30 open-source projects similar to bitly/oauth2_proxy, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Oauth2 Proxy alternative.
Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes n
Hydra is a headless identity server that functions as a certified OAuth2 and OpenID Connect provider. It is designed as an authentication engine that manages authorization handshakes and token lifecycles while remaining decoupled from the user interface. The project distinguishes itself through a headless architecture, allowing external management of login and consent flows. It provides specialized capabilities for dynamic client registration, JSON Web Token issuance, and a system for rotating encryption secrets without service downtime. The system covers a broad range of identity operations
Dex is an OpenID Connect provider and identity federation proxy that translates authentication signals from various upstream sources into a unified OpenID Connect interface. It functions as a multi-protocol identity broker, enabling client applications to implement a single standard while delegating user verification to external identity providers. The project distinguishes itself through a pluggable connector architecture that bridges disparate protocols including LDAP, SAML, and OAuth2. It provides specific integrations for services such as GitHub, Google, GitLab, and Microsoft, while offer
Sozu is a high-performance, memory-safe reverse proxy and load balancer built in Rust. It is designed to manage HTTP, TCP, and UDP traffic through a multi-process architecture that leverages isolated worker processes to ensure fault tolerance and efficient resource utilization across multi-core hardware. The project distinguishes itself through a focus on continuous availability and dynamic control. It features a unique binary hot-reloading mechanism and a Unix-socket-based control plane, allowing administrators to update proxy configurations, modify listener settings, and even replace the pr
This project is a Bing AI proxy gateway and web-based chat interface. It functions as a Go reverse proxy that routes HTTP traffic to external AI endpoints, allowing users to bypass regional network restrictions and login requirements. The system utilizes SOCKS5 proxy tunneling and environment-variable configuration to circumvent IP-based blocking and regional firewalls. It manages authentication by injecting predefined session cookies into outgoing requests to maintain private AI sessions and unlock personalized features. The application integrates a Vue-based single page application for the
Next Terminal is an enterprise bastion host platform that brokers and audits remote access to servers and devices. It functions as a centralized gateway unifying access to Windows, Linux, and legacy systems through a single authenticated interface, supporting RDP, SSH, VNC, Telnet, and HTTP protocols. The platform combines certificate management, policy-based access control, reverse tunnel agents, session recording, and web proxy interception into a unified security gateway. It deploys lightweight agents in internal networks that build reverse tunnels to a central site, eliminating per-locati
Tailscale is a zero-trust networking overlay that connects distributed devices and services into a private, encrypted mesh network. By utilizing a high-performance, user-space implementation of the WireGuard protocol, it establishes secure peer-to-peer tunnels across diverse network topologies without requiring complex firewall configuration. The platform operates on a centralized control plane that manages global network state, authentication, and policy distribution, ensuring that connectivity is governed by identity rather than traditional IP-based rules. What distinguishes Tailscale is it
Authlogic is a Ruby authentication framework designed to manage user identities, session persistence, and secure password hashing. It provides a system for verifying user credentials against stored records using configurable identity fields. The framework distinguishes itself through its provider-based identity integration, allowing applications to connect authentication flows to external services including OAuth, OpenID Connect, LDAP, and various social media platforms. It also includes an extensibility model that executes custom user-defined code via hooks and callbacks during identity veri
OpenList is a cloud storage indexing platform that transforms remote file collections into searchable lists and standardized streaming media endpoints. It functions as a centralized gateway, allowing users to connect external storage providers and manage their data through a unified interface. The platform distinguishes itself by providing a dedicated security layer for API authentication and traffic proxying, which protects user credentials while managing connectivity for distributed components. It also features automated service lifecycle management, enabling the deployment and maintenance
Login-with is a centralized authentication gateway designed to decouple identity verification from individual application services. It functions as a stateless microservice that orchestrates user login and logout flows by integrating with external identity providers. The project distinguishes itself through its ability to manage user sessions across multiple subdomains. By issuing encrypted, domain-wide cookies, it maintains consistent user state and profile information as users navigate between different parts of a distributed web architecture. The service handles the full lifecycle of user
