Arrow left and right: switch to the adjacent tool in the overview. Arrow up and down scroll the page.

Pocket ID

Pocket ID

Self-hosted OIDC provider for passwordless Passkey authentication

Visit Website
Hearts Heat (0–100)
8,295 Stars BSD-2-Clause v2.10.0 Jul 10, 2026 Since Aug 2024 95 open issues

AI Summary

Pocket ID is a self-hosted OpenID Connect provider that relies exclusively on passwordless authentication with Passkeys. The tool offers LDAP integration, fine-grained group access, REST API and comprehensive audit logs for secure user authentication in your own services.

Screenshot of Pocket ID website

Pros

  • + Exclusively passwordless authentication with Passkeys for maximum security
  • + Self-hosted with full control over authentication data and infrastructure
  • + LDAP integration, REST API and granular group access control

Cons

  • Requires own hosting infrastructure and technical know-how for operation
  • No support for traditional password-based authentication as fallback

Use Cases

  • Implementation of secure passwordless login for web applications and services
  • Integration of LDAP user management with modern Passkey authentication
  • Central authentication solution for multiple internal enterprise applications
  • Self-hosted alternative to commercial identity providers for privacy-conscious organizations

Who is it for?

Developers and IT teams who need a self-hosted, secure OIDC authentication solution with Passkey support for their applications.

Tags

What is Pocket ID?

Pocket ID is a self-hosted OpenID Connect provider that removes passwords from the authentication process entirely. Users sign in exclusively via passkey. This is not an optional add-on; it is the only method Pocket ID supports. That gives the tool a clear profile: it is aimed at teams that want to deliberately eliminate traditional password mechanisms and prefer running their own infrastructure to do so.

Core features

  • Passkey-only authentication: Pocket ID supports exclusively passwordless sign-in via passkey. There is no password fallback.
  • OpenID Connect: The tool implements the OIDC standard and can be integrated into any application that speaks this protocol.
  • LDAP integration: Existing directory services can be connected, so user management does not have to be built from scratch.
  • Granular group access control: Access rights can be configured at group level, enabling the operation of multiple applications with different permission structures.
  • REST API: All administrative operations are accessible via an API, making automation and integration into existing workflows straightforward.
  • Audit logs: All authentication events are logged, ensuring traceability in production.

Who is Pocket ID for?

Pocket ID makes sense for developers and IT teams who want to secure multiple internal applications through a central identity provider without handing authentication data to third parties. The LDAP integration makes the tool particularly relevant for environments where a directory service already exists. Anyone who needs password authentication as a fallback option (for example because end devices do not support passkeys) will find Pocket ID a poor fit. Running it requires a dedicated hosting environment. Without experience with containers or server infrastructure, setup becomes a serious obstacle.

Context & alternatives

Pocket ID belongs to the category of self-hosted identity providers. Those looking for a comparable approach with broader protocol support and deeper configuration options will find that in Keycloak or Authentik. Both also support passwords, and bring corresponding complexity with them. Pocket ID's strength lies in deliberate reduction: a single authentication method, no password handling, a smaller attack surface. For those who want exactly that and can manage the infrastructure themselves, this is a tightly focused solution.

Related Tools

Meooow! Want tool tips by email?

Yes, please!