30 open-source projects similar to dromara/sa-token, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Sa Token alternative.
Casdoor is a centralized identity and access management platform that functions as an OAuth 2.0 authorization server. It provides a comprehensive suite of services for managing user identities, authentication sessions, and access policies across both web and machine-to-machine applications. Built with a decoupled frontend-backend architecture in Go, the platform supports high-concurrency environments and offers a web-based management interface for administrative tasks. The platform distinguishes itself through its extensive support for federated identity management, allowing integration with
This project is a cloud-native identity and access management platform designed to centralize authentication, authorization, and identity lifecycle management. It functions as a standards-compliant OpenID Connect authorization server, providing secure session management and token issuance for web, mobile, and device-based applications. The platform is built to handle complex identity requirements through stateless token authentication and support for modern passwordless methods, including biometrics and hardware keys. What distinguishes this platform is its native support for multi-tenant env
This project is a comprehensive enterprise architecture for building multi-tenant distributed systems, implemented as a Spring Cloud microservices platform. It provides a complete framework for managing microservices, focusing on multi-tenant data architecture and centralized identity provision. The platform is distinguished by its integrated approach to identity and security, utilizing an OAuth2 identity provider to manage single sign-on, role-based access control, and JWT token issuance across distributed services. It further separates organizational boundaries through multi-tenant data iso
Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do
Kanidm is a centralized identity management server designed to handle authentication, authorization, and directory services across distributed infrastructure. It provides a comprehensive framework for managing human and service accounts, utilizing a schema-driven database to store identity records, group memberships, and system attributes. The platform supports a wide range of authentication methods, including passkeys, passwords, and standard protocols like OAuth2, OIDC, LDAP, and RADIUS. The system distinguishes itself through a granular access control engine that enforces security policies
SuperTokens Core is an open-source, self-hosted authentication and identity management platform designed for deployment within private infrastructure. It provides a comprehensive suite for managing user accounts, roles, and secure authentication flows, utilizing a modular, recipe-based architecture that allows developers to enable specific security features without modifying the core codebase. The platform distinguishes itself through its robust multi-tenancy capabilities, which allow for the logical or physical isolation of user records and configuration settings across different organizatio
Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey authentication service and an OAuth and SAML SSO gateway, allowing applications to authenticate users and issue tokens via standard identity protocols. The project distinguishes itself through a strong focus on passwordless access using WebAuthn-based passkeys and email-based passcodes. It provides framework-agnostic authentication interfaces as customizable web components that can be embedded directly into web applications to handle login, registration, and profile management.
This project is an open-source, privacy-focused web analytics platform designed for high-throughput data ingestion and multi-tenant data management. It provides a cookie-less tracking engine that captures visitor interactions using ephemeral request metadata, ensuring comprehensive traffic visibility while maintaining strict privacy standards. The architecture utilizes an event-driven ingestion pipeline and aggregated metric storage to decouple data collection from processing, enabling efficient long-term retrieval and responsive dashboard performance. What distinguishes this platform is its
Zheng is a Spring Boot microservices framework and enterprise J2EE development platform. It functions as a distributed service gateway and identity provider, providing a foundation for building complex business applications and microservices infrastructure. The project includes a comprehensive enterprise content management system and an OAuth2 identity provider for managing single sign-on and third-party social login integrations. It also features a MyBatis ORM code generator that automatically creates database models and boilerplate functions from existing tables. The platform covers a broa
SpringCloud is a development platform for building distributed systems and cloud-native microservices. It provides an integrated framework for microservice development, incorporating service governance, security, and system coordination. The platform features a microservice gateway for managing traffic through dynamic routing and rate limiting, alongside a service registry for discovery. It implements distributed security through token-based authentication, role-based access control, and a specialized system that uses aspect-oriented programming to automatically enforce data-level permissions
This project is an open-source identity provider and single sign-on platform that centralizes user authentication for multiple web applications and services. It functions as a multi-protocol authentication gateway, verifying user identities and issuing tokens through the CAS protocol as well as industry standards including SAML, OAuth2, and OpenID Connect. The system acts as a federated identity server, allowing authentication to be delegated to external third-party or corporate identity providers. It distinguishes itself through identity attribute governance, which manages which specific use
Zend Framework is a comprehensive set of decoupled components for building modular, event-driven web applications. It implements an MVC architecture to separate business logic from the user interface and provides a structured request-handling system through a sequential middleware pipeline. The project features a factory-driven dependency injection container to automate object instantiation and manage class lifecycles. It also includes a comprehensive security suite for verifying user identities and restricting resource access using access control lists and role-based access control adapters.
