2 powerfull open source library for athentication and authorization

Authentication and authorization are two vital information security processes that administrators use to protect systems and information. Authentication verifies the identity of a user or service, and authorization determines their access rights.

Casbin and Cassdoor 2 powerfull open source application for athentication and authorization.

Casdoor

What is casbin used for?

Casbin is a powerful and efficient open-source access control library that supports various access control models for enforcing authorization across the board.

Enforcing a set of rules is as simple as listing down subjects, objects and the desired allowed action (or any other format as per your needs) in a policy file. This is synonymous across all flows Casbin is used in. The developer/administrator has the complete control over the layout, execution and conditions for authorization which is set via the model file. Casbin provides an Enforcer for validating an incoming request based on the policy and model files given to the Enforcer.

What is Casbin?

Casbin is an authorization library which can be used in flows where we want a certain object or entity to be accessed by a specific user or subject. The type of access i.e. action can be read, write, delete or any other action as set by the developer. This is how Casbin is most widely used and its called the "standard" or classic { subject, object, action } flow.

Casbin is capable of handling many complex authorization scenarios other than the standard flow. There can be addition of roles (RBAC), attributes (ABAC) etc.

suported languages

What Casbin does:

1. Enforce the policy in the classic { subject, object, action } form or a customized form as you defined. Both allow and deny authorizations are supported.
2. Handle the storage of the access control model and its policy.
3. Manage the role-user mappings and role-role mappings (aka role hierarchy in RBAC).
4. Support built-in superusers like root or administrator. A superuser can do anything without explicit permissions.
5. Multiple built-in operators to support the rule matching. For example, keyMatch can map a resource key /foo/bar to the pattern /foo*.

What Casbin does NOT do:

1. Authentication (aka verify username and password when a user logs in)
2. Manage the list of users or roles.

It’s more convenient for the project to manage their list of users, roles or passwords. Users usually have their passwords, and Casbin is not designed as a password container. However, Casbin stores the user-role mapping for the RBAC scenario.

Link for get start in all languages : https://casbin.org/docs/get-started

Supported Models

1. ACL (Access Control List)
2. ACL with superuser
3. ACL without users: especially useful for systems that don’t have authentication or user log-ins.
4. ACL without resources: some scenarios may target for a type of resources instead of an individual resource by using permissions like write-article, read-log. It doesn't control the access to a specific article or log.
5. RBAC (Role-Based Access Control)
6. RBAC with resource roles: both users and resources can have roles (or groups) at the same time.
7. RBAC with domains/tenants: users can have different role sets for different domains/tenants.
8. ABAC (Attribute-Based Access Control): syntax sugar like resource.Owner can be used to get the attribute for a resource.
9. RESTful: supports paths like /res/*, /res/:id and HTTP methods like GET, POST, PUT, DELETE.
10. Deny-override: both allow and deny authorizations are supported, deny overrides the allow.
11. Priority: the policy rules can be prioritized like firewall rules.

Casdoor

A UI-first Identity Access Management (IAM) / Single-Sign-On (SSO) platform supporting OAuth 2.0, OIDC, SAML and CAS, integrated with Casbin RBAC and ABAC permission management

Online demo

• Read-only site: https://door.casdoor.com (any modification operation will fail)
• Writable site: https://demo.casdoor.com (original data will be restored for every 5 minutes)

Casdoor features:

1. Front-end and back-end separate architecture, developed by Golang, Casdoor supports high concurrency, provides web-based managing UI and supports multiple languages(Chinese, English).
2. Casdoor supports third-party applications login, such as GitHub, Google, QQ, WeChat, etc., and supports the extension of third-party login with plugins.
3. With Casbin based authorization management, Casdoor supports ACL, RBAC, ABAC, RESTful accessing control models.
4. Phone verification code, email verification code and password retrieval functions.
5. Accessing logs auditing and recording.
6. Alibaba Cloud, Tencent Cloud, Qiniu Cloud image CDN cloud storage.
7. Customizable registration, login, and password retrieval pages.
8. Casdoor supports integration with existing systems by db sync, so users can transition to Casdoor smoothly.
9. Casdoor supports mainstream databases: MySQL, PostgreSQL, SQL Server, etc., and supports the extension of new databases with plugins.

Casdoor login page

You can use Casdoor docs for self hosted in own server : https://casdoor.org/docs/overview