187
GitHub - voidauth/voidauth: An Easy to Use and Self-Host Single Sign-On Provider πββ¬π
(github.com)
A new open-source Single Sign-On (SSO) provider designed to simplify user and access management.
Features:
- πββοΈ User Management
- π OpenID Connect (OIDC) Provider
- π Proxy ForwardAuth Domains
- π§ User Registration and Invitations
- π Passkey Support
- π Secure Password Reset with Email Verification
- π¨ Custom Branding Options
Screenshot of the login portal:
This thing looks great but it has layers of supply-chain sploit risk. Make sure you're really secure before trying it -- and if you're (otherwise) iso27002 compliant, give it a pass.
I would not recommend using VoidAuth to anyone who needs to be any kind of security compliant. I am not a security professional and am using packages for the OIDC and other security heavy-lifting. I can recommend VoidAuth for those just looking for a simple but good looking auth app for securing their own selfhosted apps and resources.
I'm trying to wrap my head around your comment to understand. What exactly do you mean by supply chain sploit risk?
The tool is using 3rd party libraries and those libraries could be used to introduce vulnerabilities in the app?