# casdoor/casdoor **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/casdoor-casdoor).** 13,026 stars · 1,568 forks · Go · apache-2.0 ## Links - GitHub: https://github.com/casdoor/casdoor - Homepage: https://casdoor.org - awesome-repositories: https://awesome-repositories.com/repository/casdoor-casdoor.md ## Topics `ai-gateway` `auth` `authentication` `authn` `casdoor` `faceid` `iam` `ldap` `llm-gateway` `mcp-gateway` `mfa` `oauth` `oidc` `radius` `saml` `scim` `single-sign-on` `sso` `totp` `webauthn` ## Description Casdoor is a centralized identity and access management platform that functions as an OAuth 2.0 authorization server. It provides a comprehensive suite of services for managing user identities, authentication sessions, and access policies across both web and machine-to-machine applications. Built with a decoupled frontend-backend architecture in Go, the platform supports high-concurrency environments and offers a web-based management interface for administrative tasks. The platform distinguishes itself through its extensive support for federated identity management, allowing integration with external providers via OIDC, SAML, and LDAP. It enforces granular security through role-based access control, scope-based permission validation, and hardware-backed authentication methods like WebAuthn. Beyond standard identity services, it includes specialized infrastructure for managing AI agent lifecycles, monitoring agent traffic, and securing tool access through delegated authentication. The system provides a broad capability surface that includes observability and audit logging, event-driven webhook notifications, and automated session management. It also offers developer-focused tools such as CLI-based authentication flows, secure token storage, and software development kits for integrating identity verification into external services. The platform is designed for flexible deployment, supporting configuration via JSON-based data initialization and providing APIs for querying system status and version information. ## Tags ### Security & Cryptography - [Bearer Token Authentication](https://awesome-repositories.com/f/security-cryptography/bearer-token-authentication.md) — Verifies bearer token signatures and claims to ensure secure access to protected resources. ([source](https://casdoor.org/docs/mcp-auth/setup)) - [Role-Based Access Control](https://awesome-repositories.com/f/security-cryptography/identity-access-management/access-control/data-resource-permissions/role-based-access-control.md) — Enforces granular permissions and role-based access policies for users and service clients. - [JWT Session Management](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/session-and-credential-handling/session-credential-management/jwt-session-management.md) — Maintains stateless user sessions using cryptographically signed tokens for distributed service authentication. - [Identity and Access Management Servers](https://awesome-repositories.com/f/security-cryptography/identity-and-access-management-servers.md) — Provides a high-concurrency, frontend-backend separated server for centralized identity and access management. ([source](https://casdoor.org/docs/overview)) - [Identity Federation Providers](https://awesome-repositories.com/f/security-cryptography/identity-federation-providers.md) — Acts as a central authorization server that delegates authentication to external providers using standard protocols like OIDC and SAML. - [Identity Providers](https://awesome-repositories.com/f/security-cryptography/identity-providers.md) — Acts as a centralized authentication server managing identities and sessions across multiple applications. - [Machine Identity](https://awesome-repositories.com/f/security-cryptography/machine-identity.md) — Secures programmatic service-to-service communication using automated token exchange and granular scope-based access control. - [OAuth Providers](https://awesome-repositories.com/f/security-cryptography/oauth-providers.md) — Issues access tokens and manages authorization flows for secure delegated resource access. ([source](https://casdoor.org/docs/overview)) - [Client Credentials](https://awesome-repositories.com/f/security-cryptography/client-credentials.md) — Exchanges client credentials for access tokens to support machine-to-machine authentication. ([source](https://casdoor.org/docs/how-to-connect/oauth)) - [Cryptographic Key Management](https://awesome-repositories.com/f/security-cryptography/cryptographic-key-management.md) — Manages cryptographic keys for secure token signing and verification to ensure assertion integrity. - [Access Control](https://awesome-repositories.com/f/security-cryptography/identity-access-management/access-control.md) — Validates user permissions against required scopes before granting access to specific tool handlers. ([source](https://casdoor.org/docs/mcp-auth/setup)) - [Authorization Flows](https://awesome-repositories.com/f/security-cryptography/identity-access-management/access-control/policy-enforcement-engines/authorization-flows.md) — Implements authorization code flows to securely exchange tokens for system access. ([source](https://casdoor.org/docs/how-to-connect/oauth)) - [API and Machine Authentication](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/machine-and-protocol-identity/api-machine-authentication.md) — Secures service-to-service communication