30 open-source projects similar to oauthjs/node-oauth2-server, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Node Oauth2 Server alternative.
Doorkeeper is an OAuth 2 authorization server and provider for Ruby on Rails and Grape applications. It provides the necessary framework to build an authorization server that issues and validates security tokens for third-party applications, effectively acting as a security middleware to protect API endpoints. The project integrates an identity layer via OpenID Connect to verify user identities and retrieve profile information. It supports a variety of security patterns, including the implementation of the PKCE flow for public clients and the issuance of stateless JSON Web Tokens. Its broade
Hydra is a headless identity server that functions as a certified OAuth2 and OpenID Connect provider. It is designed as an authentication engine that manages authorization handshakes and token lifecycles while remaining decoupled from the user interface. The project distinguishes itself through a headless architecture, allowing external management of login and consent flows. It provides specialized capabilities for dynamic client registration, JSON Web Token issuance, and a system for rotating encryption secrets without service downtime. The system covers a broad range of identity operations
This project is a PHP library for implementing a spec-compliant OAuth 2.0 authorization server. It serves as an authentication framework for managing user identities and client authorizations, providing the necessary components to issue and validate access and refresh tokens. The server supports a wide range of standardized authorization flows, including authorization code exchange, device grants, implicit flows, and PKCE enforcement. It handles complex token lifecycles through refresh token rotation, scope management, and the use of asymmetric keys for signing digital tokens. The system pro
Pig is a microservice-based RBAC permission management platform built on Spring Cloud and Spring Boot, with OAuth2 authentication and authorization at its core. It provides a dedicated authorization server that issues access and refresh tokens using authorization code, password, and refresh token grant types, while embedding role and permission checks into each microservice to secure API endpoints. The platform distinguishes itself through a comprehensive set of integrated capabilities, including automatic CRUD code generation from database schemas that produces controller, service, mapper, a
This is a JSON Web Token authentication package for the Django REST Framework that manages stateless user identities. It serves as an authentication provider and token manager used to issue and validate signed tokens to maintain user sessions across multiple requests. The project implements a dual-token lifecycle, issuing short-lived access tokens and long-lived refresh tokens to balance security with session persistence. It features token rotation to prevent replay attacks and a blacklisting system to invalidate compromised credentials. Additionally, it supports sliding-window expiration to
Authlib is a comprehensive Python library for building and integrating OAuth 1.0, OAuth 2.0, and OpenID Connect clients and servers. It provides a unified set of tools to manage authentication and authorization flows, allowing applications to either act as a client connecting to external identity providers or as a provider issuing tokens and managing user identities. The project distinguishes itself through a full implementation of the JOSE standards, offering a suite of cryptographic tools for generating, signing, encrypting, and validating JSON Web Tokens, Signatures, Encryption, and Keys.
node-oidc-provider is a framework for building OpenID Certified authorization servers and identity providers within Node.js environments. It provides a comprehensive suite of tools for managing the full lifecycle of OAuth 2.0 and OpenID Connect services, including user authentication, client registration, and the issuance and validation of identity and access tokens. The project distinguishes itself through a highly modular architecture that allows developers to integrate authentication services directly into existing web application stacks. It supports advanced customization through a middle
Kratos is a centralized identity and access management server designed to handle user registration, authentication, and profile management. It functions as an identity flow orchestrator, managing the state and security of authentication processes across web, mobile, and command-line interfaces. The system provides a standards-compliant authorization server that issues tokens and manages delegated access for third-party applications and internal services, supporting multi-factor authentication and custom identity schemas to secure user accounts. The project distinguishes itself through a headl
docker-socket-proxy is an HAProxy-based security proxy that filters and controls access to the Docker API. It acts as a security layer between containers and the Docker socket to restrict API operations based on specific paths and methods. The proxy uses environment variables to enable or disable specific API endpoints and to grant or revoke permissions for various API sections. It can enforce read-only access by restricting the API to only allow GET and HEAD requests, returning a forbidden status for unauthorized actions. The project provides capabilities for path-based request filtering, c
