Below is a list of libraries, products, and tools implementing current OpenID specifications and related specs. While several of these implementations have been tested, they are maintained by members of the OpenID community or vendors and are not necessarily known to work. Please review the documentation and test your own implementation thoroughly before releasing to the public.
To discuss these implementations, please consider joining the code@openid.net mailing list. To participate in interop testing, also join the openid-connect-interop@googlegroups.com mailing list.
Table of Contents
OpenID Connect 1.0
OpenID Connect is an interoperable authentication protocol based on the OAuth 2.0 family of specifications. It uses straightforward REST/JSON message flows with a design goal of “making simple things simple and complicated things possible”. It’s uniquely easy for developers to integrate, compared to any preceding Identity protocol.
C
Apache mod_auth_openidc
- Apache Relying Party module for OpenID Connect
- License: Apache 2.0
- Relying Party: Yes
- Identity Provider: No
- Target Environment: Apache Web Server
C#
Thinktecture.IdentityServer.v3
- Thinktecture.IdentityServer.v3 for OpenID Connect
- License: BSD3
- Relying Party: No
- Identity Provider: Yes
- Target Environment: OWIN/Katana
Java
Nimbus OAuth 2.0 SDK with OpenID Connect extensions
- Nimbus OAuth 2.0 SDK with OpenID Connect extensions
- License: Apache 2.0
- Relying Party: Yes
- Identity Provider: Yes
MITREid Connect
- MITREid Connect is a Java implementation of OpenID Connect, developed by Mitre Corporation and maintained by MIT-KIT.
- License: Apache 2.0
- Relying Party: Yes
- Identity Provider: Yes
- Target Environment: Spring Framework
Google OAuth Client Library for Java
- Written by Google, this library is a powerful and easy to use Java client library for the OAuth 2 and OAuth 1.0a standards for authorization. It is built on the Google HTTP Client Library for Java.
- License:
- Relying Party: Yes
- Identity Provider: No
OX OpenID Connect Platform
- OX OpenID Connect Platform is a Java implementation of OpenID Connect, developed by Gluu.
- License: MIT
- Relying Party: No
- Identity Provider: Yes
Keycloak
- Keycloak integrated SSO for browser apps and RESTful web services
- License:
- Relying Party:
- Identity Provider:
Apache Oltu
- Apache Oltu is an OAuth protocol implementation in Java. It also covers others “OAuth family” related implementations such as JWT, JWS and OpenID Connect.
- License: Apache 2.0
- Relying Party: Yes
- Identity Provider: Yes
- Target Environment: Apache
PHP
phpOIDC
- phpOIDC is a PHP implementation of OpenID Connect, developed by Nomura Research Institute. It also includes the JWT, JWS, and JWE support.
- License: Apache 2.0
- Relying Party: Yes
- Identity Provider: Yes
- Target Environment: Apache, nginx
oauth2-server-php
- A library for implementing an OAuth2 Server in PHP. Has been extended to support OpenID Connect identity provider functionality.
- License: MIT License
- Relying Party: No
- Identity Provider: Yes
- Target Environment: PHP
Drupal OpenID Connect Plugin
- Authentication to Drupal with OpenID Connect
- License: GPL, version 2
- Relying Party: Yes
- Identity Provider: No
- Target Environment: Drupal
Python
pyoidc
- pyoidc was developed as a test harness for OpenID Connect. Developed by Roland Hedberg.
- License: Apache 2.0
- Relying Party: Yes
- Identity Provider: Yes
Ruby
Ruby OpenID Connect
- Ruby OpenID Connect is a ruby gem that implemented OpenID Connect server and client, developed by Nov Matake.
- License: MIT
- Relying Party: Yes
- Identity Provider: Yes
Products
Auth0
- Auth0 (cloud and non-cloud) version includes OpenID Connect Identity Provider support
- License: Commercial
- Relying Party: No
- Identity Provider: Yes
Azure Active Directory
- Microsoft Azure Active Directory includes OpenID Connect identity provider support.
- License: Commercial
- Relying Party: No
- Identity Provider: Yes
OpenAM (Open Access Manager)
- ForgeRock OpenAM is the all-in-one, highly scalable access management solution that supports OpenID Connect Identity Provider and Relying Party.
- License: Commercial (Binary); Open Source (CDDL)
- Relying Party: Yes
- Identity Provider: Yes
OpenIG (Open Identity Gateway)
- ForgeRock OpenIG is an application and API gateway that leverages SAML 2.0, OpenAM SSO, OAuth 2.0 and OpenID Connect. It supports OpenID Connect Relying Party.
