30 open-source projects similar to lcobucci/jwt, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Jwt alternative.
This project is a JSON Web Token implementation library and toolkit for encoding, signing, and validating tokens. It provides the necessary functions to manage token claims and payloads for user authentication and authorization. The library supports both symmetric and asymmetric cryptography, allowing for the use of shared secrets or public-private key pairs. It enables the creation of signed tokens and the verification of their authenticity and integrity to prevent data tampering. The toolkit covers a broad range of identity and access control capabilities, including the embedding of custom
This is a Java library for creating and verifying JSON Web Tokens (JWTs), supporting multiple cryptographic signing algorithms including HMAC, RSA, and ECDSA. The library provides a builder pattern for constructing tokens with custom claims and algorithm selection, and offers separate verification methods that check signatures and validate standard claims such as expiration, issuer, and audience. The library abstracts cryptographic algorithms behind a common interface, allowing pluggable signing and verification without coupling token creation to a specific algorithm. Tokens are represented a
PyJWT is a Python library for encoding, decoding, and verifying JSON Web Tokens (JWTs). It provides comprehensive JWT functionality including algorithm-agnostic signing and verification, supporting both symmetric HMAC shared-secret cryptography and asymmetric RSA/ECDSA public-key cryptography for flexible trust models. The library implements a claim-based validation pipeline that checks issuer, audience, expiration, and other time-based claims during token decoding, with configurable clock skew tolerance for distributed systems. It requires callers to explicitly specify allowed signing algori
jose is a cryptography library for signing, encrypting, and verifying tokens and messages using the JSON Object Signing and Encryption standards. It provides a toolkit for the implementation of JSON Web Tokens, JSON Web Signatures, and JSON Web Encryption. The library serves as a high-level interface for the Web Crypto API, allowing for the generation, import, and export of symmetric secrets and asymmetric key pairs. It handles the encryption and decryption of web messages and the validation of digital signatures to ensure data integrity and identity. Its capabilities cover cryptographic key
This project is a command-line tool for managing public key infrastructure and digital identities. It provides a comprehensive suite for X.509 certificate lifecycle management, including the generation, signing, renewal, and revocation of certificates and signing requests. The tool distinguishes itself through specialized security capabilities such as binding cryptographic credentials to TPMs and HSMs for hardware-backed identity attestation. It also provides dedicated support for machine identity security, using short-lived SSH certificates and mTLS to secure non-human workloads. Broad capa
Doorkeeper is an OAuth 2 authorization server and provider for Ruby on Rails and Grape applications. It provides the necessary framework to build an authorization server that issues and validates security tokens for third-party applications, effectively acting as a security middleware to protect API endpoints. The project integrates an identity layer via OpenID Connect to verify user identities and retrieve profile information. It supports a variety of security patterns, including the implementation of the PKCE flow for public clients and the issuance of stateless JSON Web Tokens. Its broade
This project is a Node.js library for implementing and managing JSON Web Tokens. It functions as a cryptographic token manager and authentication tool used to sign, verify, and decode tokens to securely transmit claims between parties. The library supports both symmetric and asymmetric signing algorithms, including HMAC and RSA. It enables the creation of digitally signed tokens using secrets or private keys, and provides mechanisms to validate token signatures and verify embedded claims such as expiration and issuer. The tool covers a range of identity and access capabilities, including sta
Authlib is a comprehensive Python framework for implementing OAuth 1.0, OAuth 2.0, and OpenID Connect clients and servers. It provides a complete toolkit for identity management, spanning the development of authorization servers, resource servers, and client-side integrations. The library distinguishes itself through a full implementation of the JOSE specifications, including JSON Web Tokens, Encryption, Signatures, and Keys. It features specialized capabilities for non-interactive authentication via service account assertion frameworks and a compliance-correction layer designed to handle ide
jwt-go is a Go library for creating, parsing, and verifying signed JSON Web Tokens. It provides a pluggable signing interface that supports multiple cryptographic algorithms, including HMAC, RSA, ECDSA, and RSA-PSS, allowing tokens to be signed and verified with different security properties. The library is built around a signing-method registry and a token-parsing pipeline that splits a JWT string into its header, payload, and signature segments for validation. It includes typed error classification for common failure modes such as invalid signatures, expired tokens, or malformed input, and
Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey authentication service and an OAuth and SAML SSO gateway, allowing applications to authenticate users and issue tokens via standard identity protocols. The project distinguishes itself through a strong focus on passwordless access using WebAuthn-based passkeys and email-based passcodes. It provides framework-agnostic authentication interfaces as customizable web components that can be embedded directly into web applications to handle login, registration, and profile management.
