FusionAuth uses Java to, but if you use Docker/kubernetes, you don't really have to think about it: https://fusionauth.io/docs/v1/tech/installation-guide/docker

And even if you don't, we install our own Java and manage it for you, so there's no Tomcat WAR file installation or anything like that.

Disclosure: I work for FusionAuth.

Maybe https://github.com/zitadel/zitadel could be an alternative to you.

Its written in Go, can be self-hosted or used from a cloud service.

It will also soon (end of May) provide SAML 2.0 support besides the current OpenID Connect and OAuth support.

Disclaimer: I am one of the authors ;-)

Does it/will it support Forward Auth style usage for plugging in with reverse proxies? Asking as a Caddy maintainer, I'm working on this right now and we've been working with Authelia to test it out, would be cool to get it working with another Go auth server! See https://github.com/caddyserver/caddy/pull/4739

Hi there

First and most importantly, thank you for maintaining such a cool project with caddy! I use it all the time as nginx alternative (even though of being an nginx fan in the past).

We do not directly support "forward auth" concepts. But what you could do is to use OpenID Connect to Authenticate the user prior of allowing traffic to flow to upstream services. That's more or less what the oauth2-proxy does as well.

The reason why we are not so fond of "forward auth" is that in many setups authentication needs to scale beyond on ingress and in that case it makes more sense to create a centralised session for a user with an identity system.

If you are intrigued to discuss this subject I would encourage you to join our discord https://zitadel.ch/chat

Make sure you get v2 on the HN front page!

Will do ;-)

We are currently evaluating self hosting supabase auth.

possibly https://www.ory.sh/

ORY is amazing, but it also requires significiant investment. It's a headless API (so you never have to touch OAuth/OIDC internals) for building your own IdP.