React-admin is a framework for building data-driven administrative interfaces that connect to REST or GraphQL backends. It provides a comprehensive suite of tools for managing the full lifecycle of administrative applications, including resource-oriented routing, declarative form scaffolding, and context-driven state management. By utilizing a modular adapter-based architecture, the framework abstracts backend communication, allowing developers to build consistent CRUD interfaces that handle data fetching, authentication, and synchronization automatically. The project distinguishes itself thr
CodeIgniter is a PHP web framework built on the Model-View-Controller pattern, designed for building full-stack web applications. It provides a lightweight toolkit with minimal configuration, organizing application logic into controllers, models, and views for clean separation of concerns. The framework includes a fluent query builder for constructing SQL statements programmatically, PSR-4 autoloading with namespace mapping, and a service-based dependency injection container for managing shared class instances. The framework distinguishes itself through its comprehensive set of built-in tools
ConvertX is a web-based file conversion management platform designed to transform documents, images, and video files between various formats. It utilizes system-level binary orchestration to execute conversion tasks, leveraging background worker threads to handle concurrent, high-volume bulk processing without blocking the user interface. The platform distinguishes itself through a comprehensive security and access control framework, which includes multi-user account management, session-based token authentication, and role-based permissions. Users can secure their output files with passwords
TheHive is a security incident response platform and multi-tenant case management system. It functions as a Security Orchestration, Automation, and Response (SOAR) tool and a threat intelligence platform designed to coordinate security investigations by managing alerts, cases, and observables. The platform is distinguished by its multi-tenant architecture, which isolates data across different organizations while supporting selective cross-tenant sharing. It features a SOAR automation engine capable of executing sandboxed JavaScript logic to automate workflows and trigger response actions thro
Fonoster is a conversational AI framework and multi-tenant communications platform as a service. It serves as a programmable voice gateway and SIP telephony platform, enabling the creation of voice-based assistants and automated communication workflows using large language models. The project distinguishes itself through a vendor-agnostic speech integration engine that abstracts speech-to-text and text-to-speech providers. It features a multi-tenant architecture that isolates telephony resources and user identities into distinct organizational workspaces. The system covers a broad range of t
Passport is a Node.js authentication middleware designed to manage user identities and session states within web applications. It functions as a request identity verifier that secures application routes by validating user credentials before granting access. The system utilizes a modular authentication strategy, allowing identity verification through interchangeable plugins. This architecture supports the creation of custom authentication strategies for local credentials and the integration of federated identity providers using external protocols. The framework provides capabilities for sessi
This project is a modular authentication framework designed to manage user identity, session tracking, and access control across web applications. It provides a unified solution for handling email-based credentials and social identity federation, allowing developers to implement secure login and registration flows that maintain consistent user states across client and server environments. The system utilizes a plugin-based architecture and middleware-driven request interception to allow for the extension of core authentication logic. It features type-safe schema generation, which derives data
Litemall is an open-source e-commerce platform built on Java and Spring Boot that provides a complete retail environment. It includes both a customer-facing storefront and a centralized administrative dashboard, enabling businesses to manage product catalogs, order lifecycles, and member accounts from a single system. The platform distinguishes itself through deep integration with the WeChat ecosystem, offering a mobile-optimized storefront and social authentication for streamlined user access. It utilizes a modular architecture that combines automated database access layers with custom SQL m
Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program
This project is an Android password manager application that provides an end-to-end encrypted vault for storing and synchronizing login credentials, secure notes, and identities. It functions as a secure storage system using zero-knowledge encryption to ensure that only the user can decrypt their stored data. The application integrates directly with the Android system to provide an autofill service that populates usernames and passwords into mobile apps and browser login fields. It also serves as a passkey management wallet for FIDO2 cryptographic passkeys and a time-based one-time password a
Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes n
Logto is an open-source identity provider that serves as a centralized authentication and authorization server for web, mobile, and command-line applications. It implements the OpenID Connect and OAuth 2.1 standards to handle secure user sign-in and the issuance of identity tokens. The platform is specifically designed as a multi-tenant authentication framework for software-as-a-service environments, featuring built-in organization management and tenant isolation. It includes an enterprise single sign-on gateway to integrate external identity providers and supports role-based access control t
Dex is an OpenID Connect provider and identity federation proxy that translates authentication signals from various upstream sources into a unified OpenID Connect interface. It functions as a multi-protocol identity broker, enabling client applications to implement a single standard while delegating user verification to external identity providers. The project distinguishes itself through a pluggable connector architecture that bridges disparate protocols including LDAP, SAML, and OAuth2. It provides specific integrations for services such as GitHub, Google, GitLab, and Microsoft, while offer
Authentik is a centralized identity and access management platform designed to serve as a unified authentication authority. It enables enterprise single sign-on across diverse applications and services, providing a cloud-native identity provider that manages user sessions and security protocols from a single location. The platform distinguishes itself through a policy-driven flow engine and a visual orchestration interface. This allows administrators to design complex, custom authentication workflows by chaining modular verification stages and conditional logic. These workflows can be further
Spring Security is a comprehensive security framework for Java applications that provides authentication and authorization for both web and non-web environments. It functions as an implementation of authentication and authorization logic integrated with the Java runtime environment to protect sensitive resources from unauthorized access. The framework includes toolkits for implementing OpenID Connect and OAuth 2.0 authorization servers and clients, as well as tools for integrating SAML 2.0 identity providers to enable cross-domain single sign-on. It utilizes a role-based access control system
mall4cloud is a multi-tenant B2B2C e-commerce platform built on a Spring Cloud microservice architecture. It orchestrates independently deployable services with service discovery, configuration, caching, messaging, distributed transactions, object storage, and full-text search to support a marketplace with separate interfaces for platform administrators, merchants, and customers. The platform distinguishes itself through its comprehensive microservice infrastructure, using RocketMQ for event-driven messaging, Seata for distributed transaction coordination across services, and Redis for cachin
SpringBoot-Shiro-Vue is a permission management framework and role-based access control system. It provides a backend implemented with Spring Boot and a frontend built with Vue.js to manage user roles and map them to specific interface and API access rights. The project utilizes a token-based authentication system to verify user identities and enable stateless communication between the frontend and backend. It implements granular UI permission control to show or hide specific buttons and interface elements based on the current user's assigned access rights. The framework covers API security
Nhost is an open-source backend as a service that provides a managed PostgreSQL database, authentication, and file storage accessible through a unified GraphQL API. It functions as a backend infrastructure orchestrator, enabling the deployment and management of full-stack environments using containerization and command-line automation. The platform distinguishes itself by automating the transformation of relational database tables into a secure GraphQL API and providing an integrated identity provider that supports passwords, magic links, and OAuth. It also includes a serverless function runt