# Tinyauth - lightweight OIDC authentication server for self-hosted apps

> Tinyauth is a minimal OIDC authentication server for self-hosted setups that runs entirely from environment variables, with built-in OAuth and LDAP support.

Published: 2026-03-28
URL: https://daniliants.com/insights/tinyauth-lightweight-oidc-authentication-server-for-self-hosted-apps/
Tags: authentication, oidc, self-hosted, reverse-proxy, oauth, ldap, lightweight

---

## Summary

Tinyauth is a minimal OpenID Connect (OIDC) authentication and authorization server designed for self-hosted setups. It runs entirely from environment variables with no dashboard or config files, and supports OAuth providers and LDAP backends out of the box.

## Key Insight

- Targets the gap between "no auth" and "full Keycloak/Authentik deployment" for homelabbers and small self-hosted stacks
- Zero-config philosophy: environment variables only, no database, no admin UI - makes it trivially deployable as a sidecar or forward-auth middleware
- Supports OAuth (social login) and LDAP, meaning it can slot into existing directory setups without migration
- Being an OIDC provider itself, it can front any reverse proxy (Traefik, Caddy, nginx) that supports forward authentication
- Open source on GitHub with an active Discord community