Tinyauth - lightweight OIDC authentication server for self-hosted apps

Summary

Tinyauth is a minimal OpenID Connect (OIDC) authentication and authorization server designed for self-hosted setups. It runs entirely from environment variables with no dashboard or config files, and supports OAuth providers and LDAP backends out of the box.

Key Insight

• Targets the gap between “no auth” and “full Keycloak/Authentik deployment” for homelabbers and small self-hosted stacks
• Zero-config philosophy: environment variables only, no database, no admin UI - makes it trivially deployable as a sidecar or forward-auth middleware
• Supports OAuth (social login) and LDAP, meaning it can slot into existing directory setups without migration
• Being an OIDC provider itself, it can front any reverse proxy (Traefik, Caddy, nginx) that supports forward authentication
• Open source on GitHub with an active Discord community