This project is a .NET identity stack and server framework used to build certified OpenID Connect and OAuth 2.0 identity providers. It provides the core logic required to issue and validate security tokens and manage user authentication across various grant types and protocol flows. The framework includes a protocol translation layer that bridges OpenID Connect and SAML to enable interoperability between different identity providers. It also supports a stateless mode of operation, which removes built-in validation and storage to allow for manual control over token and client verification. Th
The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It
This project is a boilerplate for building RESTful web services using Node.js, Express, and Mongoose. It provides a structured foundation for developing backend applications, incorporating schema-driven data modeling to manage database interactions and a middleware-based pipeline to handle request processing and validation. The framework distinguishes itself by integrating token-based stateless authentication to secure API endpoints and manage user identity. It includes built-in support for containerization, allowing the application to be packaged into portable images for consistent deploymen
slskd is a headless network daemon and peer-to-peer file-sharing server for the Soulseek network. It functions as a network client and API gateway, allowing users to search for and share files via a web interface or a REST API. The project distinguishes itself through a focus on automation and remote management, featuring event-driven triggers that can execute system scripts or send webhooks. It supports advanced network routing via SOCKS5 proxies and provides a flexible deployment model that includes a dockerized client with volume mapping and environment-based configuration. The system cov
express-jwt is a middleware for Express applications that validates JSON Web Tokens to secure routes and authenticate requests. It functions as a security guard that verifies token signatures and expiration dates before allowing access to backend endpoints. The project provides a request credential extractor to retrieve tokens from headers, cookies, or query parameters. It supports dynamic key retrieval to fetch the necessary secrets or public keys at runtime based on request attributes or token headers. The middleware handles JSON Web Token validation, including token expiration handling an
This project is a RESTful media extraction service that provides a programmatic interface for downloading video and image content from social media platforms. It functions as a scraper that parses shared URLs and user profile identifiers to isolate direct media streams and associated metadata from platform-specific data structures. The service distinguishes itself through its ability to emulate cryptographic signatures and security tokens required to authenticate requests against protected backend services. By simulating headless browser behavior and managing cookies and headers, the system b
This project is an authentication and authorization platform built on the Spring framework that functions as a centralized identity provider and authorization server. It manages user identities and protects resources by implementing standardized protocols to verify credentials and issue secure tokens for web applications. The platform distinguishes itself by providing a comprehensive framework for managing complex authorization flows and identity verification. It supports dynamic client registration to automate the onboarding of third-party applications and utilizes relational database persis
deepstream.io is an open-source realtime server that synchronizes JSON records, events, and remote procedure calls across clients and backend services. It functions as a realtime data sync server, event pub/sub server, record database server, and RPC server, all within a single platform. The server authenticates and authorizes every message using multiple strategies including JWT, HTTP, and file-based credentials, with a declarative permission language controlling access to records, events, and RPCs at a granular level. The platform distinguishes itself through its combination of realtime dat
Cult-UI is an AI application UI kit and a collection of accessible components and templates designed for building large language model powered interfaces and agent workflows. It provides a foundation for developing AI applications, including specialized interface libraries for retrieval-augmented generation and agent orchestration. The project distinguishes itself through dedicated UI building blocks for coordinating multi-agent systems, evaluator-optimizer loops, and tool-based execution flows. It also features a component installation CLI and model context protocols for rapidly integrating
Hey is a command-line utility designed for HTTP load testing and API performance benchmarking. It functions as a concurrent request generator that simulates high volumes of traffic against target endpoints to evaluate service responsiveness, throughput, and stability under load. The tool distinguishes itself by integrating specialized modules for cryptographic request signing and internal service authorization. It supports the generation of digital signatures for decentralized social protocols and validates backend requests using shared secret tokens, allowing for secure interaction with prot
Authlib is a comprehensive Python library for building and integrating OAuth 1.0, OAuth 2.0, and OpenID Connect clients and servers. It provides a unified set of tools to manage authentication and authorization flows, allowing applications to either act as a client connecting to external identity providers or as a provider issuing tokens and managing user identities. The project distinguishes itself through a full implementation of the JOSE standards, offering a suite of cryptographic tools for generating, signing, encrypting, and validating JSON Web Tokens, Signatures, Encryption, and Keys.
