Logo
Deploy Now

Stars

1973

Forks

210

Watchers

16

Developer links

Authorizer

Your users belong in your own database - Authorizer, an open-source authentication and authorization server shipping as a single Go binary, keeps them there. It connects to 13+ backends - PostgreSQL, MySQL, SQLite, SQL Server, MariaDB, MongoDB, Cassandra, ScyllaDB, ArangoDB, DynamoDB, Couchbase, YugabyteDB, PlanetScale, and CockroachDB - so identity data lives beside the application it protects instead of in an auth vendor's cloud. The server is fully OAuth 2.0 and OpenID Connect compliant, including authorization code flow with PKCE, a JWKS endpoint, token revocation, and nine JWT signing algorithms. Login options cover email/password, magic links, TOTP multi-factor, SMS OTP via Twilio, and social providers including Google, GitHub, Apple, Microsoft, and Discord. Authorization goes beyond roles: an embedded OpenFGA engine provides Zanzibar-style relationship-based permission checks in process. APIs are exposed over GraphQL, REST, and gRPC, with SDKs for JavaScript, React, Go, and Python, plus themeable built-in login pages and an admin dashboard. Apache 2.0 licensed.

Authorizer

Benefits

  • No Per-User Auth Pricing
  • Hosted identity providers bill by monthly active users, which punishes growth. Authorizer serves unlimited users for the fixed cost of the container it runs in.
  • Identity Data Stays in Your Database
  • Users live in the PostgreSQL, MySQL, or MongoDB instance you already operate - no data silo at a third-party IdP, simpler compliance, and direct SQL access to your own user table.
  • Standards Mean No Lock-In
  • Full OAuth 2.0 and OIDC compliance with PKCE, JWKS, and standard endpoints lets any compliant client integrate, and migrating away later is a protocol swap, not a rewrite.
  • Auth and Authorization in One Process
  • The embedded OpenFGA engine answers relationship-based permission checks in process, so you get Zanzibar-style fine-grained access control without deploying a second service.

Features

  • Complete Login Toolkit
  • Email/password with verification and password reset, magic links, TOTP MFA, SMS OTP, and 10+ social providers including Google, GitHub, Apple, and Microsoft.
  • OAuth 2.0 / OIDC Compliance
  • Authorization code with PKCE, implicit flows, JWKS endpoint, token revocation, and nine JWT signing algorithms with custom claims via JavaScript.
  • 13+ Database Backends
  • SQL, NoSQL, and cloud databases from PostgreSQL and SQLite to MongoDB, Cassandra, and DynamoDB - users stored where your app already lives.
  • Fine-Grained Authorization
  • Role-based access control plus an embedded OpenFGA engine exposing check_permissions and list_permissions for relationship-based rules.
  • Three API Surfaces and SDKs
  • GraphQL, REST, and gRPC APIs with official SDKs for JavaScript/TypeScript, React, Go, and Python, including pre-built login and MFA components.
  • Built-In UI and Admin Panel
  • Themeable hosted login and signup pages out of the box, plus an admin dashboard for user management, roles, email templates, and webhooks.