This project is a reference implementation of a distributed system built using Spring Cloud Alibaba, Spring Boot, and JDK 17. It serves as a comprehensive model for implementing a microservices architecture. The system integrates a wide range of distributed patterns, including global transaction coordination for data consistency, OAuth2 and JWT for identity management, and Kubernetes-based container orchestration. It features a dedicated observability stack for distributed request tracing, log aggregation, and service health monitoring. The implementation covers several functional domains, i
Polar is a digital product monetization engine and subscription management system. It serves as a merchant of record platform that handles global sales tax and VAT compliance, providing the infrastructure for selling subscriptions and one-time digital goods via hosted checkouts and embedded payment flows. The project functions as an entitlement and access manager, automating the granting and restriction of digital benefits, license keys, and third-party platform roles. It includes a dedicated usage-based billing infrastructure that tracks customer activity through meters to apply aggregation
SuperTokens Core is an open-source, self-hosted authentication and identity management platform designed for deployment within private infrastructure. It provides a comprehensive suite for managing user accounts, roles, and secure authentication flows, utilizing a modular, recipe-based architecture that allows developers to enable specific security features without modifying the core codebase. The platform distinguishes itself through its robust multi-tenancy capabilities, which allow for the logical or physical isolation of user records and configuration settings across different organizatio
Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program
This project is an email alias management platform and masking proxy designed to protect user privacy. It functions as a gateway that creates unique email addresses to hide a user's primary mailbox, forwarding incoming messages while routing outbound replies through a reverse-proxy to maintain sender anonymity. The system distinguishes itself through advanced domain and privacy controls, including the ability to link personal domains via DNS for branded aliases and catch-all routing. It further secures communications via a PGP encryption gateway that encrypts forwarded email content using pub
Spotipy is a Python client library for interacting with the Spotify Web API. It provides a programmatic interface to manage music data, user accounts, and media playback. The library implements a full OAuth 2.0 client capable of handling authorization codes, client credentials, and implicit grants. It includes a token manager that supports automated token refreshing and pluggable caching backends to maintain stateful sessions. The project covers music metadata retrieval and search, allowing for the lookup of artists, albums, and tracks via resource identifiers and URIs. It also provides capa
Presto is a distributed SQL query engine designed for high-performance analytical processing across heterogeneous data sources. It functions as a data federation platform and massively parallel processing engine, allowing users to execute interactive queries against diverse storage systems without requiring data migration. By mapping remote metadata and structures to a unified relational namespace, it enables seamless cross-platform analysis through a standard SQL interface. The engine distinguishes itself through a pluggable connector architecture and a shared-nothing distributed processing
This project is an open-source visual dataset and machine learning image library. It provides large-scale collections of high-quality photos and metadata designed for training computer vision models and conducting research into image categorization and retrieval. The repository specifically offers semantic search datasets that pair images with AI and human-generated keywords to analyze search intent and visual metaphors. It also serves as an image metadata archive, providing structured EXIF data and camera specifications for technical analysis. The available data covers broad capability area
Sa-Token is a Java-based authentication and authorization framework designed to manage user sessions, permissions, and identity verification within web applications and microservice architectures. It provides a centralized security layer that enforces access control policies and identity validation across distributed service environments and API gateways. The framework distinguishes itself through its support for cross-domain single sign-on and its ability to function as an OAuth2 identity provider. It manages user session lifecycles by applying configurable rules for single or multi-login re
This project is a reverse proxy server that secures internal web services by enforcing authentication against external identity providers. It acts as a gatekeeper for incoming HTTP traffic, validating user identity before forwarding requests to protected backend applications. By integrating with OAuth2 and OIDC providers, the proxy ensures that only authorized users can access internal resources. The proxy distinguishes itself through its flexible session management and granular access control. It maintains authenticated user state across requests using either encrypted client-side cookies or
Anonaddy is an email forwarding gateway and alias manager designed to protect user identity. It functions as a mail server that routes messages from custom domains and aliases to verified destination addresses using programmable routing rules. The system provides an SMTP privacy proxy to mask the sender's real email address for outgoing messages and includes a PGP encryption tool to secure the body and headers of emails before they are forwarded. It supports custom domain email routing through DNS and MX record verification, allowing users to manage multiple identities to prevent ownership li
