30 open-source projects similar to spring-projects/spring-authorization-server, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Spring Authorization Server alternative.
Authlib is a comprehensive Python library for building and integrating OAuth 1.0, OAuth 2.0, and OpenID Connect clients and servers. It provides a unified set of tools to manage authentication and authorization flows, allowing applications to either act as a client connecting to external identity providers or as a provider issuing tokens and managing user identities. The project distinguishes itself through a full implementation of the JOSE standards, offering a suite of cryptographic tools for generating, signing, encrypting, and validating JSON Web Tokens, Signatures, Encryption, and Keys.
Authlib is a comprehensive Python framework for implementing OAuth 1.0, OAuth 2.0, and OpenID Connect clients and servers. It provides a complete toolkit for identity management, spanning the development of authorization servers, resource servers, and client-side integrations. The library distinguishes itself through a full implementation of the JOSE specifications, including JSON Web Tokens, Encryption, Signatures, and Keys. It features specialized capabilities for non-interactive authentication via service account assertion frameworks and a compliance-correction layer designed to handle ide
Hydra is a headless identity server that functions as a certified OAuth2 and OpenID Connect provider. It is designed as an authentication engine that manages authorization handshakes and token lifecycles while remaining decoupled from the user interface. The project distinguishes itself through a headless architecture, allowing external management of login and consent flows. It provides specialized capabilities for dynamic client registration, JSON Web Token issuance, and a system for rotating encryption secrets without service downtime. The system covers a broad range of identity operations
Doorkeeper is an OAuth 2 authorization server and provider for Ruby on Rails and Grape applications. It provides the necessary framework to build an authorization server that issues and validates security tokens for third-party applications, effectively acting as a security middleware to protect API endpoints. The project integrates an identity layer via OpenID Connect to verify user identities and retrieve profile information. It supports a variety of security patterns, including the implementation of the PKCE flow for public clients and the issuance of stateless JSON Web Tokens. Its broade
node-oidc-provider is a framework for building OpenID Certified authorization servers and identity providers within Node.js environments. It provides a comprehensive suite of tools for managing the full lifecycle of OAuth 2.0 and OpenID Connect services, including user authentication, client registration, and the issuance and validation of identity and access tokens. The project distinguishes itself through a highly modular architecture that allows developers to integrate authentication services directly into existing web application stacks. It supports advanced customization through a middle
Dex is an OpenID Connect provider and identity federation proxy that translates authentication signals from various upstream sources into a unified OpenID Connect interface. It functions as a multi-protocol identity broker, enabling client applications to implement a single standard while delegating user verification to external identity providers. The project distinguishes itself through a pluggable connector architecture that bridges disparate protocols including LDAP, SAML, and OAuth2. It provides specific integrations for services such as GitHub, Google, GitLab, and Microsoft, while offer
This project provides a TypeScript software development kit for the Model Context Protocol, a standard designed to facilitate bidirectional communication between AI applications and external data sources or tools. It serves as a foundational framework for building both clients and servers, enabling language models to interact with external systems through a unified, decoupled interface. The SDK distinguishes itself by implementing a transport-agnostic connection layer that supports both local standard input-output streams and remote HTTP endpoints. It utilizes a JSON-RPC message bus to manage
The inspector is a diagnostic and validation tool for the Model Context Protocol. It provides an interactive interface and a transport proxy to discover, inspect, and execute the tools, prompts, and resources provided by an MCP server. The project serves as a debugger and compliance tester to verify that server implementations adhere to the protocol specification and JSON-RPC standards. It allows for real-time monitoring of message exchanges and logs between clients and servers across various transport layers, such as standard input/output and Server-Sent Events. The tool covers a broad rang
Dex is an OpenID Connect identity provider that functions as an identity federation gateway. It authenticates users and issues signed tokens for applications by using a variety of pluggable connectors to interface with external identity sources. The project focuses on federating multiple external identity providers into a single authentication portal. It maps diverse external authentication sources to a uniform internal user representation and manages the orchestration of authorization handshakes between clients and identity sources. Capability areas include centralized user authentication,
