tinyauth

Tinyauth is a small, self-hosted server that handles authentication and access control for your other services. It is written in Go and is designed to sit in front of your apps as a middleware layer, meaning visitors have to log in before they can reach whatever you have running behind it.

It works with the three most popular self-hosting proxy tools: Traefik, Nginx, and Caddy. When someone tries to reach one of your apps, the proxy checks with Tinyauth first to confirm the person is allowed in. Tinyauth supports several login methods, including OAuth (which lets users sign in via an existing provider like Google or GitHub), LDAP (used by organizations with a centralized directory of users), and local username-and-password accounts. Access controls let you restrict which users can reach which apps.

Tinyauth can also run as a standalone authentication server independent of a proxy. A Docker Compose example file in the repository shows a working setup with Traefik, a test app called Whoami, and Tinyauth together, which you can use to see how the pieces connect before building your own configuration.

The project is under active development and the README warns that configuration options may change between releases. Documentation and setup guides live at tinyauth.app. A demo is available at demo.tinyauth.app where you can test the login interface with a default username and password. The project has a Discord server for questions and conversation, and a Crowdin page for anyone who wants to help translate the interface into other languages. Tinyauth is licensed under the GNU General Public License v3.0, which requires that any modifications to the code also be released under the same license.