30 open-source projects similar to oauth2-proxy/oauth2-proxy, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Oauth2 Proxy alternative.
Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program
VictoriaMetrics is a high-performance, scalable time series database and observability platform designed for long-term storage and analysis of metric, log, and trace data. It functions as a unified backend for monitoring ecosystems, offering full compatibility with industry-standard protocols and query languages. The system is built to handle massive data volumes through a distributed architecture that supports horizontal scaling and efficient data lifecycle management. The platform distinguishes itself through a storage engine that utilizes consistent hashing for data sharding and log-struct
Casdoor is a centralized identity and access management platform that functions as an OAuth 2.0 authorization server. It provides a comprehensive suite of services for managing user identities, authentication sessions, and access policies across both web and machine-to-machine applications. Built with a decoupled frontend-backend architecture in Go, the platform supports high-concurrency environments and offers a web-based management interface for administrative tasks. The platform distinguishes itself through its extensive support for federated identity management, allowing integration with
FastMCP is a Python framework designed for building servers that expose functions, resources, and prompts to AI models using the Model Context Protocol. It simplifies the development process by automatically deriving tool metadata, input schemas, and documentation directly from Python function signatures and type hints. The framework provides a unified container for managing these components, allowing developers to build modular applications that integrate seamlessly with AI assistants. The project distinguishes itself through its support for interactive, server-defined user interface compone
This project is a community-curated directory of open-source software designed for deployment in private server environments and home labs. It serves as a comprehensive resource for discovering independent, self-hosted alternatives to mainstream cloud services, enabling users to maintain full data ownership and control over their digital infrastructure. The directory is structured through a hierarchical taxonomy that organizes a vast collection of applications into logical categories, ranging from media management and data analytics to private communication and team productivity tools. It dis
Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and SQL resources. It functions as a secure gateway that validates human and workload identities using OIDC, SAML, and FIDO2 passkeys before granting access to internal applications and SaaS APIs. The system is distinguished by its secretless access broker, which injects credentials—such as API keys, passwords, and AWS Sigv4 signatures—at the gateway level so users can access databases and cloud resources without managing secrets. It further specializes in AI gateway administration,
This project is a feature-rich Go client library designed for interacting with Redis. It serves as a comprehensive interface for managing remote data stores, enabling developers to execute standard database commands, handle complex data structures, and perform asynchronous operations within Go applications. The library distinguishes itself through its support for advanced Redis capabilities, including connection pooling, pipelining, and transactional integrity. It provides specialized primitives for managing distributed clusters, including automated topology updates and request routing to sha
Caddy is an extensible, modular web server platform designed for high-performance traffic management and automated security. At its core, it functions as a dynamic HTTP gateway that handles request routing, static asset delivery, and reverse proxying through a chain of configurable handler modules. The system is built on a modular architecture that allows developers to extend server functionality by registering custom components, all managed through a unified lifecycle and provisioning framework. What distinguishes Caddy is its focus on automated infrastructure and zero-downtime operations. I
Dashy is a configuration-driven dashboard designed for personal infrastructure management and self-hosted service monitoring. It functions as a centralized portal that aggregates web links, live infrastructure metrics, and application health status into a unified, searchable interface. By utilizing a structured schema, the platform allows users to define their entire layout, navigation, and widget configuration through version-controlled files, ensuring a portable and reproducible setup across different environments. The project distinguishes itself through a highly modular architecture that
Crawlee is a web scraping framework designed for building scalable, reliable, and distributed data extraction pipelines. It provides a unified interface for managing headless browser automation and lightweight HTTP requests, allowing developers to handle complex web navigation, dynamic content rendering, and large-scale data collection within a single, modular architecture. The project distinguishes itself through its resource-aware concurrency controller, which dynamically scales task execution based on real-time CPU and memory usage to prevent host machine exhaustion. It also features a rob
