30 open-source projects similar to omniauth/omniauth, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Omniauth alternative.
Tinyauth is an authentication middleware service and identity provider that verifies user identities to grant system access. It operates as a standalone server or as an authentication gateway, utilizing a reverse proxy model to intercept requests and validate credentials before traffic reaches protected backend services. The project functions as an OpenID Connect provider for single sign-on experiences and an OAuth 2.0 gateway that delegates verification to external providers such as Google and GitHub. It also acts as an LDAP authentication server, allowing for centralized user management and
This project is a Django library that enables web applications to authenticate users through third-party identity providers using standard protocols like OAuth and OpenID Connect. It functions as an integration layer that delegates authentication to external services, allowing users to sign in with existing accounts while maintaining a persistent link to their local application profile. The library distinguishes itself through a modular pipeline that executes a sequence of functions to validate and manage user records during the login process. It employs a strategy-based approach to encapsula
Devise is a flexible authentication framework for Ruby on Rails applications. It serves as a user identity management system that handles registration, sign-in, password recovery, and account confirmation. The system integrates with the Warden middleware to manage user sessions and security across various request types. The framework functions as a multi-model authentication engine, allowing for the configuration of multiple distinct user models with independent routes and access controls. It also provides a standardized interface to connect with external identity providers and third-party lo
Passport is a Node.js authentication middleware designed to manage user identities and session states within web applications. It functions as a request identity verifier that secures application routes by validating user credentials before granting access. The system utilizes a modular authentication strategy, allowing identity verification through interchangeable plugins. This architecture supports the creation of custom authentication strategies for local credentials and the integration of federated identity providers using external protocols. The framework provides capabilities for sessi
Passwordless is a Node.js authentication library that enables secure user identity verification using one-time tokens instead of traditional passwords. It functions as a middleware-based identity provider, protecting application routes and resources by validating these tokens before granting access. The library distinguishes itself through a highly decoupled architecture that separates token generation, verification, and delivery. Developers can implement custom token delivery strategies to dispatch authentication codes via email, SMS, or voice services. Furthermore, the system supports both
Nebular is an Angular UI component library that implements the Eva Design System, providing a comprehensive set of over thirty-five ready-made UI elements with full theming support. The library is built around a design-token-driven architecture where visual properties are compiled into CSS custom properties, enabling global style overrides and consistent branding across applications without modifying component internals. The framework includes a built-in dark mode system activated by toggling a CSS class on the root element, which triggers pre-defined token overrides across all components. Au
Vendure is a Node.js e-commerce engine and headless commerce framework built with NestJS and TypeScript. It serves as a multi-channel commerce platform that manages product catalogs, orders, and customers via a strongly typed GraphQL API. The platform is distinguished by its highly extensible architecture, featuring a customizable administrative dashboard where developers can inject custom React components and entity views. It supports multi-channel commerce, allowing the isolation of products, currencies, and regional catalogs from a single unified backend. The engine covers a broad range o
The Cypress Real-World App is a payment application designed to demonstrate real-world Cypress testing patterns, workflows, and best practices. It serves as a demo application that validates Cypress testing methods through end-to-end tests on a realistic application, while also generating frontend and backend code coverage reports from test executions. The application showcases authentication and identity management through multiple approaches, including a built-in local authentication mechanism that does not rely on external providers, and integration with third-party providers such as Googl
LoopBack Next is a Node.js API framework used for building REST and multi-protocol APIs. It functions as an OpenAPI server implementation that can either generate machine-readable specifications from code or produce implementation controllers and models from existing specifications. The framework distinguishes itself through a central dependency injection container and a repository-pattern data access layer. This architecture decouples application logic from component construction and persistent storage, allowing for a pluggable system where data sources and business logic are isolated throug
The Swift OpenAPI Generator is a build-time tool that produces type-safe Swift client and server code directly from OpenAPI specification documents. By integrating with build systems through native plugins, it automates the creation of strongly-typed interfaces and protocol stubs that map network operations to native methods, ensuring that application code remains strictly consistent with defined data schemas. The project distinguishes itself through a protocol-oriented architecture that decouples business logic from specific transport implementations. It utilizes a pluggable transport layer
