Authentication and Authorization

• authboss - Modular authentication system for the web. It tries to remove as much boilerplate and "hard things" as possible so that each time you start a new web project in Go, you can plug it in, configure it, and start building your app without having to build an authentication system each time.
• branca - branca token specification implementation for Golang 1.15+.
• casbin - Authorization library that supports access control models like ACL, RBAC, and ABAC.
• cookiestxt - provides a parser of cookies.txt file format.
• go-githubauth - Utilities for GitHub authentication: generate and use GitHub application and installation tokens.
• go-guardian - Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication that supports LDAP, Basic, Bearer token, and Certificate based authentication.
• go-iam - Developer-first Identity and Access Management system with a simple UI.
• go-jose - Fairly complete implementation of the JOSE working group's JSON Web Token, JSON Web Signatures, and JSON Web Encryption specs.
• go-jwt - JWT authentication package providing access tokens and refresh tokens with fingerprinting, Redis storage, and automatic refresh capabilities.
• goiabada - An open-source authentication and authorization server supporting OAuth2 and OpenID Connect.
• gologin - chainable handlers for login with OAuth1 and OAuth2 authentication providers.
• gorbac - provides a lightweight role-based access control (RBAC) implementation in Golang.
• gosession - This is quick session for net/http in GoLang. This package is perhaps the best implementation of the session mechanism, or at least it tries to become one.
• goth - provides a simple, clean, and idiomatic way to use OAuth and OAuth2. Handles multiple providers out of the box.
• jeff - Simple, flexible, secure, and idiomatic web session management with pluggable backends.
• jwt - Lightweight JSON Web Token (JWT) library.
• jwt - Safe, simple, and fast JSON Web Tokens for Go.
• jwt-auth - JWT middleware for Golang http servers with many configuration options.
• jwt-go - A full featured implementation of JSON Web Tokens (JWT). This library supports the parsing and verification as well as the generation and signing of JWTs.
• jwx - Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies.
• keto - Open Source (Go) implementation of "Zanzibar: Google's Consistent, Global Authorization System". Ships gRPC, REST APIs, newSQL, and an easy and granular permission language. Supports ACL, RBAC, and other access models.
• loginsrv - JWT login microservice with pluggable backends such as OAuth2 (Github), htpasswd, osiam.
• oauth2 - Successor of goauth2. Generic OAuth 2.0 package that comes with JWT, Google APIs, Compute Engine, and App Engine support.
• oidc - Easy to use OpenID Connect client and server library written for Go and certified by the OpenID Foundation.
• openfga - Implementation of fine-grained authorization based on the "Zanzibar: Google's Consistent, Global Authorization System" paper. Backed by CNCF.
• osin - Golang OAuth2 server library.
• otpgen - Library to generate TOTP/HOTP codes.
• otpgo - Time-Based One-Time Password (TOTP) and HMAC-Based One-Time Password (HOTP) library for Go.
• paseto - Golang implementation of Platform-Agnostic Security Tokens (PASETO).
• permissions - Library for keeping track of users, login states, and permissions. Uses secure cookies and bcrypt.
• scope - Easily Manage OAuth2 Scopes In Go.
• scs - Session Manager for HTTP servers.
• securecookie - Efficient secure cookie encoding/decoding.
• session - Go session management for web servers (including support for Google App Engine - GAE).
• sessions - Dead simple, highly performant, highly customizable sessions service for go http servers.
• sessionup - Simple, yet effective HTTP session management and identification package.
• sjwt - Simple jwt generator and parser.
• spicedb - A Zanzibar-inspired database that enables fine-grained authorization.
• x509proxy - Library to handle X509 proxy certificates.

← All categories