SimpleAuth v1.0.0

The simplest way to add authentication to any app.

Single binary · 10MB · Zero dependencies · Full Kerberos SSO · Standard OIDC provider

What's New

OIDC is first-class — standard OpenID Connect provider with discovery, authorization code flow, token endpoint, userinfo
Auto-SSO — configurable countdown animation with cancel button
PostgreSQL support — migrate from BoltDB via Admin UI, switch backends with one click
Runtime settings — redirect URIs, CORS, password policy, rate limiting all manageable from Admin UI
Token revocation — access tokens can be revoked immediately (blacklist)
Linux SSO script — auto-configures krb5.conf + browser policies for all major browsers
Security hardened — timing-safe admin key, CSRF on login forms, rate limit bypass fix, open redirect fix
Branding guide aligned — consistent dark/light themes across all pages

Breaking Changes from v0.x

Default base path changed to /sauth (set AUTH_BASE_PATH="" for root)
Default access token TTL changed to 15 minutes (set AUTH_JWT_ACCESS_TTL=8h for old behavior)
Empty redirect URIs list now rejects all redirects (set AUTH_REDIRECT_URIS explicitly)
Trusted proxies default to trust none (set AUTH_TRUSTED_PROXIES if behind reverse proxy)
ClientID, ClientSecret, Realm removed from all SDKs

Docker

docker load -i simpleauth.tar
docker run -d -p 8080:8080 \
  -e AUTH_HOSTNAME=auth.example.com \
  -e AUTH_REDIRECT_URIS=https://myapp.example.com/callback \
  -v simpleauth-data:/data \
  simpleauth

Admin UI at https://<hostname>/sauth/admin

Assets 3