Authorization library that supports access control models like ACL, RBAC, and ABAC.

A full featured implementation of JSON Web Tokens (JWT). This library supports the parsing and verification as well as the generation and signing of JWTs.

provides a simple, clean, and idiomatic way to use OAuth and OAuth2. Handles multiple providers out of the box.

Successor of goauth2. Generic OAuth 2.0 package that comes with JWT, Google APIs, Compute Engine, and App Engine support.

Open Source (Go) implementation of "Zanzibar: Google's Consistent, Global Authorization System". Ships gRPC, REST APIs, newSQL, and an easy and granular permission language. Supports ACL, RBAC, and other access models.

Modular authentication system for the web. It tries to remove as much boilerplate and "hard things" as possible so that each time you start a new web project in Go, you can plug it in, configure it, and start building your app without having to build an authentication system each time.

Implementation of fine-grained authorization based on the "Zanzibar: Google's Consistent, Global Authorization System" paper. Backed by CNCF.

Session Manager for HTTP servers.

Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies

JWT login microservice with pluggable backends such as OAuth2 (Github), htpasswd, osiam.

Golang OAuth2 server library.

chainable handlers for login with OAuth1 and OAuth2 authentication providers.

provides a lightweight role-based access control (RBAC) implementation in Golang.

Easy to use OpenID Connect client and server library written for Go and certified by the OpenID Foundation

Golang implementation of Platform-Agnostic Security Tokens (PASETO).

Safe, simple, and fast JSON Web Tokens for Go.

Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication that supports LDAP, Basic, Bearer token, and Certificate based authentication.

Library for keeping track of users, login states, and permissions. Uses secure cookies and bcrypt.

Lightweight JSON Web Token (JWT) library.

Fairly complete implementation of the JOSE working group's JSON Web Token, JSON Web Signatures, and JSON Web Encryption specs.

Simple, flexible, secure, and idiomatic web session management with pluggable backends.

This is quick session for net/http in GoLang. This package is perhaps the best implementation of the session mechanism, or at least it tries to become one.

JWT middleware for Golang http servers with many configuration options.

Library to generate TOTP/HOTP codes.

An open-source authentication and authorization server supporting OAuth2 and OpenID Connect.

Simple, yet effective HTTP session management and identification package.

Simple jwt generator and parser.

Go session management for web servers (including support for Google App Engine - GAE).

branca token specification implementation for Golang 1.15+.

Efficient secure cookie encoding/decoding.

Dead simple, highly performant, highly customizable sessions service for go http servers.

Time-Based One-Time Password (TOTP) and HMAC-Based One-Time Password (HOTP) library for Go.

Easily Manage OAuth2 Scopes In Go.

provides a parser of cookies.txt file format.