Show HN: Security-first privacy-focused single-sign-on identity provider

Hi all, I am the author of HorcruxID, the security-first privacy-focused single-sign on (SSO) identity provider (IdP). I wanted to show the outcome of a project that started out more than five years ago. Nowadays there are multiple authentication platforms like Auth0, Okta, etc. which provide an extensive set of features even as a SaaS. This much I wanted to say before anyone says that &quot;don&#x27;t write your own half-baked insecure product&quot; :)<p>So what is horcruxid.com? It is OpenID Connect (OIDC) Identity Provider (IdP) that is secure and aims to preserve privacy. It is secure because secrets are either hashed or encrypted using industry standard cryptographic algorithms. Also, browser cookie data is encrypted. It is preserves privacy as personal data and links in the database are encrypted, and <i>no</i> personal data is exposed in the web UI. This means that you can change your data but you, or anyone else, can&#x27;t read it. What is visible is the logs of recent logins and logouts.<p>You can check it out at: <a href="https:&#x2F;&#x2F;fe.horcruxid.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;fe.horcruxid.com&#x2F;</a> (UI) <a href="https:&#x2F;&#x2F;fe.horcruxid.com&#x2F;identity" rel="nofollow">https:&#x2F;&#x2F;fe.horcruxid.com&#x2F;identity</a> (user &quot;account&quot; without login) <a href="https:&#x2F;&#x2F;fe.horcruxid.com&#x2F;integration-demo" rel="nofollow">https:&#x2F;&#x2F;fe.horcruxid.com&#x2F;integration-demo</a> (requires to have a MFA mobile app)<p>Capabilities:<p><pre><code> End-user identity (ID) creation, and self-service management of the identity (full life-cycle) Optionally, customization with your company logo, name, and main colors. Single Sign-on (SSO) for either internal or external applications (same ID shared vs. the ID is secret but consistent) Single Logout (SLO) for either internal or external applications (same design as with SSO) </code></pre> The privacy-focused identity provider:<p><pre><code> Only user identity is managed: no user account or profile! Privacy-focused: personal data and links to them are encrypted. No personal data is exposed in the web UI either! Secure: secrets are hashed and personal data is encrypted in the database. Browser cookie data is encrypted too. Two-factor MFA (2FA) required before any operations Remember me supported and required: different operation model from many other implementations (SSO requires active session) Deployment options: on-premise (for multiple apps in one domain) or online (for individual apps in multple external domains On-premise deployment: user ID is known and shared between all domain apps, but only within the domain! Online deployment (internal): user ID is a consistent hash that is sent to third party app. Actual user ID remains a secret! Audit log: audit logs are collected and shown for users from their own identity management events Full life-cycle control: you can permanently delete your identity (but then it cannot be recovered anymore by any means) For integrators: OpenID Connect (OIDC) identity provider (IdP) Regulatory compliance: Integrated data protection regulation implementation (GDPR) when P&amp;P and TOS are written. </code></pre> Flows:<p><pre><code> Sign up (register) Sign in (create session and do self-service identity management) Sign out (destroy session) Sign off (unregister and delete identity permanently) Reset password (requires registered email address and user PIN) Reset PIN (requires reset secret aka. user mnemonic) Reset mnemonic (requires active session) Two-factor (2FA) Multi-Factor Authentication (MFA) for all flows Single Sign-on (OIDC SSO) for logging in from separate 3rd party applications Single Logout (OIDC SLO) for logging out from separate 3rd party applications</code></pre>