Libraries, Products, and Tools


Below is a list of libraries, products, and tools implementing current OpenID specifications and related specs. While several of these implementations have been tested, they are maintained by members of the OpenID community or vendors and are not necessarily known to work. Please review the documentation and test your own implementation thoroughly before releasing to the public.

To discuss these implementations, please consider joining the code@openid.net mailing list. To participate in interop testing, also join the openid-connect-interop@googlegroups.com mailing list.

Table of Contents


OpenID Connect 1.0

OpenID Connect is an interoperable authentication protocol based on the OAuth 2.0 family of specifications. It uses straightforward REST/JSON message flows with a design goal of “making simple things simple and complicated things possible”. It’s uniquely easy for developers to integrate, compared to any preceding Identity protocol.

C

Apache mod_auth_openidc

  • Apache Relying Party module for OpenID Connect
  • License: Apache 2.0
  • Relying Party: Yes
  • Identity Provider: No
  • Target Environment: Apache Web Server

C#

Thinktecture.IdentityServer.v3

  • Thinktecture.IdentityServer.v3 for OpenID Connect
  • License: BSD3
  • Relying Party: No
  • Identity Provider: Yes
  • Target Environment: OWIN/Katana

Java

Nimbus OAuth 2.0 SDK with OpenID Connect extensions

  • Nimbus OAuth 2.0 SDK with OpenID Connect extensions
  • License: Apache 2.0
  • Relying Party: Yes
  • Identity Provider: Yes

MITREid Connect

  • MITREid Connect is a Java implementation of OpenID Connect, developed by Mitre Corporation and maintained by MIT-KIT.
  • License: Apache 2.0
  • Relying Party: Yes
  • Identity Provider: Yes
  • Target Environment: Spring Framework

Google OAuth Client Library for Java

  • Written by Google, this library is a powerful and easy to use Java client library for the OAuth 2 and OAuth 1.0a standards for authorization. It is built on the Google HTTP Client Library for Java.
  • License:
  • Relying Party: Yes
  • Identity Provider: No

OX OpenID Connect Platform

  • OX OpenID Connect Platform is a Java implementation of OpenID Connect, developed by Gluu.
  • License: MIT
  • Relying Party: No
  • Identity Provider: Yes

Keycloak

  • Keycloak integrated SSO for browser apps and RESTful web services
  • License:
  • Relying Party:
  • Identity Provider:

Apache Oltu

  • Apache Oltu is an OAuth protocol implementation in Java. It also covers others “OAuth family” related implementations such as JWT, JWS and OpenID Connect.
  • License: Apache 2.0
  • Relying Party: Yes
  • Identity Provider: Yes
  • Target Environment: Apache

PHP

phpOIDC

  • phpOIDC is a PHP implementation of OpenID Connect, developed by Nomura Research Institute. It also includes the JWT, JWS, and JWE support.
  • License: Apache 2.0
  • Relying Party: Yes
  • Identity Provider: Yes
  • Target Environment: Apache, nginx

oauth2-server-php

  • A library for implementing an OAuth2 Server in PHP. Has been extended to support OpenID Connect identity provider functionality.
  • License: MIT License
  • Relying Party: No
  • Identity Provider: Yes
  • Target Environment: PHP

Drupal OpenID Connect Plugin

  • Authentication to Drupal with OpenID Connect
  • License: GPL, version 2
  • Relying Party: Yes
  • Identity Provider: No
  • Target Environment: Drupal

Python

pyoidc

  • pyoidc was developed as a test harness for OpenID Connect. Developed by Roland Hedberg.
  • License: Apache 2.0
  • Relying Party: Yes
  • Identity Provider: Yes

Ruby

Ruby OpenID Connect

  • Ruby OpenID Connect is a ruby gem that implemented OpenID Connect server and client, developed by Nov Matake.
  • License: MIT
  • Relying Party: Yes
  • Identity Provider: Yes

Products

Auth0

  • Auth0 (cloud and non-cloud) version includes OpenID Connect Identity Provider support
  • License: Commercial
  • Relying Party: No
  • Identity Provider: Yes

Azure Active Directory

  • Microsoft Azure Active Directory includes OpenID Connect identity provider support.
  • License: Commercial
  • Relying Party: No
  • Identity Provider: Yes