Tinyauth is an authentication middleware service and identity provider that verifies user identities to grant system access. It operates as a standalone server or as an authentication gateway, utilizing a reverse proxy model to intercept requests and validate credentials before traffic reaches protected backend services. The project functions as an OpenID Connect provider for single sign-on experiences and an OAuth 2.0 gateway that delegates verification to external providers such as Google and GitHub. It also acts as an LDAP authentication server, allowing for centralized user management and
This project is an Android password manager application that provides an end-to-end encrypted vault for storing and synchronizing login credentials, secure notes, and identities. It functions as a secure storage system using zero-knowledge encryption to ensure that only the user can decrypt their stored data. The application integrates directly with the Android system to provide an autofill service that populates usernames and passwords into mobile apps and browser login fields. It also serves as a passkey management wallet for FIDO2 cryptographic passkeys and a time-based one-time password a
ZenML is an extensible machine learning orchestration framework designed to manage the end-to-end lifecycle of data pipelines and AI agent workflows. It functions as a durable orchestrator that executes machine learning tasks as directed acyclic graphs, ensuring that every step is containerized for consistent performance across local, cloud, and hybrid infrastructure. By decoupling pipeline code from underlying compute and storage backends, the platform allows developers to define infrastructure-agnostic stacks that remain portable across diverse environments. The project distinguishes itself
This project is a high-performance, distributed API gateway designed to manage, secure, and observe traffic for microservices, serverless functions, and artificial intelligence model providers. It functions as a dynamic service proxy and cloud-native ingress controller, centralizing policy enforcement and traffic routing through a unified configuration interface that synchronizes state across multiple nodes in real time. The platform distinguishes itself through a highly extensible architecture that utilizes a high-performance scripting engine to execute modular logic directly within the requ
This is a Backend-as-a-Service SDK for React Native, providing a library to integrate mobile applications with backend services. It serves as a client for managing user authentication, cloud databases, and remote file storage within a mobile environment. The SDK enables mobile developers to implement secure login flows using OAuth, email, and phone verification. It includes a database client for performing CRUD operations on structured data and a storage client for uploading and retrieving binary assets from remote cloud buckets. Additionally, it features a WebSocket-based interface to receiv
NetBird is a zero-trust networking platform that builds secure, encrypted peer-to-peer overlay networks using the WireGuard protocol. It functions as a software-defined perimeter, connecting distributed infrastructure across cloud environments and physical locations while hiding network resources from the public internet. By integrating with external identity providers, the platform enforces granular access control and identity-based segmentation for every user and device. The platform distinguishes itself through extensive automation and programmatic management capabilities. It provides a ce
This project is a reference implementation and boilerplate for managing user authentication and session state within the Next.js framework. It serves as a practical example of how to integrate NextAuth.js to protect routes and handle identity verification. The repository demonstrates several authentication workflows, including OAuth identity integration with third-party providers, passwordless authentication using email magic links, and traditional credentials-based sign-in. It specifically showcases how to replace default authentication screens with custom branded sign-in pages. The impleme
minio-go is a client library and software development kit for interacting with S3-compatible object storage. It provides a programmatic interface for Go applications to manage buckets and objects using the S3 protocol. The library enables the execution of complex storage operations, including multi-part uploads for large datasets, data synchronization between filesystems, and the management of bucket lifecycle and replication policies. It also supports advanced data retrieval through object searching and SQL-based querying of stored data. The toolkit covers a broad range of administrative an
Invidious is a privacy-focused, self-hosted alternative frontend for mainstream video platforms. It operates as a decentralized network of independent instances that provide a lightweight, ad-free interface for consuming media. By acting as a proxy between the user and the content provider, the platform prevents tracking and data collection while maintaining a familiar browsing experience. The project distinguishes itself through its robust suite of network-level traffic management and anonymization tools. It employs techniques such as IP rotation, reverse proxy stream routing, and integratio
Kratos is a centralized identity and access management server designed to handle user registration, authentication, and profile management. It functions as an identity flow orchestrator, managing the state and security of authentication processes across web, mobile, and command-line interfaces. The system provides a standards-compliant authorization server that issues tokens and manages delegated access for third-party applications and internal services, supporting multi-factor authentication and custom identity schemas to secure user accounts. The project distinguishes itself through a headl
