Welcome to your open-source alternative to Auth0, where identity, access, and control meet freedom, flexibility, and developer-first design.
KeyCloak
Keycloak is a comprehensive open-source identity and access management solution.
It enables effortless single sign-on (SSO), centralized login/logout, and user federation with LDAP and Active Directory.
Its admin console offers powerful management capabilities while users get a self-service portal to manage their credentials.
It supports OAuth2, OpenID Connect, and SAML, and includes advanced features like fine-grained authorization, social login, and identity brokering.
With full extensibility and support for custom themes and providers, Keycloak adapts to complex enterprise needs.
Next Auth
Auth.js is a flexible, runtime-agnostic authentication library built for modern JavaScript and TypeScript environments.
It supports OAuth 2.0, email sign-ins, WebAuthn, LDAP, and more, with strong emphasis on data ownership and transparency.
Its modular design and support for session syncing, JWT encryption, and CSRF protection make it a secure foundation for authentication.
With TypeScript-first APIs and developer-friendly documentation, it enables fully custom auth flows without being tied to proprietary platforms.
Authentik
authentik is a self-hosted identity provider built for secure, scalable environments.
It supports OAuth2, OIDC, SAML2, LDAP, and RADIUS, allowing seamless integration across cloud-native and legacy systems.
You get full control over infrastructure, policies, and data, ideal for Zero Trust, internal access, and secure remote connections like RDP and SSH.
authentik also offers MFA, policy-based access, audit logging, and application proxying for older apps.
It's highly configurable through templates, APIs, and infrastructure-as-code tools like Terraform.
SuperTokens
SuperTokens is an open-source auth stack that simplifies session management and login flows.
It’s divided into three components: a frontend SDK for UI and tokens, a backend SDK for APIs, and a core service that handles logic and persistence.
Supports traditional login, social providers, passwordless login, and MFA.
With native support for microservices, multitenancy, and RBAC, it's optimized for flexibility and modern architectures.
SuperTokens is ideal for teams wanting control over auth while avoiding boilerplate.
Better Auth
Better Auth is a TypeScript-native authentication and authorization library that’s framework-agnostic.
It includes built-in support for social sign-ins, 2FA, multi-tenancy, secure sessions, and more.
A plugin ecosystem enables easy extension with features like audit logs and magic links.
Designed to eliminate the glue code and complexity found in most TS-based auth stacks, it helps developers focus on core logic, not auth scaffolding.
Ory
Ory Kratos is a headless, API-first identity system written in Go, tailored for cloud-native apps.
It supports all modern identity flows, sign-up, login, MFA, recovery, and verification, using OAuth2, OIDC, and more.
Kratos separates identity management logic from UI, giving you total control over user experience.
It scales from small projects to billions of users, and is backed by a massive open source community and the Ory Network.
Its design emphasizes security, scalability, and seamless integration with any frontend or backend.
Zitadel
ZITADEL delivers enterprise-grade identity management with built-in multi-tenancy.
It supports OIDC, OAuth2, and SAML, with login via passkeys, OTP, and external IdPs.
Organizations can manage their own users, roles, and branding while leveraging centralized audit trails and secure infra.
ZITADEL Actions let you inject custom logic into authentication workflows.
With hosted and self-hosted options, PostgreSQL compatibility, and zero-downtime upgrades, it's designed for operational excellence.
Logto
Logto combines developer-first design with a powerful multi-tenant identity engine.
From social login and Google One Tap to MFA and user impersonation, it provides feature-rich flows out of the box.
The Logto Console enables full customization and branding of the auth experience.
It supports modern protocols, machine-to-machine auth, SCIM provisioning, and more.
Logto aims to match Auth0 in capability while offering full open-source freedom and API-first integration.
Hanko
Hanko is a fully open-source authentication system designed for a passwordless future, with native support for passkeys, social login, and SAML-based SSO.
It's API-first, cloud-native, and lightweight, deployable on your own infra or via Hanko Cloud.
Using Hanko Elements (framework-agnostic web components), integration is fast and UX remains customizable.
It supports email/password, passkeys, MFA, OAuth2, SAML, remote session revocation, and more.
Built for developers, Hanko is modular and transparent, offering complete control and no vendor lock-in.
Stack Auth
Stack Auth is a developer-first open-source auth platform built to scale from side projects to full SaaS products.
It combines authentication, authorization, user management, multi-tenancy, and OAuth into one system.
Prebuilt React/Next.js UI components make onboarding fast, while a headless SDK offers full flexibility.
It supports passwordless login, session/token handling, team roles, impersonation, and external OAuth APIs.
With a managed service or self-hosting options, Stack Auth gives you total control, no hidden trade-offs, no lock-in.