OpenAltFinder
Tinyauth

Tinyauth

The tiniest OpenID Certified self-hosted authentication and authorization server, with OAuth, OIDC, LDAP, 2FA, and Traefik/Nginx/Caddy middleware support.

Open source alternative to:

Tinyauth is a self-hosted authentication and authorization server written in Go with a small TypeScript frontend. It is OpenID Certified for Basic OP (since v5.1.0) and ships as a single small Go binary plus a minimal web UI, designed to be dropped in front of any self-hosted app that needs SSO.

It works in two modes: as a reverse-proxy middleware in front of Traefik, Nginx or Caddy (the most common deployment), or as a standalone OIDC/OAuth provider that other apps can federate to. Out of the box it supports username/password logins, OAuth providers, LDAP, and TOTP-based two-factor authentication, with per-app access controls, user allow-lists and per-domain rules. Tinyauth v5 is the first version to pass the OpenID Foundation conformance test suite, so it can act as a real OIDC identity provider for any OIDC-compliant client.

It's built for homelabs and self-hosters: the Go binary is small, the distroless Docker image is tiny, configuration is one .env file, and the project ships a working docker-compose example with Traefik. The web UI offers user management, app configuration, and OAuth setup. Tinyauth is licensed under AGPL-3.0 and is currently one of the most-starred self-hosted auth projects on GitHub.

Looking for contributors

This project is actively seeking help, join the community!

Visit Tinyauth
License
AGPL-3.0
Self hostable
Yes
Repository details
Version
v5.1.0
Created
1/19/2025
Stars
7,842
Forks
251
Open issues
35
Last commit
7/16/2026

Updated 7/16/2026, 6:00:44 AM

View Repository
Sponsor Tinyauth

Sponsor Tinyauth on GitHub Sponsors

https://github.com/sponsors/steveiliop56

Sponsor Tinyauth on Buy Me A Coffee

https://buymeacoffee.com/steveiliop56

Similar open source alternatives