Internet-scale OpenID Certified™ OpenID Connect and OAuth2.1 provider that integrates with your user management through headless APIs. Solve OIDC/OAuth2 user cases over night. Consume as a service …

OpenID Connect, the authentication protocol and identity layer on top of OAuth 2.0 used in many SSO and adopted in many social logins (Apple, Facebook, Google, ...etc). Find this curated list of pr…

🔒 The oauth.net website. Feel free to send pull requests with updates.

A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

openapi-oathkeeper is a CLI for generating Ory Oathkeeper rules from an OpenAPI 3 contract and save a lot of time and effort, especially for larger projects with many endpoints or many services.

A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust whi…

OAuth 2 / OpenID Connect Client API for JavaScript Runtimes

OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications

The most scalable and customizable permission server on the market. Fix your slow or broken permission system with Google's proven "Zanzibar" approach. Supports ACL, RBAC, and more. Written in Go, …

Headless cloud-native authentication and identity management written in Go. Scales to a billion+ users. Replace Homegrown, Auth0, Okta, Firebase with better UX and DX. Passkeys, Social Sign In, OID…

World's fastest and most advanced password recovery utility

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

ZITADEL - Identity infrastructure, simplified for you.

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

Metasploit Framework

👤 Identity and Access Management knowledge for cloud platforms

Apache Casbin: an authorization library that supports access control models like ACL, RBAC, ABAC.

🔐 A curated list of awesome WebAuthn and Passkey resources

API Security Vulnerability Scanner designed to help you secure your APIs.

An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API security risks. 

A curated list of awesome libraries and resources about JSON Web Token (JWT), a standard JSON structure, compact, URL-safe means of representing properties (claims) to be transferred between two pa…

Repository for the Lemur Certificate Manager

OpenBao is a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys.

Open Policy Agent (OPA) is an open source, general-purpose policy engine.

The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™

WebAuthn, Simplified. A collection of TypeScript-first libraries for simpler WebAuthn integration. Supports modern browsers, Node, Deno, and more.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Obtain GraphQL API schema even if the introspection is disabled