kops is a Kubernetes cluster provisioner and lifecycle manager designed to automate the creation, maintenance, and destruction of production-grade clusters on cloud infrastructure. It functions as a declarative infrastructure manager, synchronizing the live state of a cluster with versioned manifests stored in remote object storage to ensure idempotent operations. The project distinguishes itself by offering comprehensive automation for the entire cluster lifecycle, including high-availability control plane deployment, incremental rolling updates, and automated version upgrades. It also serve
The Google Workspace CLI is a command-line interface and Google API client designed to automate tasks across Google Workspace services. It functions as a cloud productivity automator that uses the Google Discovery Service to dynamically generate command structures and parameter requirements at runtime. The project distinguishes itself by providing a specialized AI agent toolset, exposing a server over standard input and output to provide structured tool definitions and skills for AI clients. It includes security layers for AI content sanitization to protect against prompt injection and utiliz
This project is a CORS header manager and security plugin for Laravel. It functions as middleware that adds Cross-Origin Resource Sharing headers to HTTP responses to control how external domains access a Laravel backend. The software manages cross-origin request policies by defining allowed origins, methods, and headers. It handles pre-flight requests and allows for the restriction of sharing policies based on specific routes. The package provides API access control and cross-domain resource sharing by integrating custom header logic into the Laravel request lifecycle.
Fonoster is a conversational AI framework and multi-tenant communications platform as a service. It serves as a programmable voice gateway and SIP telephony platform, enabling the creation of voice-based assistants and automated communication workflows using large language models. The project distinguishes itself through a vendor-agnostic speech integration engine that abstracts speech-to-text and text-to-speech providers. It features a multi-tenant architecture that isolates telephony resources and user identities into distinct organizational workspaces. The system covers a broad range of t
Zuul is an API gateway service that manages incoming network traffic to backend services. It serves as a routing layer and edge security proxy that provides centralized control over security and monitoring for microservices. The project implements a dynamic request router that maps incoming paths to backend locations using configurable rules that can be updated at runtime. It also includes a circuit breaker implementation to monitor backend failure rates and stop traffic to failing services to prevent cascading outages. The gateway provides a filter-based request pipeline for processing traf
Higress is an AI API gateway and cloud-native traffic manager that functions as a Kubernetes ingress controller. It provides a centralized system for routing, securing, and optimizing traffic directed toward large language models, AI agents, and microservice architectures. The project distinguishes itself through deep AI orchestration, including the ability to host and manage Model Context Protocol servers that transform REST APIs into tools for AI agents. It features specialized AI infrastructure for model request proxying, protocol translation across multiple providers, and semantic-based c
EmDash is an open-source content management system built on Astro that combines a visual admin panel with a plugin-driven architecture and server-side rendering. It provides a complete content management system with structured content modeling, a rich text editor using Portable Text format, and a TypeScript API for type-safe content queries. The system supports authentication through passkeys, OAuth 2.1, and external providers, with role-based access control and fine-grained permission scopes. What distinguishes EmDash is its plugin development framework, which supports both native plugins ru
GoTrue is a JWT identity provider and user management API. It functions as an OAuth 2.0 compliant server that handles user registration and authentication while issuing signed JSON Web Tokens to control access to protected API resources. The service integrates external identity providers to allow users to sign in using third-party accounts. It also includes an SMTP notification service for delivering password resets, signup confirmations, and account recovery emails. The system covers broader capabilities for user account management, including the ability to update user profiles and manage c
Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and SQL resources. It functions as a secure gateway that validates human and workload identities using OIDC, SAML, and FIDO2 passkeys before granting access to internal applications and SaaS APIs. The system is distinguished by its secretless access broker, which injects credentials—such as API keys, passwords, and AWS Sigv4 signatures—at the gateway level so users can access databases and cloud resources without managing secrets. It further specializes in AI gateway administration,