PingFederate

  • Ping Identity’s PingFederate includes OpenID Connect identity provider support.
  • License: Commercial
  • Relying Party: No
  • Identity Provider: Yes

Uni-iD

  • NRI Uni-iD includes OpenID Connect identity provider and relying party support.
  • License: Commercial
  • Relying Party: Yes
  • Identity Provider: Yes

JWT/JWS/JWE/JWK/JWA Implementations

OpenID Connect uses the JSON Web Token (JWT) and JSON Object Signing and Encryption (JOSE) specifications. Libraries implementing JWTs and the JOSE specs JWS, JWE, JWK, and JWA are listed here.

 

C#

JsonWebToken DelegatingHandler for ASP.NET WebAPI

  • description:
  • License: MIT
  • Supports: JWS, JWT
  • Target Environment: ASP.NET WebAPI

JSON Web Token Handler For the Microsoft .Net Framework 4.5

  • This package provides an assembly containing classes which extend the .NET Framework 4.5 with the necessary logic to process the JSON Web Token (JWT) format.
  • License: Microsoft Software License
  • Supports: JWS, JWT
  • Target Environment: .Net Framework 4.5

JWT (JSON Web Token) implementation for .NET 3.5+

Microsoft.Owin.Security.Jwt

  • Middleware that enables an application to protect and validate JSON Web Tokens.
  • License: Microsoft Software License
  • Supports: JWS, JWT
  • Target Environment: OWIN

OWIN Authentication Middleware for Auth0 JWT Bearer Token

  • License:
  • Supports: JWS, JWT
  • Target Environment: OWIN

Java

jose4j

  • The jose.4.j library is an Apache 2 licensed open source implementation of JOSE (which can be used for JWT) in Java. Developed by Brian Campbell.
  • License: Apache 2.0
  • Supports: JWS, JWE, JWK.
  • Target Environment: Java 7 or 8

Nimbus JOSE+JWT

  • Nimbus JOSE+JWT is an open source (Apache 2.0) Java library that implements the Javascript Object Signing and Encryption (JOSE) spec suite and the closely related JSON Web Token (JWT) spec. Developed by Nimbus Directory Service.
  • License: Apache 2.0
  • Supports: JWS, JWE, JWT
  • Target Environment:

Java JWT

  • a simple project to decode JSON Web Tokens in Java
  • License:
  • Supports: JWS, JWT
  • Target Environment:

Resteasy

  • description:
  • License:
  • Supports:
  • Target Environment: JBOSS

Apache Oltu – JOSE

  • Apache Oltu is an OAuth protocol implementation in Java. It also covers others “OAuth family” related implementations such as JWT, JWS and OpenID Connect.
  • License: Apache 2.0
  • Supports: JWS, JWT
  • Target Environment: Apache

Javascript

jsjws

  • The ‘jsjws’(JSON Web Signature JavaScript Library) is a pure open source free JavaScript implementation of JWS. Furthermore, ‘jsjws’ provides JSON Web Signature JSON Serialization (JWS-JS) which is a kind of parallel or independent signature format by multiple signers. Created by Kenji Urushima (@kjur)
  • License: MIT
  • Supports: JWS, JWS-JS
  • Target Environment: generic

node-jsonwebtoken

  • node-jsonwebtoken is a JWS library for node.js.
  • License: MIT
  • Supports: JWS, JWT
  • Target Environment: node.js

Ruby

PHP

phpOIDC

  • phpOIDC is a PHP implementation of OpenID Connect, developed by Nomura Research Institute. It also includes the JWT, JWS, and JWE support.
  • License: Apache 2.0
  • Relying Party: Yes
  • Identity Provider: Yes
  • Target Environment: Apache, nginx

Python

Tools

http://jwt.io/ JWT debugger

  • Description: Interactive JWT debugger

json-web-key-generator

  • Description: a command-line Java app to generate JWKs and JWK sets

Obsolete Specifications

Libraries for Obsolete Specifications, such as OpenID 2.0, are listed separately.


Additions

Did we miss something? Drop us a note at the code@openid.net mailing list or the general@openid.net mailing list.