OpenAuth is a standards-based authentication server and identity provider that implements OAuth 2.0 and OpenID Connect protocols. It serves as a centralized system for managing user identities, issuing access tokens, and orchestrating authentication flows across various services. The project functions as a federated identity gateway, aggregating external providers such as Google, GitHub, Microsoft, Apple, and Discord into a unified login flow. It distinguishes itself with a multi-tenant architecture that supports pluggable identity providers and customizable user interface frameworks for bran
This project is a .NET identity stack and server framework used to build certified OpenID Connect and OAuth 2.0 identity providers. It provides the core logic required to issue and validate security tokens and manage user authentication across various grant types and protocol flows. The framework includes a protocol translation layer that bridges OpenID Connect and SAML to enable interoperability between different identity providers. It also supports a stateless mode of operation, which removes built-in validation and storage to allow for manual control over token and client verification. Th
This project is a cloud-native identity and access management platform designed to centralize authentication, authorization, and identity lifecycle management. It functions as a standards-compliant OpenID Connect authorization server, providing secure session management and token issuance for web, mobile, and device-based applications. The platform is built to handle complex identity requirements through stateless token authentication and support for modern passwordless methods, including biometrics and hardware keys. What distinguishes this platform is its native support for multi-tenant env
Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program
FastMCP is a Python framework designed for building servers that expose functions, resources, and prompts to AI models using the Model Context Protocol. It simplifies the development process by automatically deriving tool metadata, input schemas, and documentation directly from Python function signatures and type hints. The framework provides a unified container for managing these components, allowing developers to build modular applications that integrate seamlessly with AI assistants. The project distinguishes itself through its support for interactive, server-defined user interface compone
Model Context Protocol is a standardized framework for connecting large language models to external data sources and executable tools. It enables the creation of a universal interface where servers expose tools, resources, and prompts that can be discovered and utilized by various AI clients. The protocol utilizes a JSON-RPC message system that is transport-agnostic, supporting both standard input/output for local processes and HTTP with server-sent events for remote connections. It emphasizes security and control by delegating model sampling to the client to keep API keys secure from servers
The Google API JavaScript Client Library is an official client for calling Google APIs directly from browser applications. It provides a programmatic interface to exchange data and execute service requests while managing request construction and response parsing. The library features dynamic client discovery, which loads machine-readable metadata at runtime to automatically generate request methods and parameter validation for various endpoints. It also includes an authentication client that handles OAuth 2.0 authorization flows to securely manage user identity and access tokens in the browse
gptel is an LLM Emacs client and multi-backend AI integration system that allows users to interact with large language models directly inside the Emacs text editor. It serves as an AI-powered text refactoring tool and a context-aware prompt manager, providing a unified interface to connect with various AI providers, including local Ollama instances, AWS Bedrock, and Gemini. The project distinguishes itself as a Model Context Protocol client, connecting to MCP servers to provide language models with external tools and data sources. It enables context-augmented prompting by aggregating text fro
Tinyauth is an authentication middleware service and identity provider that verifies user identities to grant system access. It operates as a standalone server or as an authentication gateway, utilizing a reverse proxy model to intercept requests and validate credentials before traffic reaches protected backend services. The project functions as an OpenID Connect provider for single sign-on experiences and an OAuth 2.0 gateway that delegates verification to external providers such as Google and GitHub. It also acts as an LDAP authentication server, allowing for centralized user management and
sofa-boot is a Spring Boot extension framework designed for enterprise service orchestration and middleware integration. It functions as a Java class loader isolator and Spring context manager, providing the mechanisms necessary to prevent dependency and bean conflicts within complex applications. The project differentiates itself by separating classes and contexts into distinct namespaces to resolve version conflicts between application libraries and middleware modules. It also acts as an enterprise middleware integrator, using standardized starters to automatically configure and connect app
This is a Go library for obtaining, refreshing, and attaching OAuth 2.0 access tokens to HTTP requests. It provides a generic token source interface with interchangeable implementations for different OAuth 2.0 grant types, and wraps the Go net/http transport layer to automatically attach access tokens as Authorization headers on outgoing requests. The library supports the authorization code flow, generating consent page URLs and exchanging authorization codes for tokens. It also implements the device authorization grant for authentication on devices without a browser, and the resource owner p