Goth is a Go library that provides a consistent, provider-agnostic interface for authenticating users through dozens of third-party OAuth and OAuth2 services. It defines a pluggable provider interface and a central registry where providers are registered by name, enabling dynamic lookup and invocation during authentication flows. The library manages the multi-step OAuth authorization process by generating redirect URLs and validating callback responses, and returns a standardized user profile with common fields like email, name, and avatar URL across all supported providers. The library disti
Devise is a comprehensive identity management system and authentication framework for Ruby on Rails applications. It provides a complete set of tools for managing user registration, secure sign-in, and session handling using a modular strategy pattern. The framework distinguishes itself by offering a suite of security hardening features, including brute force protection through account locking and secure password recovery workflows. It also functions as an integrator for external identity providers and third-party authentication via standardized protocols. Broad capabilities cover the full u
Hertz is a high-performance Go HTTP framework designed for building scalable microservices, RESTful APIs, and AI applications. It functions as a high-performance web server and a communication framework for microservices, utilizing non-blocking I/O and zero-copy memory management to handle high-concurrency traffic. The project distinguishes itself through a microservices communication toolkit that supports high-efficiency remote procedure calls via gRPC and Thrift protocols. It implements an asynchronous middleware engine based on an onion model, allowing for a pluggable request-response pipe
FastHTML is a full-stack Python web framework designed for building interactive web applications using pure Python. It functions as an HTMX integration framework and a Python HTML domain-specific language, allowing developers to generate HTML structures using native objects and functions instead of external templating files. The framework is distinguished by its native support for real-time bidirectional communication via WebSockets and Server-Sent Events, enabling server-side updates to be pushed to the browser without full page reloads. It further integrates identity management through OAut
Wasp is a declarative full-stack web framework that enables developers to build and deploy applications by defining their architecture in a centralized configuration. By using a high-level specification, the framework automates the orchestration of frontend, backend, and database components, ensuring that infrastructure concerns like routing, authentication, and data modeling are handled consistently across the entire stack. The framework distinguishes itself through its compiler-driven approach, which translates declarative configurations into cohesive, production-ready codebases. It provide
Calibre-Web-Automated is a self-hosted ebook library server that watches file system folders for new ebook files, automatically converts them to a target format, enriches their metadata from online sources, and inserts them into a Calibre-managed library. It provides a web interface for browsing, reading in-browser, searching full text, and managing collections, while also supporting user authentication through multiple protocols including OAuth 2.0, OpenID Connect, LDAP, magic links, and reverse proxy headers. The server integrates directly with Kobo e-reader devices, synchronizing books, co
Authboss is a modular HTTP authentication framework for managing user identity, session lifecycles, and password security. It provides a system of identity access middleware to control route access and synchronize user identity across requests via standard web protocols. The framework is distinguished by a pluggable architecture that allows for the registration of independent modules to extend identity logic. It utilizes a hook-based event system to execute custom business logic during authentication state changes and employs a selector-verifier token pattern to protect against timing attacks
Pocketbase is a backend-as-a-service platform that provides a self-contained, single-binary server for building full-stack applications. It integrates a relational database, authentication, and file storage into one executable process, eliminating the need for external infrastructure or complex server management. The platform distinguishes itself through an embedded database engine that runs directly within the application process and a reactive communication layer that pushes live updates to connected clients. By monitoring internal transaction logs, it synchronizes data across multiple user
Openclaw is a platform for managing agent execution environments, providing the infrastructure to control agent lifecycles, session state, and workspace persistence. It features a centralized gateway that handles model loops, tool invocation, and streaming events, while supporting multi-agent routing and persistent memory management. The system is designed to normalize tool execution signatures and provide a standardized interface for cross-provider compatibility. The platform includes extensive developer tooling, such as a command-line interface for workspace management, diagnostic logging,
Rack-attack is a middleware rate limiter and request filter for the Rack interface. It provides a system for throttling HTTP requests and maintaining IP address blocklists to protect applications from malicious traffic and denial-of-service attacks. The project enables application layer DDoS mitigation and API rate limit management by identifying and rejecting requests from banned clients or abusive IP addresses. It allows for the definition of safelists to bypass filters and uses custom logic to determine if a client should be blocked or throttled. The tool covers comprehensive traffic mana
