OAuth

OAuth is an open authorization standard, first published in 2007 and fundamentally revised as OAuth 2.0 in 2012 (RFC 6749). It enables applications to obtain limited access to user accounts on third-party services without exposing passwords. The protocol defines authorization flows for web applications, mobile apps, and server-to-server communication. OpenID Connect (OIDC) extends OAuth 2.0 with a standardized identity layer.

Open-source OAuth 2.0 / OIDC server implementations:

Ory Hydra — cloud-native, OIDC Certified, headless (bring your own login UI). Written in Go. Enterprise adds HA and premium support. Apache 2.0.

Keycloak — full-featured IAM by Red Hat. SSO, user federation, admin console, and social login out of the box. No feature gating. CNCF incubating. Apache 2.0.

Authelia — lightweight authentication server with 2FA, SSO, and OIDC. Designed for reverse proxies (Nginx, Traefik, Caddy). No feature gating. Apache 2.0.

Dex — CNCF-hosted federated OIDC provider. Connects to LDAP, SAML, GitHub, and other identity sources. No feature gating. Apache 2.0.

SuperTokens — developer-friendly auth with pre-built UI, session management, and social login. MFA and multi-tenancy are paid add-ons. Apache 2.0.