2 个仓库
Modular systems for managing user identity and session lifecycles over HTTP.
Distinct from Identity Authentication: Focuses on the overall framework architecture for HTTP auth rather than specific cloud identity or basic auth mechanisms.
Explore 2 awesome GitHub repositories matching security & cryptography · HTTP Authentication Frameworks. Refine with filters or upvote what's useful.
Authboss 是一个模块化 HTTP 身份验证框架,用于管理用户身份、会话生命周期和密码安全。它提供了一个身份访问中间件系统,用于控制路由访问并通过标准 Web 协议在请求间同步用户身份。 该框架以可插拔架构为特色,允许注册独立模块以扩展身份逻辑。它利用基于 Hook 的事件系统在身份验证状态变更期间执行自定义业务逻辑,并采用选择器-验证器令牌模式来防止验证期间的计时攻击。 该系统涵盖了全面的身份管理,包括用户注册、密码哈希和会话状态跟踪。它支持通过 TOTP 和短信进行多因素身份验证,以及使用 OAuth1 和 OAuth2 标准的第三方身份集成。额外的安全功能包括具有账户锁定功能的有状态暴力破解保护和基于电子邮件的账户恢复工作流。 该项目支持服务器端 HTML 模板渲染和基于 JSON 的 API 响应,以适应无头或传统的 Web 架构。
Offers a modular system for managing user identity, session lifecycles, and password security via standard web protocols.
flask-login is a session management extension for Flask web applications. It functions as an authentication middleware and identity tracker that manages user login and logout processes and provides a mechanism to identify the active user across different application views. The toolkit distinguishes between different session states by tracking session freshness to protect sensitive operations. It also includes security guards to prevent session hijacking and theft by monitoring IP addresses and user agents. The project covers broad capabilities including web access control to restrict specifi
Provides a modular framework for managing user identity and session lifecycles over HTTP.