A new open-source Single Sign-On (SSO) provider designed to simplify user and access management.
Features:
- 🙋♂️ User Management
- 🌐 OpenID Connect (OIDC) Provider
- 🔀 Proxy ForwardAuth Domains
- 📧 User Registration and Invitations
- 🔑 Passkey Support
- 🔐 Secure Password Reset with Email Verification
- 🎨 Custom Branding Options
the Postgres requirement is a dealbreaker for me. I don’t get why all these “simple” self-hosted apps need a bloated database. how many users is a self-hoster going to have, maybe 1-10? SQLite can easily handle thousands. I’m currently using Authelia, and it even has a database-less YAML option for managing users
I do agree. I have been thinking about adding a SQLite option which should be somewhat easy since knex (the database package that VoidAuth uses) supports it. Before releasing that I would want to create some way to migrate your data from one database type to another. If you want to use VoidAuth feel free to make an issue for this!
Having run minor projects using PocketBase before and also seen what PocketBase itself can do and SQLite configured correctly in general, It’s great. I’ve gotten to be a big fan of it by the years and gladly opt for it over the bigger ones.
If this project got SQLite support it would be a great replacement for my own setup which requires about 3 or 4 accounts. Currently using a proprietary solution and been looking into moving to Authentik but it’s a bit too heavy resource wise for my current servers.
I will make an issue for adding SQLite support, it has been on my mind for the same reasons. I would say don’t let the Postgres requirement stop you from trying it out. Modern hardware really doesn’t mind having multiple containerized postgresdb instances running, it can be very lightweight when idle.
This thing looks great but it has layers of supply-chain sploit risk. Make sure you’re really secure before trying it – and if you’re (otherwise) iso27002 compliant, give it a pass.
I would not recommend using VoidAuth to anyone who needs to be any kind of security compliant. I am not a security professional and am using packages for the OIDC and other security heavy-lifting. I can recommend VoidAuth for those just looking for a simple but good looking auth app for securing their own selfhosted apps and resources.
How does it compare to keycloak?
While I haven’t spun up Keycloak myself, I think VoidAuth would supply some similar functionality. Ideally the features of Keycloak that you are likely to need but easier to setup and use!
This i need to try!
Let me know how it goes!
