awesome-repositories.com
Blog
awesome-repositories.com

Discover the best open-source repositories with AI-powered search.

ExploreCurated searchesOpen-source alternativesSelf-hosted softwareBlogSitemap
ProjectAboutHow we rankPressMCP server
LegalPrivacyTerms
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
volatiletech avatar

volatiletech/authboss

0
View on GitHub↗
4,189 stars·222 forks·Go·MIT·2 views

Authboss

Authboss is a modular authentication framework designed to manage user identity and account orchestration. It provides a comprehensive system for handling user registration, email verification, and the full lifecycle of user profiles.

The framework distinguishes itself through a focused suite of security and identity tools, including multi-factor authentication via time-based passwords and SMS, and identity integration with external providers using OAuth1 and OAuth2 protocols. It also includes a dedicated account security manager that implements brute-force protection through credential-based account locking and adaptive password hashing.

Broadly, the project covers session lifecycle management, including persistent login cookies and inactivity timeouts, as well as account recovery flows for forgotten passwords. It also provides request middleware for route access control and supports rendering authentication views in HTML or JSON.

Features

  • User Account Management - Manages the full lifecycle of user profiles, from registration and email verification to password resets.
  • Server-Side Session Storages - Stores and retrieves user identity state across requests using server-side storage and secure cookies.
  • Account Brute-Force Protection - Implements brute-force protection by tracking failed attempts and locking accounts in the database.
  • Account Recovery - Provides a secure flow for users to reset forgotten passwords via email verification tokens.
  • Email Verification Flows - Generates secure, short-lived hashes sent via email to verify account ownership during registration and resets.
  • OAuth and Identity Providers - Delegates user authentication to external identity services using OAuth1 and OAuth2 protocols.
  • Email Verifications - Prevents login attempts until users confirm their email addresses to prove account ownership.
  • Identity Authentication - Provides a modular framework for configuring session-based authentication and identity management tailored to project needs.
  • User Identity Verification - Verifies user identities through external providers using standard token-based authentication protocols.
  • Account Registrations - Handles the full account creation process, including the setup of user identities and optional email verification.
  • OAuth1 Implementations - Verifies user identities through external providers using the OAuth1 token protocol.
  • OAuth2 Implementations - Verifies user identities through external providers using the OAuth2 token protocol.
  • Multi-Factor Authentication - Provides a complete multi-factor authentication suite including SMS and TOTP verification.
  • OAuth Provider Integrations - Provides seamless integration with external identity providers like Google and GitHub via OAuth protocols.
  • OAuth Flow Implementations - Implements a standardized sequence of redirects and callback handlers for external identity provider authentication.
  • OAuth2 Integration - Implements secure user authorization and single sign-on via OAuth2 provider integration.
  • One-Time Passwords - Provides a second security layer by validating time-based numeric codes against a shared secret.
  • Middleware Route Filters - Uses request middleware to verify session states and block unauthenticated users from protected routes.
  • Session-Cookie Persistences - Uses persistent cookies and tokens to maintain authenticated sessions across different browser restarts.
  • Session Lifecycle Management - Manages the full session lifecycle, including persistent cookies and inactivity timeouts.
  • Inactivity Session Termination - Automatically terminates user sessions after a configured period of inactivity by monitoring activity timestamps.
  • User Session Termination - Implements mechanisms to explicitly destroy active user sessions for both standard and OAuth2 authentication flows.
  • Session Persistence - Maintains user identity across requests using unique identifiers stored in cookies and server-side storage.
  • Two-Factor Authentication - Adds a second security layer using time-based passwords, SMS codes, or recovery codes.
  • TOTP Enforcers - Enforces a second security layer during login using TOTP authenticator apps or SMS verification.
  • Brute Force Protection - Locks user accounts after repeated failed authentication attempts to stop brute-force attacks.
  • Password Resets - Provides a secure password recovery flow driven by email-based verification tokens.
  • Credential Authentications - Verifies user identities by checking provided passwords against stored records to grant session access.
  • User Registrations - Create new user accounts while preserving input data during validation failures.
  • Session Expiration Policies - Invalidates active login sessions after a set period to force user re-authentication.
  • Authentication Frameworks - Provides a modular PHP-based framework for handling user registration, password resets, and session management.
  • Account Locking - Block account access after repeated failed authentication attempts to prevent unauthorized entry.
  • Adaptive Hashing Costs - Automatically updates password hashes during login to increase computational complexity as hardware improves.
  • Logic Customizers - Offers programmable extensions to customize authentication routing, error handling, and response rendering.
  • Route-Based Access Restrictions - Provides request middleware to block unauthenticated or locked users from accessing specific routes.
  • Session State Persistence - Maintains authenticated user identities across browser restarts using secure long-term tokens.
  • Remember-Me Persistence - Uses persistent cookies to maintain authentication across different browser sessions.
  • Backup Code Management - Generates and validates one-time backup recovery codes for account access when second-factor methods are unavailable.
  • Account Security Policies - Enforces security policies including account locking and adaptive password hashing.
  • Password Changes - Enables updating user passwords while simultaneously adjusting cryptographic hashing costs and invalidating remember-me tokens.
  • Authentication and Authorization - Modular web authentication system.
  • Security & Privacy - Modular authentication system for web applications.

