Let me know how it goes! If you have any trouble getting it set up I can try to help as well. I am working on NGINX and NGINX Proxy Manager documentation right now, maybe I will do Traefik afterwards.

I think I got it figured out 🙂 If you want to test it, you can swap your voidauth version to :edge from :latest. I wouldn’t recommend keeping it that way (‘edge’ is for testing the latest stuff), but if you get a chance to set it up let me know how it goes

Actually, you know what? I am going to take another crack at it 😅 Tracking progress here: https://github.com/voidauth/voidauth/issues/115

Unfortunately I have not been able to get that to work 😞 I did look into it, but there is quite a lot of redirecting going on during the OIDC flows and it was a real pain to try to get it all sorted. For now you will have to use a subdomain, like https://voidauth.example.com/

I have never used Smallstep, but based on the documentation it looks like a native+id_token client. If you can get an error message or debug trace, you can sent it to me or open a GitHub issue and I will take a look at it 🙂

😹 Let me know how it goes! If you have any trouble setting it up feel free to ping me, or open an issue on GitHub

Pretty much as answered already, passkeys (sometimes branded like FaceID or Windows Hello but it is an open spec) are an alternative to passwords. Your public key that identifies your user is stored in VoidAuth and your private key is stored on your device. Some password managers support syncing passkeys, so you don’t have to set up a new passkey on every device.

The advantage over passwords is that they are domain and device specific, so are much harder to be leaked from the client side. VoidAuth (or other services) should only be storing your public key so a leak on the server side would not allow someone to log in as you.

Thank you!

You can try VoidAuth, it is kinda similar to Authelia+lldap. I am the developer and I created it because I wasn’t satisfied with Authelia’s user management. If you decide you want to try it and run into any issues or questions I will try to help :)

I don’t think you could do that directly in the Caddyfile, but you can create those groups/policies inside VoidAuth and assign them to users there.

The steps would be to (in VoidAuth) create the access group/policy, create the ProxyAuth Domain (protected.example.com/*) with the allowed group(s), make sure the user(s) have that group, then in Caddy add the forward_auth directive to the same route you want to protect.

Then when you go to access that route in a browser it will redirect you to VoidAuth login, or if you pass an Authentication header with Basic Auth (like when using an API) it will use that.

Developer of VoidAuth here, you could give that a try! If you have any issues or questions I can help :) VoidAuth

It does support basic_auth to ProxyAuth protected domains, so you can set up a user for that purpose. Docs for that are here: ProxyAuth

VoidAuth is simpler to setup/use than Authentik for sure, but of course Authentik has more features. They both support proxy-auth, OIDC, and have user management UIs so in that way they are similar. I like VoidAuth for its simplicity but you can always run both and decide, if you have any questions about setup I will try to answer!

I have never used nforwardauth, but it looks like it offers a subset of the functionality of VoidAuth. Both support proxy-auth, but VoidAuth has user management features and also supports OIDC, passkeys, etc. I think nforwardauth looks like a great project, you can always setup VoidAuth alongside and try it out!

I would not recommend using VoidAuth to anyone who needs to be any kind of security compliant. I am not a security professional and am using packages for the OIDC and other security heavy-lifting. I can recommend VoidAuth for those just looking for a simple but good looking auth app for securing their own selfhosted apps and resources.

My previous setup was with Authelia and lldap, and VoidAuth is heavily inspired by a combination of both. I think the advantages VoidAuth has are simple user management, supporting user registration/invitation, more branding customization, and a better end-user UI (imo).

There are other great selfhosted auth solutions such as Authelia and lldap, and also Authentik, Keycloak, pocket-id, and Rauthy. I would encourage anyone looking for a selfhosted auth solution to shop around!

Let me know how it goes!

While I haven’t spun up Keycloak myself, I think VoidAuth would supply some similar functionality. Ideally the features of Keycloak that you are likely to need but easier to setup and use!