NekoBoxForAndroid is a network utility for Android that functions as a system-wide VPN tunneling client. It leverages the Sing-Box engine to capture and redirect device traffic through a virtual network interface, providing a centralized platform for managing proxy connections and network routing. The application distinguishes itself through its advanced configuration management, allowing users to define granular traffic rules based on domains, IP addresses, or specific applications. It supports complex network requirements by enabling multi-hop proxy chaining, custom DNS resolution strategie
Ory Keto is an open-source authorization server that implements Google Zanzibar’s relationship-based access control model. It stores every access relationship as a tuple in a SQL database and exposes a declarative TypeScript-like namespace language for defining object types, relations, and permissions. The service provides bidirectional permission resolution, configurable consistency levels for checks, and dual gRPC and REST APIs for broad integration. Keto extends the Zanzibar model with edge enforcement of access policies, structured compliance auditing of permission decisions, and infrastr
This project is a comprehensive library of reference implementations and patterns for building web applications using the Go Fiber framework. It provides curated templates and implementation guides for creating REST APIs, web servers, and structured backend services. The repository serves as a practical resource for applying architectural patterns, including Clean and Hexagonal architectures, as well as port-and-adapter decoupling. It offers detailed examples for integrating common web features such as OAuth2 authentication, JWT verification, WebSockets for real-time communication, and server
Clashfree is a network traffic routing platform designed to facilitate access to restricted online resources and digital services. It functions as a proxy configuration management tool that enables users to route internet traffic through encrypted tunnels, effectively bypassing regional access restrictions. The system provides a centralized way to manage network proxy connections and organize multiple routing profiles across various environments. The project distinguishes itself by providing automated subscription services that distribute daily updated proxy node lists and configuration files
React-admin is a framework for building data-driven administrative interfaces that connect to REST or GraphQL backends. It provides a comprehensive suite of tools for managing the full lifecycle of administrative applications, including resource-oriented routing, declarative form scaffolding, and context-driven state management. By utilizing a modular adapter-based architecture, the framework abstracts backend communication, allowing developers to build consistent CRUD interfaces that handle data fetching, authentication, and synchronization automatically. The project distinguishes itself thr
Mastra is an orchestration framework designed for building, deploying, and managing autonomous AI agents and multi-agent systems. It provides a comprehensive suite of primitives for creating resilient AI applications, including durable workflow orchestration, event-driven agent loops, and semantic memory management. By integrating these core components, the platform enables developers to build complex, multi-step processes that can reason about goals and execute tasks without manual intervention. The framework distinguishes itself through its focus on observability and secure, isolated execut
Vector is a high-performance observability data pipeline designed to collect, transform, and route logs, metrics, and traces across distributed infrastructure. It functions as a modular engine that decouples data ingestion from processing and transmission, utilizing a component-based architecture to connect diverse sources to multiple destinations. The project distinguishes itself through a focus on reliability and flow control. It implements backpressure-aware data movement to prevent data loss during traffic spikes and utilizes disk-backed event buffering to ensure durability during network
Tinyauth is an authentication middleware service and identity provider that verifies user identities to grant system access. It operates as a standalone server or as an authentication gateway, utilizing a reverse proxy model to intercept requests and validate credentials before traffic reaches protected backend services. The project functions as an OpenID Connect provider for single sign-on experiences and an OAuth 2.0 gateway that delegates verification to external providers such as Google and GitHub. It also acts as an LDAP authentication server, allowing for centralized user management and
Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a hig
This project is a reference implementation of a distributed system built using Spring Cloud Alibaba, Spring Boot, and JDK 17. It serves as a comprehensive model for implementing a microservices architecture. The system integrates a wide range of distributed patterns, including global transaction coordination for data consistency, OAuth2 and JWT for identity management, and Kubernetes-based container orchestration. It features a dedicated observability stack for distributed request tracing, log aggregation, and service health monitoring. The implementation covers several functional domains, i
Ockam is an end-to-end encryption framework and distributed identity provider designed to establish secure communication between applications and devices. It provides a secure network overlay that utilizes cryptographic identities and attribute-based access control to implement zero trust network access. The project distinguishes itself through metadata-driven multi-hop routing and a pluggable transport layer, allowing encrypted traffic to move across diverse network topologies without requiring virtual IP overlays. It specifically enables secure tunneling for legacy applications by wrapping
