An Easy to Use and Self-Host Single Sign-On Provider 🐈‍⬛🔒 - voidauth/voidauth

A new open-source Single Sign-On (SSO) provider designed to simplify user and access management.

Features:

  • 🙋‍♂️ User Management
  • 🌐 OpenID Connect (OIDC) Provider
  • 🔀 Proxy ForwardAuth Domains
  • 📧 User Registration and Invitations
  • 🔑 Passkey Support
  • 🔐 Secure Password Reset with Email Verification
  • 🎨 Custom Branding Options

Screenshot of the login portal:

    • notquitenothing@sh.itjust.worksOPEnglish
      2·
      14 hours ago

      VoidAuth is simpler to setup/use than Authentik for sure, but of course Authentik has more features. They both support proxy-auth, OIDC, and have user management UIs so in that way they are similar. I like VoidAuth for its simplicity but you can always run both and decide, if you have any questions about setup I will try to answer!

      • camr_on@lemmy.worldEnglish
        3·
        14 hours ago

        I’ll definitely check it out today - I found the authentik learning curve to be surprisingly difficult. All I need is a basic set up for getting my friends and family into audiobookshelf, immich, etc, so this may be a welcome improvement

        • MysteriousSophon21@lemmy.worldEnglish
          3·
          6 hours ago

          If you’re setting this up for audiobookshelf, you might wanna check out the Soundleaf app for iOS - it’s been a game changer for me with my self-hosted audiobookshelf server.

  • corsicanguppy@lemmy.caEnglish
    111·
    2 days ago

    This thing looks great but it has layers of supply-chain sploit risk. Make sure you’re really secure before trying it – and if you’re (otherwise) iso27002 compliant, give it a pass.

    • notquitenothing@sh.itjust.worksOPEnglish
      122·
      2 days ago

      I would not recommend using VoidAuth to anyone who needs to be any kind of security compliant. I am not a security professional and am using packages for the OIDC and other security heavy-lifting. I can recommend VoidAuth for those just looking for a simple but good looking auth app for securing their own selfhosted apps and resources.

    • nelson@lemmy.worldEnglish
      71·
      2 days ago

      I’m trying to wrap my head around your comment to understand. What exactly do you mean by supply chain sploit risk?

      The tool is using 3rd party libraries and those libraries could be used to introduce vulnerabilities in the app?

      • lime_red@lemmy.worldEnglish
        5·
        1 day ago

        This is the correct read.

        This is also the same as any other software package in existence. In fact, if someone claimed to not use any libraries, I’d be taking a close look at that too.

        The key difference is if you’re a paying a company for support and certification of the product as delivered, you can yell at them about it. If you’re using a free product with no support, you can yell at yourself.