Azkaban is a distributed workflow manager and DAG-based job orchestrator designed as an enterprise batch processor. It serves as a Java-based workflow engine that schedules and executes complex job sequences across a cluster of executor servers, with specific functionality for managing big data workloads on Hadoop clusters. The system distinguishes itself through a distributed executor model that coordinates state via a shared database to ensure high availability. It employs a plugin-based architecture that allows for custom job types and system functionality extensions, including the ability
Hertz is a high-performance Go HTTP framework designed for building scalable microservices, RESTful APIs, and AI applications. It functions as a high-performance web server and a communication framework for microservices, utilizing non-blocking I/O and zero-copy memory management to handle high-concurrency traffic. The project distinguishes itself through a microservices communication toolkit that supports high-efficiency remote procedure calls via gRPC and Thrift protocols. It implements an asynchronous middleware engine based on an onion model, allowing for a pluggable request-response pipe
OpenZeppelin Contracts is a library of modular, secure, and reusable smart contract components designed for the development of decentralized applications. It provides a foundational framework for building standard-compliant contracts, offering battle-tested implementations for token standards, access control, and common utility patterns. The project distinguishes itself through its comprehensive support for complex architectural patterns, including proxy-based upgradeability, role-based access control, and account abstraction. It enables developers to implement modular logic injection via hoo
Kanidm is a centralized identity management server designed to handle authentication, authorization, and directory services across distributed infrastructure. It provides a comprehensive framework for managing human and service accounts, utilizing a schema-driven database to store identity records, group memberships, and system attributes. The platform supports a wide range of authentication methods, including passkeys, passwords, and standard protocols like OAuth2, OIDC, LDAP, and RADIUS. The system distinguishes itself through a granular access control engine that enforces security policies
This project is a multi-protocol API simulation and mocking system designed to replace external dependencies during development and testing. It provides an API mocking server, a network traffic proxy, and specialized simulators for language model services and identity providers. The system distinguishes itself through deep AI simulation capabilities, including the emulation of language model providers and Model Context Protocol servers using JSON-RPC 2.0. It supports multi-turn conversational logic, state tracking for AI chat APIs, and the visualization of agent execution through call graphs
all-in-one is a containerized deployment system designed to install and manage a complete suite of productivity and collaboration services. It functions as a cloud suite deployer that orchestrates the installation of a self-hosted content platform, incorporating necessary dependencies via Docker or Kubernetes. The project distinguishes itself by providing a web-based dashboard for orchestrating, updating, and monitoring the lifecycle of service containers. It also serves as a local AI inference server, enabling the execution of generative text models, image diffusion, and speech processing on
Clashfree is a network traffic routing platform designed to facilitate access to restricted online resources and digital services. It functions as a proxy configuration management tool that enables users to route internet traffic through encrypted tunnels, effectively bypassing regional access restrictions. The system provides a centralized way to manage network proxy connections and organize multiple routing profiles across various environments. The project distinguishes itself by providing automated subscription services that distribute daily updated proxy node lists and configuration files
VictoriaMetrics is a high-performance, scalable time series database and observability platform designed for long-term storage and analysis of metric, log, and trace data. It functions as a unified backend for monitoring ecosystems, offering full compatibility with industry-standard protocols and query languages. The system is built to handle massive data volumes through a distributed architecture that supports horizontal scaling and efficient data lifecycle management. The platform distinguishes itself through a storage engine that utilizes consistent hashing for data sharding and log-struct
The Snyk CLI is a command-line security scanner that detects known vulnerabilities across open-source dependencies, proprietary application code, container images, and infrastructure-as-code configuration files. It also serves as a platform management tool, allowing users to configure organizations, users, SSO, and reporting from the terminal rather than the web dashboard. The CLI integrates directly into development workflows, enabling scanning within IDEs, build pipelines, and version control systems. It implements static analysis with interfile data flow analysis to find complex security f
This project is a comprehensive library of reference implementations and patterns for building web applications using the Go Fiber framework. It provides curated templates and implementation guides for creating REST APIs, web servers, and structured backend services. The repository serves as a practical resource for applying architectural patterns, including Clean and Hexagonal architectures, as well as port-and-adapter decoupling. It offers detailed examples for integrating common web features such as OAuth2 authentication, JWT verification, WebSockets for real-time communication, and server