using OAuth 2.0 client credentials for backend tools. ([source](https://casdoor.org/docs/basic/public-api)) - [User Management](https://awesome-repositories.com/f/security-cryptography/identity-access-management/identity-management/user-management.md) — Maintains user accounts and profiles across associated applications within an organization. ([source](https://casdoor.org/docs/basic/core-concepts)) - [JWT Authentication](https://awesome-repositories.com/f/security-cryptography/jwt-authentication.md) — Verifies JWT access tokens on every request to confirm user identity. ([source](https://casdoor.org/docs/how-to-connect/sdk)) - [OAuth Scope Restrictions](https://awesome-repositories.com/f/security-cryptography/oauth-scope-restrictions.md) — Enforces strict access control by validating requested OAuth scopes against application allowlists. ([source](https://casdoor.org/docs/application/scopes)) - [Single Sign-On Solutions](https://awesome-repositories.com/f/security-cryptography/single-sign-on-solutions.md) — Provides a unified login experience across independent web and mobile applications. - [Application Access Controls](https://awesome-repositories.com/f/security-cryptography/application-access-controls.md) — Limits application sign-in access based on user-assigned tags and configuration policies. ([source](https://casdoor.org/docs/application/tags)) - [API Request Authentication](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/machine-and-protocol-identity/api-machine-authentication/api-request-authentication.md) — Authenticates API requests using access tokens provided via headers or query parameters. ([source](https://casdoor.org/docs/basic/public-api)) - [Session and Credential Management](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/session-and-credential-handling/session-credential-management.md) — Provides comprehensive tools for managing user session lifecycles, including secure logout and credential state cleanup. ([source](https://casdoor.org/docs/session/single-sign-out)) - [Biometric Authentication](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/user-facing-login-methods/biometric-authentication.md) — Authenticates user sessions using biometric or hardware-based WebAuthn challenges. ([source](https://casdoor.org/docs/how-to-connect/webauthn)) - [Client Registration Protocols](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/user-facing-login-methods/oauth-identity-providers/client-registration-protocols.md) — Provides an endpoint for registering client applications and issuing credentials for authentication flows. ([source](https://casdoor.org/docs/application/dynamic-client-registration)) - [OAuth Device Flows](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/user-facing-login-methods/oauth-identity-providers/oauth-device-flows.md) — Supports device grant flows for secure login on input-constrained hardware. ([source](https://casdoor.org/docs/how-to-connect/oauth)) - [Identity Provider Integrations](https://awesome-repositories.com/f/security-cryptography/identity-provider-integrations.md) — Connects external services like OIDC, OAuth, SAML, email, or SMS for federated authentication. ([source](https://casdoor.org/docs/basic/core-concepts)) - [SSL/TLS Certificate Management](https://awesome-repositories.com/f/security-cryptography/cryptography/ssl-tls-certificate-management.md) — Automates SSL certificate renewal using ACME challenges and tracks expiration timestamps. ([source](https://casdoor.org/docs/cert/overview)) - [Granular Access Controls](https://awesome-repositories.com/f/security-cryptography/granular-access-controls.md) — Enforces granular, scope-based permissions for tool invocations using OAuth 2.1 and PKCE. ([source](https://casdoor.org/docs/llm/mcp-security)) - [WebAuthn Registrations](https://awesome-repositories.com/f/security-cryptography/identity-access-management/credential-lifecycle-management/credential-security/webauthn-registrations.md) — Registers hardware-backed credentials to user accounts for device-specific authentication. ([source](https://casdoor.org/docs/how-to-connect/webauthn)) - [OAuth Authentication](https://awesome-repositories.com/f/security-cryptography/oauth-authentication.md) — Swaps access tokens for new scopes to facilitate secure service-to-service communication. ([source](https://casdoor.org/docs/how-to-connect/oauth)) - [Security Token Management](https://awesome-repositories.com/f/security-cryptography/security-token-management.md) — Secures authentication tokens by storing them in native system keyrings instead of plaintext files. ([source](https://casdoor.org/docs/how-to-connect/cli)) - [Session Management](https://awesome-repositories.com/f/security-cryptography/session-management.md) — Ensures account security by automatically terminating existing sessions upon new sign-in events. ([source](https://casdoor.org/docs/application/exclusive-signin)) - [Single Sign-On Integrations](https://awesome-repositories.com/f/security-cryptography/single-sign-on-integrations.md) — Configures centralized identity provider integrations to enable seamless single sign-on across applications. ([source](https://casdoor.org/docs/session/single-sign-on)) - [Authentication Claims](https://awesome-repositories.com/f/security-cryptography/custom-attribution-tracking/authentication-claims.md) — Maps internal user properties to OIDC-compliant claims for