Spring Security is a comprehensive security framework for Java applications that provides authentication and authorization for both web and non-web environments. It functions as an implementation of authentication and authorization logic integrated with the Java runtime environment to protect sensitive resources from unauthorized access. The framework includes toolkits for implementing OpenID Connect and OAuth 2.0 authorization servers and clients, as well as tools for integrating SAML 2.0 identity providers to enable cross-domain single sign-on. It utilizes a role-based access control system
PiggyMetrics is a demonstration project that illustrates a complete microservice architecture built with Spring Boot, Spring Cloud, and Docker, centered around a personal finance tracking application. It records incomes, expenses, and savings for individual accounts while computing spending statistics and time-series data to track cash flow dynamics over time. The project showcases a full Spring Cloud service mesh, including an API gateway for request routing, service discovery for dynamic instance location, and a centralized configuration server that manages application settings from a singl
Passport is a Node.js authentication middleware designed to manage user identities and session states within web applications. It functions as a request identity verifier that secures application routes by validating user credentials before granting access. The system utilizes a modular authentication strategy, allowing identity verification through interchangeable plugins. This architecture supports the creation of custom authentication strategies for local credentials and the integration of federated identity providers using external protocols. The framework provides capabilities for sessi
This is a server-side session manager and middleware for Express applications. It maintains persistent user state across multiple HTTP requests by linking a unique session identifier stored in a browser cookie to data stored on the server. The project utilizes a standardized session store interface, allowing the connection of session data to external databases or in-memory caches. It includes mechanisms for session fixation protection through the regeneration of session identifiers. The system covers the management of user sessions, including the configuration of session cookies, the ability
Nitter is a privacy-focused, alternative web interface for viewing public social media content. It functions as a server-side proxy that fetches and renders external posts, allowing users to browse content without requiring a personal account or executing third-party tracking scripts. By stripping away user identifiers and tracking mechanisms, the application provides a lightweight, anonymous viewing experience. The project distinguishes itself through its emphasis on network-level privacy and self-sovereignty. It supports routing traffic through Tor and I2P networks to bypass censorship and
Next-auth is an authentication library and identity framework used to manage user sign-in and session state across web applications. It provides a system for handling user identity through OAuth, OpenID Connect, and passwordless sign-in flows. The project features a multi-provider framework that integrates third-party identity services and custom directory backends. It supports passwordless authentication via email magic links or hardware keys and utilizes a database-agnostic storage layer to persist authentication states across different database types or in-memory. Security is managed thro
gost is a multi-protocol proxy tunnel and secure tunneling server designed to route network traffic through encrypted connections. It functions as a traffic obfuscation gateway and a transparent proxy server capable of intercepting TCP and UDP traffic at the IP level. The project also includes a virtual network interface manager for creating TUN and TAP devices to intercept operating system packets. The system distinguishes itself through a chain-based request routing model, allowing traffic to pass through an ordered sequence of proxy nodes. It provides extensive transport-layer encapsulatio
PHPMailer is a comprehensive library for constructing and sending complex email messages within PHP applications. It provides an object-oriented framework for building MIME-compliant emails, managing attachments, and handling multi-format content such as HTML and plain-text alternatives. The library serves as a robust interface for email dispatch, supporting both individual messaging and high-performance bulk distribution through persistent connections. The project distinguishes itself through a deep focus on secure transmission and identity verification. It integrates advanced security proto
This project is a Node.js HTTP reverse proxy middleware designed to route incoming HTTP and WebSocket traffic to target backend services. It functions as a dynamic routing engine and API gateway tool, providing the capability to consolidate multiple backend services behind a single entry point. The middleware features a WebSocket proxy bridge that manages protocol upgrade handshakes to maintain persistent bidirectional communication. It also includes a request and response transformer used to intercept and modify headers, bodies, and URL paths during transit. The system provides broad traffi