- License: Commercial (Binary); Open Source (CDDL)
- Relying Party: Yes
- Identity Provider: No
PingFederate
- Ping Identity’s PingFederate includes OpenID Connect identity provider support.
- License: Commercial
- Relying Party: No
- Identity Provider: Yes
Uni-iD
- NRI Uni-iD includes OpenID Connect identity provider and relying party support.
- License: Commercial
- Relying Party: Yes
- Identity Provider: Yes
WSO2 Identity Server
- WSO2 Identity Server includes identity provider and sample relying party support.
- License: Apache 2.0
- Relying Party: Yes
- Identity Provider: Yes
JWT/JWS/JWE/JWK/JWA Implementations
OpenID Connect uses the JSON Web Token (JWT) and JSON Object Signing and Encryption (JOSE) specifications. Libraries implementing JWTs and the JOSE specs JWS, JWE, JWK, and JWA are listed here.
C#
JsonWebToken DelegatingHandler for ASP.NET WebAPI
- description:
- License: MIT
- Supports: JWS, JWT
- Target Environment: ASP.NET WebAPI
JSON Web Token Handler For the Microsoft .Net Framework 4.5
- This package provides an assembly containing classes which extend the .NET Framework 4.5 with the necessary logic to process the JSON Web Token (JWT) format.
- License: Microsoft Software License
- Supports: JWS, JWT
- Target Environment: .Net Framework 4.5
JWT (JSON Web Token) implementation for .NET 3.5+
- This library supports generating and decoding JSON Web Tokens.
- License: Creative Commons Public Domain 1.0
- Supports: JWS, JWT
- Target Environment: .Net Framework 3.5+
Microsoft.Owin.Security.Jwt
- Middleware that enables an application to protect and validate JSON Web Tokens.
- License: Microsoft Software License
- Supports: JWS, JWT
- Target Environment: OWIN
OWIN Authentication Middleware for Auth0 JWT Bearer Token
- License:
- Supports: JWS, JWT
- Target Environment: OWIN
Java
jose4j
- The jose.4.j library is an Apache 2 licensed open source implementation of JOSE (which can be used for JWT) in Java. Developed by Brian Campbell.
- License: Apache 2.0
- Supports: JWS, JWE, JWK.
- Target Environment: Java 7 or 8
Nimbus JOSE+JWT
- Nimbus JOSE+JWT is an open source (Apache 2.0) Java library that implements the Javascript Object Signing and Encryption (JOSE) spec suite and the closely related JSON Web Token (JWT) spec. Developed by Nimbus Directory Service.
- License: Apache 2.0
- Supports: JWS, JWE, JWT
- Target Environment:
Java JWT
- a simple project to decode JSON Web Tokens in Java
- License:
- Supports: JWS, JWT
- Target Environment:
Resteasy
- description:
- License:
- Supports:
- Target Environment: JBOSS
Apache Oltu – JOSE
- Apache Oltu is an OAuth protocol implementation in Java. It also covers others “OAuth family” related implementations such as JWT, JWS and OpenID Connect.
- License: Apache 2.0
- Supports: JWS, JWT
- Target Environment: Apache
Javascript
jsjws
- The ‘jsjws'(JSON Web Signature JavaScript Library) is a pure open source free JavaScript implementation of JWS. Furthermore, ‘jsjws’ provides JSON Web Signature JSON Serialization (JWS-JS) which is a kind of parallel or independent signature format by multiple signers. Created by Kenji Urushima (@kjur)
- License: MIT
- Supports: JWS, JWS-JS
- Target Environment: generic
node-jsonwebtoken
- node-jsonwebtoken is a JWS library for node.js.
- License: MIT
- Supports: JWS, JWT
- Target Environment: node.js
Ruby
PHP
phpOIDC
- phpOIDC is a PHP implementation of OpenID Connect, developed by Nomura Research Institute. It also includes the JWT, JWS, and JWE support.
- License: Apache 2.0
- Relying Party: Yes
- Identity Provider: Yes
- Target Environment: Apache, nginx
Python
Tools
http://jwt.io/ JWT debugger
- Description: Interactive JWT debugger
json-web-key-generator
- Description: a command-line Java app to generate JWKs and JWK sets
Obsolete Specifications
Libraries for Obsolete Specifications, such as OpenID 2.0, are listed separately.