Boruta server - a lightweight Identity and Access Management solution

Still an ongoing work but yet OpenID certified I have been writing a standalone version on top of boruta | Hex that includes:

  • an OAuth 2.0/OpenID Connect certified authorization server
  • an identity provider with configurable backends
  • an administration interface
  • a light gateway that enables authorization

The source code is available at GitHub - malach-it/boruta-server: Lightweight Identity and Access Management solution

I am looking for production use cases to integrate this first beta release. If you have any need for an identity and access management solution, drop me a note to discuss the needs for such an integration.

The documentation is still a work in progress, do not hesitate to reach out if you have questions about how it does work or what is possible to do with the server.

All kinds of feedback will be very welcome!

Thank you for reading me so far, hope to see you around.


Hi @pknoth this sounds great. As you know I’ve already started integrating the boruta lib into Bonfire: GitHub - bonfire-networks/bonfire_open_id: Use OpenID and OAuth with your Bonfire identity or connect to Bonfire with an external identity and may want to also integrate these tools, in which case would it be possible to package the apps as libraries rather than a standalone umbrella project? (maybe keeping boruta-server as an example repo that wraps those libraries)

Hi @mayel,

I built a standalone version of boruta in order to open its usage beyond the Elixir community and enable any service to get the advantages of such a solution. I designed it to be evolutive to handle further needs and features, thinking of all the possible improvements in the authentication field, but also to have a wider implementation of OAuth/OpenID specifications.

That said, I think the idea to extract some of it to support the elixir package can be a good idea, I’ll keep that in mind knowing that it would bring more work and maintenance to be in a good shape.


I might be interested, will be in the market for an OAuth server soon. A question though, is there a reason why the main boruta project is on gitlab and this one on GitHub? Makes it a little difficult to browse


Hi again,

Few months ago, I recorded a loom presentation about the installation of the server. Here it is, with the hope it will help better understand how it works. Loom | Free Screen & Video Recording Software | Loom



Then I started to post on LinkedIn about boruta, publishing a video series about how the server works :heart:

The installation - linkedIn
Client management - linkedIn

More are to come.

Like it, share it, the more it is visible the best it is!

Thank you reading me


I’ve just started using Boruta to build a connection to Keycloak - it works very nicely. I will be sharing your Linkedin Posts :slight_smile: