Libre OpenID Connect Provider

Name Last Update
aiakos Loading commit data...
django_extauth Loading commit data...
django_extstorage Loading commit data...
django_passwords Loading commit data...
django_profile_oidc Loading commit data...
githooks Loading commit data...
.dockerignore Loading commit data...
.editorconfig Loading commit data...
.gitignore Loading commit data...
.gitlab-ci.yml Loading commit data...
.isort.cfg Loading commit data...
.kateconfig Loading commit data...
Dockerfile Loading commit data...
LICENSE Loading commit data...
LICENSE.BSD Loading commit data... Loading commit data...
Procfile Loading commit data... Loading commit data...
aiakos.svg Loading commit data...
app.json Loading commit data... Loading commit data...
devdata.yaml Loading commit data... Loading commit data...
docker-compose.yml Loading commit data...
requirements.txt Loading commit data...
runtime.txt Loading commit data... Loading commit data... Loading commit data...

Aiakos - OpenID Connect Provider

Aiakos is an OpenID Connect server that supports both local and federated authentication. It's meant to be used as a single, centralized gateway to all your services, so that you can manage your users in a single place, they can benefit from Single Sign-On, and your apps don't need to worry about authentication.

Local auth

Users can log in using login and password.

Federated auth

Users can log in using external, standards-compliant OpenID Providers (like Google). Aiakos also supports some legacy (non-OIDC) OAuth2 servers, like GitHub and GitLab.

Two Factor Authentication

TODO We're going to support TOTP.


Currently, this repo contains multiple packages; they'll get split into multiple repos when the project matures.

Client libraries

Any standards-compliant OpenID Connect library may be used.

We also provide our own client libraries:

  • openid-connect (Python 2.7/3.x) - Low-level Python OIDC Client library + wrappers for legacy protocols
  • django-auth-oidc (Python 2.7/3.x) - Django authentication module for authentication using only a single OpenID Provider


The recommended way to deploy aiakos is to use the official docker container - aiakos/aiakos.

Deployment configuration

Deployment configuration should be provided by environment variables:

  • BASE_URL - base URL at which Aiakos will be available; you should use https scheme!
  • DJANGO_SECRET_KEY - random string
  • DATABASE_URL (required for stateful deployments) - postgres://user:password@hostname/dbname
  • USE_X_FORWARDED_PROTO (optional, default: 0) - set to 1 if deploying behind a reverse proxy
  • DEBUG (optional, default: 0) - set to 1 to display debug information; don't ever enable this on public deployments
  • BOOTSTRAP_THEME_URL (optional) - Bootstrap theme to use, you can find many free ones at
  • BOOTSTRAP_THEME_INTEGRITY (optional) - Integrity checksum of the Bootstrap theme
  • HOME_URL (optional) - URL to redirect to when a logged in user accesses /; by default he'll get redirected to the app list view


Use django-admin migrate to set up / update the database.

Initial user account

Use django-admin createsuperuser to create first user account.

TODO Automatically create root:root user account as a migration.

Deploying to Heroku

$ heroku create
$ git push heroku master

$ heroku run python -m aiakos migrate
$ heroku run python -m aiakos creatersakey
$ heroku run python -m aiakos createsuperuser
$ heroku open


OpenID Clients and external OpenID Providers can be configured in the Django admin panel - available at /admin.

Example client

You can find an example client in the example-client-django repo.


Please set up a git hook that'll automatically enforce project's style:

git config core.hooksPath githooks/


Aiakos is dual-licenced; you may choose the terms of the MIT License or the BSD 2-Clause License.