consistent identity data. ([source](https://casdoor.org/docs/how-to-connect/oidc-client)) - [Organizational Structure Management](https://awesome-repositories.com/f/security-cryptography/identity-access-management/identity-management/user-management/organizational-structure-management.md) — Manages shared settings like password policies and organizational structures for user groups. ([source](https://casdoor.org/docs/basic/core-concepts)) - [User Synchronization](https://awesome-repositories.com/f/security-cryptography/ldap-services/user-synchronization.md) — Imports and synchronizes user entries from directory services based on base distinguished names. ([source](https://casdoor.org/docs/ldap/config)) - [OAuth2 Providers](https://awesome-repositories.com/f/security-cryptography/oauth2-providers.md) — Protects user credentials during CLI login by using a secure, browser-based OAuth2 flow. ([source](https://casdoor.org/docs/how-to-connect/cli)) - [Permission Management](https://awesome-repositories.com/f/security-cryptography/permission-management.md) — Assigns roles such as reader, editor, or administrator to control access levels within the identity system. ([source](https://casdoor.org/docs/how-to-connect/cli)) - [Session Authentication](https://awesome-repositories.com/f/security-cryptography/session-authentication.md) — Streamlines authentication by automatically redirecting users to login pages upon session expiry. ([source](https://casdoor.org/docs/application/specify-login-organization)) - [Session Termination Services](https://awesome-repositories.com/f/security-cryptography/session-termination-services.md) — Terminates user sessions across applications via configurable logout endpoints. ([source](https://casdoor.org/docs/basic/public-api)) - [Web Application Security](https://awesome-repositories.com/f/security-cryptography/web-application-security.md) — Applies distinct security policies by categorizing traffic between user-facing web applications and machine-to-machine services. ([source](https://casdoor.org/docs/application/categories)) - [Certificate Authority Configurations](https://awesome-repositories.com/f/security-cryptography/certificate-authority-configurations.md) — Configures cryptographic certificates for signing tokens and securing API communications. ([source](https://casdoor.org/docs/cert/overview)) - [Connection Configurations](https://awesome-repositories.com/f/security-cryptography/ldap-services/connection-configurations.md) — Configures host details and credentials to enable directory synchronization and authentication. ([source](https://casdoor.org/docs/ldap/config)) - [Password Recovery Workflows](https://awesome-repositories.com/f/security-cryptography/password-recovery-workflows.md) — Implements security controls to disable password recovery workflows and restrict associated API access. ([source](https://casdoor.org/docs/application/signin-items-table)) - [Signature Verification Tools](https://awesome-repositories.com/f/security-cryptography/signature-verification-tools.md) — Validates cryptographic signatures on incoming requests to ensure the integrity and authenticity of logout operations. ([source](https://casdoor.org/docs/session/single-sign-out)) ### Artificial Intelligence & ML - [Agent Lifecycle Management](https://awesome-repositories.com/f/artificial-intelligence-ml/agent-lifecycle-management.md) — Provides a platform for creating, configuring, and managing the lifecycle of autonomous AI agents. ([source](https://casdoor.org/docs/agent/overview)) - [Agent Monitoring](https://awesome-repositories.com/f/artificial-intelligence-ml/agent-monitoring.md) — Tracks agent activity and LLM calls to provide visibility into internal execution patterns and behavior. ([source](https://casdoor.org/docs/llm/mcp-security)) - [Authentication Provider Integrations](https://awesome-repositories.com/f/artificial-intelligence-ml/agentic-systems-frameworks/agent-orchestration-multi-agent/security-and-auth/authentication-strategies/identity-providers/authentication-provider-integrations.md) — Supports modular connectivity to external directories and identity sources through standardized adapter interfaces. - [Client Authentication](https://awesome-repositories.com/f/artificial-intelligence-ml/agentic-systems-frameworks/agent-orchestration-multi-agent/security-and-auth/authentication-strategies/identity-providers/ldap-authentication/client-authentication.md) — Authenticates search operations against external directories using distinguished names and passwords. ([source](https://casdoor.org/docs/ldap/ldapserver)) - [Linux Authentication](https://awesome-repositories.com/f/artificial-intelligence-ml/agentic-systems-frameworks/agent-orchestration-multi-agent/security-and-auth/authentication-strategies/identity-providers/ldap-authentication/linux-authentication.md) — Exposes POSIX-compatible account entries for Linux system authentication via standard PAM tools. ([source](https://casdoor.org/docs/ldap/ldapserver)) ### Software Engineering & Architecture - [Identity Federation](https://awesome-repositories.com/f/software-engineering-architecture/identity-federation.md) — Connects external identity providers to allow users to authenticate using organizational credentials. - [Webhook Event Notifications](https://awesome-repositories.com/f/software-engineering-architecture/integration-extensibility/programmatic-interfaces/webhook-event-notifications.md) — Broadcasts