Pig is a microservice-based RBAC permission management platform built on Spring Cloud and Spring Boot, with OAuth2 authentication and authorization at its core. It provides a dedicated authorization server that issues access and refresh tokens using authorization code, password, and refresh token grant types, while embedding role and permission checks into each microservice to secure API endpoints. The platform distinguishes itself through a comprehensive set of integrated capabilities, including automatic CRUD code generation from database schemas that produces controller, service, mapper, a
PiggyMetrics is a demonstration project that illustrates a complete microservice architecture built with Spring Boot, Spring Cloud, and Docker, centered around a personal finance tracking application. It records incomes, expenses, and savings for individual accounts while computing spending statistics and time-series data to track cash flow dynamics over time. The project showcases a full Spring Cloud service mesh, including an API gateway for request routing, service discovery for dynamic instance location, and a centralized configuration server that manages application settings from a singl
OpenCloud is a self-hosted platform for synchronizing files across devices and sharing them with team members through collaborative spaces and access controls. It enables users to sync files between a server and local desktop and mobile clients, manage files and folders, and share content with internal and external contributors via permission-based links and file drops. The platform integrates an embedded OpenID Connect identity provider for authentication and supports external identity providers. It stores all data and metadata directly on the filesystem, eliminating the need for a separate
This project is an integration framework that bootstraps Apache Dubbo remote procedure call services within Spring Boot applications. It serves as a microservice communication framework that enables the implementation of RPC services, service discovery, and distributed governance through automated configuration. The project distinguishes itself by providing a cross-language RPC bridge, allowing services written in different languages to communicate via standards such as gRPC and Protobuf. It further enables the exposure of backend microservices as REST endpoints using the Triple protocol for
Authelia is a centralized identity and access management server designed to secure web applications through unified authentication and authorization. It functions as an identity authority that enables single sign-on across diverse platforms, allowing users to access multiple services with a single set of credentials. By acting as a standards-compliant provider, it facilitates secure identity propagation and token issuance for client applications. The platform distinguishes itself through its ability to integrate directly with web gateways as a reverse proxy authentication middleware, intercep
grpc-spring is a framework for integrating gRPC servers and clients into Spring applications. It provides a suite of tools for managing the lifecycle of remote procedure call servers, automating client stub injection, and implementing request interception within a Java environment. The project enables high-performance remote procedure call communication through annotation-driven service registration and automatic configuration of client stubs. It includes a specialized interceptor library for modifying requests and responses, as well as a telemetry tool for exporting performance metrics and d
clasp is a command-line interface for managing Google Apps Script projects, enabling developers to create, sync, and deploy scripts from a local development environment. It provides an alternative to the cloud-based script editor, allowing version control, offline editing, and integration with standard development workflows. The tool supports TypeScript transpilation, so developers can write type-annotated code that compiles to JavaScript for the Apps Script runtime. Authentication is handled via OAuth 2.0, and users can synchronize local files with remote projects using ignore patterns simil
JimuReport is an open-source reporting and dashboard engine designed to be embedded directly into Spring Boot applications. Its core identity centers on generating data reports and full-screen dashboards from natural language descriptions, eliminating the need for manual design. The platform also provides a conversational query interface that translates plain-language questions into database queries, returning results as tables and charts without requiring SQL knowledge. What distinguishes JimuReport is its integration of AI skills that can be installed with a single command, enabling report
novel 是一套基于时下最新 Java 技术栈 Spring Boot 3 Vue 3 开发的前后端分离学习型小说项目,配备保姆级教程手把手教你从零开始开发上线一套生产级别的 Java 系统,由小说门户系统、作家后台管理系统、平台后台管理系统等多个子系统构成。包括小说推荐、作品检索、小说排行榜、小说阅读、小说评论、会员中心、作家专区、充值订阅、新闻发布等功能。
Lucia is an authentication library that provides session management, OAuth integration, and password-based login for web applications. It creates and validates server-side sessions using cryptographically random tokens stored in HttpOnly, Secure, SameSite=Lax cookies, with constant-time token comparison to prevent timing side-channel attacks. The library supports authentication through email and password, GitHub OAuth, Google OAuth, and passkey-based sign-in. It enforces two-factor authentication using time-based one-time passwords (TOTP) from authenticator apps, generates recovery codes for