Open Source Alternatives LogoOpen Source Alternatives
AlternativesBlogAdvertise
Open Source Alternatives LogoOpen Source Alternatives

Stay Updated

Subscribe to our newsletter for the latest news and updates about Alternatives

Open Source Alternatives LogoOpen Source Alternatives

Handpicked Open Source Alternatives to Paid Softwares

Product
  • Search
  • Categories
  • Tag
  • Sign In
Resources
  • Blog
  • Collection
  • Submit
  • Advertise your tool
Company
  • Privacy Policy
  • Terms of Service
  • Refund Policy
  • Sitemap
Copyright © 2026 All Rights Reserved.
Home/Categories/Security & Monitoring/Oso Cloud
icon of Oso Cloud

Oso Cloud

Open source alternative to PlainID, Cerbos and Auth0

Oso Cloud is an open source authorization library and service for adding RBAC, ABAC, and relationship-based access control to any application. A developer-first alternative to Permit.io; Apache-2.0 licensed.

3.5K stars
Rust
Apache-2.0
Visit websiteGitHub repo
image of Oso Cloud
Contents
  1. 01Who Oso Cloud is for
  2. 02The problem it solves
  3. 03How it solves it
  4. 04Strengths and trade-offs
  5. 05Tech stack
  6. 06FAQ
  7. 07Similar open-source tools
TL;DR

Oso Cloud is an authorization platform built around Oso's policy model for teams implementing RBAC, relationship-based permissions, and authorization checks across services. It replaces custom authorization logic or managed permission platforms for developers who want code-defined policy concepts, language SDKs, and a focused authorization layer. The legacy open source library is deprecated, so buyers should review the current open source roadmap before adopting.Apache-2.0 · Rust · 3.5K stars

who it's for

Who Oso Cloud is for#

SaaS teams centralizing permissions

Use Oso Cloud when RBAC, relationship permissions, and resource checks need one policy model across services.

Skip if:

You need a fully self-hosted, actively maintained open source authorization server today.

Developers testing authorization logic

Use Oso when permissions should be unit tested and debugged through a single interface.

Skip if:

Your app has only a few static admin checks.

Polyglot teams sharing policy concepts

Use Oso when Node, Python, Go, Ruby, Rust, or Java services need consistent authorization semantics.

tech stack · detected from GitHub

What it's built on#

Languages
GoJavaPythonRubyRustTypeScript
Databases
SQLite
Tooling
esbuildWebpack
frequently asked

FAQ#

What is Oso used for?
Is the Oso open source library still active?
Which languages does Oso support?
also worth a look

Similar open-source tools#

Warrant

Warrant

Add RBAC, ABAC, and ReBAC to any app via API and SDK

17GoMIT

Repository

Stars
3.5K
Forks
191
License
Apache-2.0
Latest
v0.27.1
Last commit
460 days ago
Last verified
May 13, 2026
Repo
osohq/oso ↗

Additional details

Language
Rust
Open issues
119
Contributors
68
First release
2020

Categories

Security & MonitoringAPIs & IntegrationDeveloper Tools

Tags

AuthorizationSecurityDeveloper ToolsAPI InfrastructureAuthenticationOpen CoreCloud Native

Skip if:

Your organization requires all authorization to live inside one identity provider dashboard.

the problem

The problem it solves#

Authorization grows from a few role checks into a cross-service policy problem. Teams need to answer who can do what on which resource, filter collections by access, and test permissions before deployment. If those checks live throughout application code, every new enterprise requirement becomes a risky refactor and a security audit burden.

how Oso Cloud solves it

How it solves it#

Authorization modeling primitives

Oso supports common patterns such as RBAC and relationship-based access through built-in primitives and the Polar policy language.

Collection filtering support

Oso handles authorization beyond yes or no decisions, including filtering records to only those a user can see.

Policy testing workflow

Oso provides a single authorization interface that teams can unit test, debug, and reason about separately from scattered application checks.

Multiple language libraries

Node.js, Python, Go, Rust, Ruby, and Java libraries help teams apply the same authorization model across a polyglot stack.

strengths · trade-offs

Strengths and trade-offs#

Strengths

  • Focused authorization layerOso is useful when teams want authorization logic modeled explicitly instead of hidden inside controllers and database queries.
  • Good fit for service authorization questionsOso Cloud's positioning around `oso.authorize(user, action, resource)` makes the core integration pattern easy to understand.
  • Language breadthMultiple SDKs help teams apply the same authorization model across a polyglot stack.

Trade-offs

  • -Legacy library is deprecatedThe legacy Oso open source library is deprecated, though not end-of-lifed. Teams that need a fully self-hosted authorization layer should verify Oso's current open source roadmap before adopting.
  • -Cloud product changes the ownership modelOso Cloud may be easier than self-hosted policy infrastructure, but teams seeking fully self-hosted authorization should verify current open source options.

Oso supports Node.js, Python, Go, Rust, Ruby, and Java libraries.

Logto

Logto

Multi-tenant auth platform with SSO, RBAC, and social login

12KTypeScriptMPL-2.0
ZITADEL

ZITADEL

Open source identity platform with SSO, RBAC, and multi-tenancy

13.8KGoAGPL-3.0
Better Auth

Better Auth

Drop-in TypeScript auth with MFA, SSO, and multi-tenancy support

28.3KTypeScriptMIT
Cerbos

Cerbos

Move access control out of app code into testable YAML policies

4.4KGoApache-2.0
hysteria

hysteria

Fast and censorship-resistant proxy solution

21.2KGoMIT

Oso is used to model, test, and enforce application authorization policies such as roles, relationships, and resource permissions.

The legacy open source library is deprecated but not end-of-lifed, with support and critical bug fixes continuing.