Kimai is an open-source time tracking system that records employee working hours, manages absences, and generates professional invoices from recorded timesheets and expenses. It organizes all time records through a mandatory three-level hierarchy of customer, project, and activity, and supports project budget monitoring with configurable time and money limits. The application is extensible through a plugin system that allows adding custom features, invoice templates, reporting views, and dashboard widgets without modifying core files. It provides a RESTful JSON API for programmatic read and w
This package provides a comprehensive authorization framework for Laravel applications, enabling the management of user roles and granular permissions through a database-driven system. It allows developers to define access levels and assign them to users, ensuring that security policies are enforced consistently across the entire application. The system distinguishes itself through a hierarchical inheritance model, where permissions automatically propagate from lower-tier roles to higher-tier roles based on a numerical level system. It includes a dedicated administrative web interface that al
This project is a comprehensive educational resource and technical guide for building enterprise backend applications and RESTful services using the Spring Boot framework. It serves as a step-by-step tutorial for developing server-side logic, API routing, and distributed systems within the Java ecosystem. The documentation provides specific implementation guides for microservices architecture, focusing on coordinating distributed services and event-driven communication. It includes a practical reference for the Spring ecosystem, with detailed sections on security implementation and data persi
This project is a large language model account management system and multi-user proxy. It provides a gateway that allows multiple authenticated users to share a single premium AI subscription or OpenAI API key. The system functions as a proxy layer that intercepts client requests and forwards them to the official API while injecting shared credentials. It includes a secure backend for centralized credential management and a token-based access control system to validate user identities. To maintain privacy and organization, the project implements session-based context isolation to prevent con
Connect-go is a library for building type-safe remote procedure call services that are wire-compatible with gRPC and HTTP. It provides a Go implementation of Protocol Buffers for structured data exchange, enabling the creation of multi-protocol RPC servers and generated type-safe clients. The framework is distinguished by its polyglot protocol support, allowing a single server handler to serve requests using several different protocols simultaneously over HTTP. This includes the ability to toggle between different transport protocols for the same service and the use of pluggable content negot
Dex is an OpenID Connect provider and identity federation proxy that translates authentication signals from various upstream sources into a unified OpenID Connect interface. It functions as a multi-protocol identity broker, enabling client applications to implement a single standard while delegating user verification to external identity providers. The project distinguishes itself through a pluggable connector architecture that bridges disparate protocols including LDAP, SAML, and OAuth2. It provides specific integrations for services such as GitHub, Google, GitLab, and Microsoft, while offer
Airweave is a unified AI knowledge base platform that syncs data from external APIs into a searchable layer for retrieval-augmented generation. It provides a pre-built data connector library and a framework for building custom connectors, enabling the extraction, transformation, and synchronization of structured and unstructured data from SaaS applications. The platform includes a hybrid vector retrieval system that combines semantic, neural, and keyword search strategies to deliver grounded context for AI agents. The platform distinguishes itself through an agentic search engine that iterati
kops is a Kubernetes cluster provisioner and lifecycle manager designed to automate the creation, maintenance, and destruction of production-grade clusters on cloud infrastructure. It functions as a declarative infrastructure manager, synchronizing the live state of a cluster with versioned manifests stored in remote object storage to ensure idempotent operations. The project distinguishes itself by offering comprehensive automation for the entire cluster lifecycle, including high-availability control plane deployment, incremental rolling updates, and automated version upgrades. It also serve
Authlib is a comprehensive Python framework for implementing OAuth 1.0, OAuth 2.0, and OpenID Connect clients and servers. It provides a complete toolkit for identity management, spanning the development of authorization servers, resource servers, and client-side integrations. The library distinguishes itself through a full implementation of the JOSE specifications, including JSON Web Tokens, Encryption, Signatures, and Keys. It features specialized capabilities for non-interactive authentication via service account assertion frameworks and a compliance-correction layer designed to handle ide