An Easy to Use and Self-Host Single Sign-On Provider 🐈‍⬛🔒 - voidauth/voidauth

A new open-source Single Sign-On (SSO) provider designed to simplify user and access management.

Features:

  • 🙋‍♂️ User Management
  • 🌐 OpenID Connect (OIDC) Provider
  • 🔀 Proxy ForwardAuth Domains
  • 📧 User Registration and Invitations
  • 🔑 Passkey Support
  • 🔐 Secure Password Reset with Email Verification
  • 🎨 Custom Branding Options

Screenshot of the login portal:

  • corsicanguppy@lemmy.caEnglish
    10·
    1 day ago

    This thing looks great but it has layers of supply-chain sploit risk. Make sure you’re really secure before trying it – and if you’re (otherwise) iso27002 compliant, give it a pass.

    • notquitenothing@sh.itjust.worksOPEnglish
      122·
      1 day ago

      I would not recommend using VoidAuth to anyone who needs to be any kind of security compliant. I am not a security professional and am using packages for the OIDC and other security heavy-lifting. I can recommend VoidAuth for those just looking for a simple but good looking auth app for securing their own selfhosted apps and resources.

    • nelson@lemmy.worldEnglish
      71·
      1 day ago

      I’m trying to wrap my head around your comment to understand. What exactly do you mean by supply chain sploit risk?

      The tool is using 3rd party libraries and those libraries could be used to introduce vulnerabilities in the app?

      • lime_red@lemmy.worldEnglish
        1·
        2 hours ago

        This is the correct read.

        This is also the same as any other software package in existence. In fact, if someone claimed to not use any libraries, I’d be taking a close look at that too.

        The key difference is if you’re a paying a company for support and certification of the product as delivered, you can yell at them about it. If you’re using a free product with no support, you can yell at yourself.