform for teams. It functions as an enterprise wiki that centralizes organizational information into structured, searchable workspaces, enabling users to create, organize, and share content through a hierarchical system of spaces and pages. The platform distinguishes itself by integrating artificial intelligence directly into the documentation lifecycle. It utilizes vector-based semantic search to allow for natural language queries across stored content and provides AI-assisted tools for drafting, summarizing, and refining documents. To support team workflows, it features a block-based editor for rich text authoring and visual diagramming, paired with real-time collaboration capabilities that synchronize changes across multiple users. The system is built for enterprise environments, offering granular access control, multi-factor authentication, and identity provider integration for centralized user management. It also includes programmatic access through a REST API, allowing for the automation of resource management and integration with external software tools. The platform supports flexible deployment with configurable storage backends and automated security certificate management. It is designed to be self-hosted, providing the necessary infrastructure to manage documentation security and lifecycle workflows within an organization.

This project is a command-line tool that automates the entire lifecycle of security certificates using standard domain validation protocols. It functions as a background service to manage the issuance, renewal, and installation of certificates, ensuring that encrypted web traffic remains active without requiring manual intervention. The tool distinguishes itself through extensive support for automated domain ownership verification, including the ability to issue wildcard certificates by programmatically interacting with external domain name system providers. It provides flexible validation options, such as using a temporary, ephemeral web server to handle challenges in isolated environments, which allows for certificate generation without needing an existing web server or active website. Beyond issuance, the system includes robust deployment capabilities that integrate directly with server environments. Through customizable hooks, it can automatically update server configuration files and reload services to apply new cryptographic assets immediately upon renewal. The software is built as a modular collection of POSIX-compliant scripts that leverage standard system utilities and support various cryptographic key types to meet diverse security requirements.

DataEase is an open-source, self-hosted business intelligence platform designed for building interactive data visualizations and managing analytical reporting. It provides a centralized environment where users can construct dashboards through a drag-and-drop interface, connecting to diverse data sources including relational databases, data warehouses, and external APIs. The platform distinguishes itself through its focus on embedded analytics and enterprise-grade governance. It allows for the seamless integration of charts, dashboards, and management modules into third-party web applications using secure iframe containers and token-based authentication. To support complex organizational needs, it includes granular role-based access control, row-level data filtering, and hierarchical organization management, ensuring that data remains secure and isolated across different departments. Beyond core visualization, the system offers extensive automation and connectivity features. It supports automated report scheduling and distribution, cross-source data modeling, and a plugin-based architecture that allows for the addition of custom data sources and visualization types. The platform also includes robust monitoring tools, such as threshold-based alerting and execution logging, to maintain operational visibility over automated tasks. The system is built to be highly configurable, offering options for platform branding, global variable definitions, and comprehensive identity management through integrations with external authentication providers.

This project is a command-line utility for downloading media from various online platforms. It provides comprehensive tools for selecting specific video and audio formats, managing playlist downloads, and filtering content based on metadata such as upload dates and file sizes. The software includes extensive filesystem and output controls, allowing users to define custom naming templates, manage subtitle tracks, and retrieve thumbnails. An automated post-processing pipeline supports tasks like audio extraction, format conversion, and metadata embedding. To ensure reliable operation, the tool offers configurable network settings, including proxy support, retry logic, and rate limiting. It also provides authentication management for restricted content and simulation modes that allow users to extract metadata or URLs without initiating a full download.

This project is an Android password manager application that provides an end-to-end encrypted vault for storing and synchronizing login credentials, secure notes, and identities. It functions as a secure storage system using zero-knowledge encryption to ensure that only the user can decrypt their stored data. The application integrates directly with the Android system to provide an autofill service that populates usernames and passwords into mobile apps and browser login fields. It also serves as a passkey management wallet for FIDO2 cryptographic passkeys and a time-based one-time password authenticator. The project covers a broad range of security and access capabilities, including biometric vault unlocking, multi-factor authentication, and secure credential generation. It supports organizational vault management with permission-based secret sharing and integrates with corporate identity providers via single sign-on and directory services. Additional features include data breach monitoring, encrypted file attachments, and emergency account recovery mechanisms.

