The Best Go Libraries For Authentication and Authorization (41)
Discover the best Go libraries for Authentication and Authorization! Find the perfect tools to streamline your development and boost productivity. From jwx to go-guardian, we've got you covered. Let the coding begin!
jwx
Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies
go-guardian
Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication that supports LDAP, Basic, Bearer token, and Certificate based authentication
go-jose
Fairly complete implementation of the JOSE working group's JSON Web Token, JSON Web Signatures, and JSON Web Encryption specs
gologin
chainable handlers for login with OAuth1 and OAuth2 authentication providers
gorbac
provides a lightweight role-based access control (RBAC) implementation in Golang
goth
provides a simple, clean, and idiomatic way to use OAuth and OAuth2. Handles multiple providers out of the box
jeff
Simple, flexible, secure, and idiomatic web session management with pluggable backends
jwt
Lightweight JSON Web Token (JWT) library
jwt-auth
JWT middleware for Golang http servers with many configuration options
loginsrv
JWT login microservice with pluggable backends such as OAuth2 (Github), htpasswd, osiam
oidc
Easy to use OpenID Connect client and server library written for Go and certified by the OpenID Foundation
openfga
Implementation of fine-grained authorization based on the "Zanzibar: Google's Consistent, Global Authorization System" paper. Backed by [CNCF](https://www.cncf.io/)
osin
Golang OAuth2 server library
otpgo
Time-Based One-Time Password (TOTP) and HMAC-Based One-Time Password (HOTP) library for Go
paseto
Golang implementation of Platform-Agnostic Security Tokens (PASETO)
scope
Easily Manage OAuth2 Scopes In Go
scs
Session Manager for HTTP servers
securecookie
Efficient secure cookie encoding/decoding
session
Go session management for web servers (including support for Google App Engine - GAE)
sessions
Dead simple, highly performant, highly customizable sessions service for go http servers
sessionup
Simple, yet effective HTTP session management and identification package
sjwt
Simple jwt generator and parser
jwt-go
A full featured implementation of JSON Web Tokens (JWT). This library supports the parsing and verification as well as the generation and signing of JWTs
authboss
Modular authentication system for the web. It tries to remove as much boilerplate and "hard things" as possible so that each time you start a new web project in Go, you can plug it in, configure it, and start building your app without having to build an authentication system each time
casbin
Authorization library that supports access control models like ACL, RBAC, and ABAC
cookiestxt
provides a parser of cookies.txt file format
jwt
Safe, simple, and fast JSON Web Tokens for Go
oauth2
Successor of goauth2. Generic OAuth 2.0 package that comes with JWT, Google APIs, Compute Engine, and App Engine support
otpgen
Library to generate TOTP/HOTP codes
x509proxy
Library to handle X509 proxy certificates
go-iam
Developer-first Identity and Access Management system with a simple UI
go-jwt
JWT authentication package providing access tokens and refresh tokens with fingerprinting, Redis storage, and automatic refresh capabilities
branca
branca token [specification implementation](https://github.com/tuupola/branca-spec) for Golang 1.15+
go-githubauth
Utilities for GitHub authentication: generate and use GitHub application and installation tokens
authgate
A lightweight OAuth 2.0 Authorization Server supporting Device Authorization Grant ([RFC 8628](https://datatracker.ietf.org/doc/html/rfc8628)), Authorization Code Flow with PKCE ([RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749) + [RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636)), and Client Credentials Grant for machine-to-machine authentication
go-jwt
A JWT (JSON Web Token) library for Go
goiabada
An open-source authentication and authorization server supporting OAuth2 and OpenID Connect
gosession
This is quick session for net/http in GoLang. This package is perhaps the best implementation of the session mechanism, or at least it tries to become one
permissions
Library for keeping track of users, login states, and permissions. Uses secure cookies and bcrypt
spicedb
A Zanzibar-inspired database that enables fine-grained authorization
keto
Open Source (Go) implementation of "Zanzibar: Google's Consistent, Global Authorization System". Ships gRPC, REST APIs, newSQL, and an easy and granular permission language. Supports ACL, RBAC, and other access models