deepstream.io is an open-source realtime server that synchronizes JSON records, events, and remote procedure calls across clients and backend services. It functions as a realtime data sync server, event pub/sub server, record database server, and RPC server, all within a single platform. The server authenticates and authorizes every message using multiple strategies including JWT, HTTP, and file-based credentials, with a declarative permission language controlling access to records, events, and RPCs at a granular level. The platform distinguishes itself through its combination of realtime dat
iron-session is a stateless session management library for JavaScript that stores encrypted and signed session data directly in browser cookies. It functions as authentication middleware to verify user identity without requiring a server-side database or network lookups for session retrieval. The project provides a symmetric key encryption tool that supports versioned password rotation. This allows encryption keys to be updated across a system without invalidating active user sessions. Beyond session management, the library includes utilities to seal arbitrary data objects into secure signed
Next-auth is an authentication library and identity framework used to manage user sign-in and session state across web applications. It provides a system for handling user identity through OAuth, OpenID Connect, and passwordless sign-in flows. The project features a multi-provider framework that integrates third-party identity services and custom directory backends. It supports passwordless authentication via email magic links or hardware keys and utilizes a database-agnostic storage layer to persist authentication states across different database types or in-memory. Security is managed thro
JustAuth is an OAuth 2.0 authentication library designed to integrate multiple third-party login providers into a single interface. It abstracts various social login APIs and identity services, allowing applications to manage authentication using the OAuth 2.0 and OIDC protocols. The project provides a multi-provider identity integrator that replaces the need for individual vendor software development kits. It includes a toolkit for defining custom authentication platforms and proprietary identity services by specifying custom OAuth protocols and endpoints. The library manages the full authe
Cosmos-Server is a self-hosted server platform that combines an authentication gateway, a reverse proxy with dynamic rate limiting, and a Docker container orchestrator into a single management interface. It provides automatic HTTPS certificate management with wildcard support through DNS challenges, and secures self-hosted applications with token-based session management and plugin-based authentication middleware. The platform distinguishes itself by integrating these capabilities into a unified system where the reverse proxy enforces authentication, rate limiting, and TLS termination before
Hapi is a configuration-driven web framework for building secure and scalable HTTP servers and APIs on the Node.js runtime. It functions as a REST API development framework and an enterprise server implementation focused on stability, security, and comprehensive input validation. The framework is built around a plugin-based architecture, allowing core functionality and custom logic to be organized into modular, registerable plugins. It serves as an HTTP request lifecycle manager, enabling the interception and modification of requests through pre-handlers and extensions before they reach the f
jsproxy is a web traffic proxy designed to route requests through a ServiceWorker to bypass network restrictions while minimizing server-side processing overhead. It focuses on browser API virtualization, rewriting URL-related functions and properties so that proxied pages behave as if they are running on their original domains. The project utilizes a decoupled architecture that separates the static user interface from the data forwarding backend, allowing for deployment across multiple providers. It includes weight-based load balancing to distribute traffic across multiple proxy nodes and im
This project is a community-maintained directory of technical resources, tools, and services that offer free tiers for developers. It serves as a centralized reference point for discovering infrastructure, software, and educational materials, helping individuals and teams minimize operational costs while building and scaling applications. The directory distinguishes itself through a collaborative, community-driven curation model that aggregates metadata about third-party services. By utilizing a hierarchical taxonomy and storing all content in version-controlled, plain-text files, the project
This project provides an integrated backend platform built around a relational database. It automatically generates REST and GraphQL APIs from database schemas, allowing for direct data interaction through standard requests and client libraries. The platform includes a comprehensive authentication system that manages user identity, session handling, and fine-grained access control through database-native row-level security policies. Beyond core data management, the platform offers specialized services for object storage, vector data processing for semantic search, and real-time communication
Appwrite is a backend-as-a-service platform that provides a unified development environment for building full-stack applications. It integrates essential infrastructure components—including authentication, databases, storage, and serverless functions—into a single, centralized interface to simplify application development and resource management. The platform distinguishes itself through a container-based microservices architecture that ensures consistent execution across diverse infrastructure. It features a versatile connectivity layer that links frontend applications with third-party servi