233
GitHub - voidauth/voidauth: An Easy to Use and Self-Host Single Sign-On Provider ๐โโฌ๐
(github.com)
A new open-source Single Sign-On (SSO) provider designed to simplify user and access management.
Features:
- ๐โโ๏ธ User Management
- ๐ OpenID Connect (OIDC) Provider
- ๐ Proxy ForwardAuth Domains
- ๐ง User Registration and Invitations
- ๐ Passkey Support
- ๐ Secure Password Reset with Email Verification
- ๐จ Custom Branding Options
Screenshot of the login portal:
This thing looks great but it has layers of supply-chain sploit risk. Make sure you're really secure before trying it -- and if you're (otherwise) iso27002 compliant, give it a pass.
I would not recommend using VoidAuth to anyone who needs to be any kind of security compliant. I am not a security professional and am using packages for the OIDC and other security heavy-lifting. I can recommend VoidAuth for those just looking for a simple but good looking auth app for securing their own selfhosted apps and resources.
I'm trying to wrap my head around your comment to understand. What exactly do you mean by supply chain sploit risk?
The tool is using 3rd party libraries and those libraries could be used to introduce vulnerabilities in the app?
This is the correct read.
This is also the same as any other software package in existence. In fact, if someone claimed to not use any libraries, I'd be taking a close look at that too.
The key difference is if you're a paying a company for support and certification of the product as delivered, you can yell at them about it. If you're using a free product with no support, you can yell at yourself.