system events to registered endpoints to trigger external notifications and data synchronization. - [Separation of Concerns](https://awesome-repositories.com/f/software-engineering-architecture/separation-of-concerns.md) — Decouples web user interfaces from core management services to enable independent scaling and deployment. - [Application Configuration](https://awesome-repositories.com/f/software-engineering-architecture/application-lifecycle-management/configuration-management/configuration-scopes/application-configuration.md) — Configures client application settings including redirect URIs, token lifetimes, and enabled sign-in methods. ([source](https://casdoor.org/docs/basic/core-concepts)) ### System Administration & Monitoring - [Telemetry Collection and Aggregation](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/observability-platforms/telemetry-collection-aggregation.md) — Gathers OpenTelemetry traces, metrics, and logs via OTLP endpoints with access control validation. ([source](https://casdoor.org/docs/entry/overview)) - [Audit Logging Systems](https://awesome-repositories.com/f/system-administration-monitoring/audit-logging-systems.md) — Captures and analyzes authentication traffic and system events to ensure security compliance and visibility. - [Distributed Observability Platforms](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/observability-platforms/telemetry-collection-aggregation/distributed-observability-platforms.md) — Exports observability signals from agents to centralized systems using the OTLP HTTP protocol. ([source](https://casdoor.org/docs/llm/openclaw)) - [Diagnostic Data Exports](https://awesome-repositories.com/f/system-administration-monitoring/diagnostic-data-exports.md) — Exports system configuration data to JSON files for backups and migrations. ([source](https://casdoor.org/docs/deployment/data-initialization)) - [Application Logging Configurations](https://awesome-repositories.com/f/system-administration-monitoring/logging-and-telemetry/logging/application-logging-configurations.md) — Restricts incoming observability data to authorized sources using IP allowlisting for external log providers. ([source](https://casdoor.org/docs/llm/openclaw)) - [Log Management Systems](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/observability-platforms/log-management-systems.md) — Maintains organization-scoped logs through a centralized interface with read-only storage. ([source](https://casdoor.org/docs/entry/overview)) ### Networking & Communication - [Webhook Delivery Systems](https://awesome-repositories.com/f/networking-communication/webhook-delivery-systems.md) — Manages webhook delivery history and provides manual replay capabilities for failed event notifications. ([source](https://casdoor.org/docs/webhooks/overview)) - [Event Webhooks](https://awesome-repositories.com/f/networking-communication/event-webhooks.md) — Registers system events to trigger automated external notifications and data synchronization tasks. ([source](https://casdoor.org/docs/webhooks/overview)) ### Data & Databases - [Observability Dashboards](https://awesome-repositories.com/f/data-databases/data-analysis-visualization/visualization-frameworks-libraries/data-visualization/observability-dashboards.md) — Provides an interface for visualizing span trees and raw payload data from collected telemetry. ([source](https://casdoor.org/docs/llm/openclaw)) - [Tagging Systems](https://awesome-repositories.com/f/data-databases/tagging-systems.md) — Applies metadata tags to user accounts to manage access to specific applications and environments. ([source](https://casdoor.org/docs/application/tags)) ### Development Tools & Productivity - [OIDC Discovery](https://awesome-repositories.com/f/development-tools-productivity/client-configuration/oidc-discovery.md) — Fetches authorization server metadata automatically using standard discovery URLs. ([source](https://casdoor.org/docs/how-to-connect/oidc-client)) - [Server Capability Exposure](https://awesome-repositories.com/f/development-tools-productivity/platforms-runtimes-language-services/server-development-tooling/server-capability-exposure.md) — Publishes server capabilities and security configurations to inform clients about available authentication methods. ([source](https://casdoor.org/docs/mcp-auth/setup)) - [SDK Client Initialization](https://awesome-repositories.com/f/development-tools-productivity/sdk-client-initialization.md) — Initializes backend SDKs with server credentials and public keys for secure authentication. ([source](https://casdoor.org/docs/how-to-connect/sdk)) ### User Interface & Experience - [Input Validation Rules](https://awesome-repositories.com/f/user-interface-experience/ui-components/component-architectures/component-composition/component-registration-patterns/input-validation-rules.md) — The platform defines custom regular expression patterns to trigger client-side error messages when registration data fails to meet criteria. ([source](https://casdoor.org/docs/application/signup-items-table)) ### Web Development - [Pattern-Matching Routers](https://awesome-repositories.com/f/web-development/routing-systems/pattern-matching-routers.md) — Dynamically grants permissions by matching scope strings against configured patterns and regular expressions. ([source](https://casdoor.org/docs/application/scopes))