Star history

Star history chart for volatiletech/authbossStar history chart for volatiletech/authboss

AI search

Explore more awesome repositories

Describe what you need in plain English — the AI ranks thousands of curated open-source projects by relevance.

Start searching with AI

Open-source alternatives to Authboss

Similar open-source projects, ranked by how many features they share with Authboss.
  • aarondl/authbossaarondl avatar

    aarondl/authboss

    4,189View on GitHub↗

    Authboss is a modular HTTP authentication framework for managing user identity, session lifecycles, and password security. It provides a system of identity access middleware to control route access and synchronize user identity across requests via standard web protocols. The framework is distinguished by a pluggable architecture that allows for the registration of independent modules to extend identity logic. It utilizes a hook-based event system to execute custom business logic during authentication state changes and employs a selector-verifier token pattern to protect against timing attacks

    Go
    View on GitHub↗4,189
  • teamhanko/hankoteamhanko avatar

    teamhanko/hanko

    8,801View on GitHub↗

    Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey authentication service and an OAuth and SAML SSO gateway, allowing applications to authenticate users and issue tokens via standard identity protocols. The project distinguishes itself through a strong focus on passwordless access using WebAuthn-based passkeys and email-based passcodes. It provides framework-agnostic authentication interfaces as customizable web components that can be embedded directly into web applications to handle login, registration, and profile management.

    Go2faauthenticationciam
    View on GitHub↗8,801
  • laravel/jetstreamlaravel avatar

    laravel/jetstream

    4,060View on GitHub↗

    Jetstream is an application scaffold for Laravel that provides a pre-built identity system and team collaboration framework. It serves as a starter kit that integrates user authentication, profile management, and organizational tools into a unified project structure. The project is distinguished by its comprehensive team management capabilities, which include shared workspace organization, member invitation workflows, and role-based access control. It also features an integrated API token manager for issuing and controlling secure access tokens for external clients. The platform covers a bro

    PHPauthlaraveltailwind
    View on GitHub↗4,060
  • quantumnous/new-apiQuantumNous avatar

    QuantumNous/new-api

    39,722View on GitHub↗

    This project is an AI model API gateway and proxy server designed to provide a unified interface for interacting with diverse artificial intelligence service providers. It functions as a centralized middleware platform that routes, load balances, and translates API requests across multiple models, enabling developers to access text, image, audio, and video generation capabilities through a single, standardized integration. The gateway distinguishes itself through comprehensive administrative and financial controls, including event-driven usage accounting, real-time token consumption tracking,

    Goai-gatewayclaudedeepseek
    View on GitHub↗39,722
See all 30 alternatives to Authboss→

Frequently asked questions

What does volatiletech/authboss do?

Authboss is a modular authentication framework designed to manage user identity and account orchestration. It provides a comprehensive system for handling user registration, email verification, and the full lifecycle of user profiles.

What are the main features of volatiletech/authboss?

The main features of volatiletech/authboss are: User Account Management, Server-Side Session Storages, Account Brute-Force Protection, Account Recovery, Email Verification Flows, OAuth and Identity Providers, Email Verifications, Identity Authentication.

What are some open-source alternatives to volatiletech/authboss?

Open-source alternatives to volatiletech/authboss include: aarondl/authboss — Authboss is a modular HTTP authentication framework for managing user identity, session lifecycles, and password… teamhanko/hanko — Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey… laravel/jetstream — Jetstream is an application scaffold for Laravel that provides a pre-built identity system and team collaboration… quantumnous/new-api — This project is an AI model API gateway and proxy server designed to provide a unified interface for interacting with… nextauthjs/next-auth-example — This project is a reference implementation and boilerplate for managing user authentication and session state within… lucia-auth/lucia — Lucia is an authentication library that provides session management, OAuth integration, and password-based login for…