A guide to Auth & Access Control in web apps 🔐

• wasp

  197 11,989 9.7 TypeScript

  The fastest way to develop full-stack web apps with React & Node.js.

  

We're working hard at Wasp to create content like this, not to mention building a modern, open-source React/NodeJS framework that allows you to "roll-your-own" auth in just a few lines of code.

• CheatSheetSeries

  49 26,702 9.2 Python

  The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

  

OWasp cheat sheet on how to do ACL in Web App.

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• CanCanCan

  19 5,514 1.8 Ruby

  The authorization Gem for Ruby on Rails.

  

https://github.com/CanCanCommunity/cancancan (Ruby on Rails ABAC) Same like casl.js, but for Ruby on Rails! Casl.js was actually inspired and modeled by cancancan.

• warrant

  39 1,022 8.9 Go

  Warrant is a highly scalable, centralized authorization service based on Google Zanzibar, used for defining, querying, and auditing application authorization models and access control rules.

  

https://warrant.dev/ (Provider) Relatively new authZ provider, they have a dashboard where you can manage your rules in a central location and then use them from multiple languages via their SDKs, even on the client to perform UI checks. Rules can also be managed programmatically via SDK.

• Pundit

  25 8,171 6.7 Ruby

  Minimal authorization through OO design and pure Ruby classes

  

https://github.com/varvet/pundit Popular open-source Ruby library focused around the notion of policies, giving you the freedom to implement your own approach based on that.

• casbin

  38 16,948 7.2 Go

  An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN

  

https://casbin.org/ (multiple approaches, multiple languages, provider) Open source authZ library that has support for many access control models (ACL, RBAC, ABAC, …) and many languages (Go, Java, Node.js, JS, Rust, …). While somewhat complex, it is also powerful and flexible. They also have their Casdoor platform, which is authN and authZ provider.

• react-native-auth0

  58 468 8.7 JavaScript

  React Native toolkit for Auth0 API

  

Auth0 (provider) Auth0 has been around for some time and is probably the most popular authN provider out there. While authN is their main offering (they give you SDKs for authentication + they store user profiles and let you manage them through their SaaS), they also allow you to define authZ to some degree, via RBAC and policies.

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Suggest a related project