Signal-Android is an end-to-end encrypted messaging platform designed to ensure that only the sender and recipient can access communication content. The project provides a comprehensive framework for secure, asynchronous message initiation and key agreement, allowing users to establish private channels without requiring simultaneous online presence. It relies on a state machine architecture to manage communication epochs and authentication, ensuring consistent security transitions throughout the messaging lifecycle. The platform distinguishes itself through a hybrid cryptographic approach that combines multiple mathematical protocols to defend against potential security compromises. It implements advanced ratcheting mechanisms to provide forward secrecy and automatic recovery from breaches, while incorporating quantum-resistant layers to protect against future computing threats. Furthermore, the system supports secure multi-device synchronization, enabling users to maintain consistent identity keys and session history across multiple hardware devices. Beyond its core messaging capabilities, the project includes robust mechanisms for data integrity and transmission reliability. It utilizes erasure-coded chunking to ensure that large data packets can be reconstructed over unstable network connections and employs deterministic elliptic curve signing to verify message authenticity. The system also manages session lifecycles by rotating keys and expiring inactive connections to minimize windows of vulnerability.

Infisical is a centralized secrets management platform designed to store, synchronize, and control access to sensitive credentials and configuration data across distributed development, staging, and production environments. It employs client-side encryption to ensure that secrets remain unreadable to the underlying storage infrastructure, while providing a hierarchical permission model to govern both user and machine access. The platform distinguishes itself through dynamic credential provisioning, which generates short-lived access tokens that are automatically revoked after use. It supports complex security workflows by integrating with external identity providers for federated authentication and offering a reverse tunneling gateway that allows secure access to private network resources without exposing inbound ports. Additionally, the system includes an event-driven audit engine that maintains an immutable record of all configuration changes and access requests to support compliance requirements. Beyond core secret storage, the platform provides comprehensive orchestration capabilities, including automated secret injection into containerized environments and infrastructure pipelines. It also features integrated public key infrastructure management for the lifecycle of digital certificates and automated scanning to detect hardcoded secrets in source code and CI pipelines. The platform supports flexible deployment models, allowing teams to either utilize managed cloud services or self-host the infrastructure within their own private networks. It provides a broad ecosystem of SDKs and a command-line interface to facilitate integration across various programming languages and deployment workflows.

Aegis is a mobile application designed to manage and store multi-factor authentication tokens. It functions as a local-first credential vault that generates time-based and counter-based one-time passwords to verify user identity across various online services. The application secures sensitive authentication data by employing authenticated symmetric encryption and hardware-backed key storage to protect credentials at rest. Access to the stored tokens is gated by system-level biometric authentication or password verification, ensuring that only authorized users can retrieve the generated security codes. To support data recovery and portability, the platform provides encrypted backup capabilities and facilitates synchronization with remote storage providers using end-to-end encryption. It also supports standardized data schemas for importing and exporting token databases, allowing for interoperability when migrating security records between different applications.

mkcert is a command-line utility designed to simplify local development by generating and managing locally-trusted development certificates. It creates a unique, self-signed root certificate authority on the local machine, which serves as a trusted source for issuing development credentials. By automating the generation of these certificates, the tool enables secure encrypted connections that browsers and operating systems accept without security warnings. The utility distinguishes itself by automatically configuring local trust stores, programmatically injecting the generated root certificate into system and browser databases. It supports complex development workflows through environment-variable-based configuration, allowing users to manage multiple certificate authorities across different projects and specify custom storage paths. This infrastructure ensures consistent security across diverse environments, including support for mobile device trust and remote machine installation. Beyond standard HTTPS testing, the tool provides capabilities for generating secure email certificates and integrating with specific application runtimes. It handles the underlying cryptographic key material generation and cross-platform path resolution required to maintain trust across various operating systems and development environments.

This project is a web-based platform designed for creating, managing, and sharing professional resumes. It functions as a structured document builder that integrates artificial intelligence to assist with content generation, editing, and analysis. Users can maintain a collection of resumes, customize their visual presentation through various templates, and export them into multiple formats for job applications. The platform distinguishes itself through its autonomous AI agent capabilities, which can perform research, suggest incremental edits, and apply data patches directly to documents. It also provides a secure, self-hostable environment that allows users to maintain full control over their data and infrastructure. The system supports advanced authentication methods, including passkeys and federated identity providers, ensuring that personal and professional information remains protected. Beyond core editing, the application includes tools for document organization, such as tagging, filtering, and legacy data migration. It features a robust document generation engine that separates content from design, allowing for precise layout control and styling. Users can share their resumes via password-protected public URLs and monitor document performance through integrated analytics. The application is designed for containerized deployment, utilizing Docker Compose to facilitate consistent installation across private infrastructure. It includes built-in health monitoring and feature flagging to manage system performance and functionality without requiring code redeployments.