Clerk
Auth0Key Features
-
Open Source & Web Standards
Built entirely on standard Web APIs with full source code access. -
Framework & Runtime Agnostic
Works with any JavaScript framework and runs in any JS runtime (Node.js, Serverless, Docker, etc.). -
Flexible Authentication
Supports OAuth 2.0+, OpenID Connect (OIDC), email/passwordless sign-in, and modern WebAuthn/passkey methods. -
Bring Your Own Database, or None
Stateless by design, but supports a wide range of databases: MySQL, Postgres, SQL Server, MongoDB, SQLite, GraphQL, and more. -
Secure by Default
Uses CSRF protection, encrypted JSON Web Tokens (JWE), restrictive cookie policies, and encourages best security practices. -
Advanced Configuration
Customize sign-in logic, session behavior, token encoding/decoding, and cookie policies. -
Built-in Provider Support
Comes with built-in support for many popular OAuth providers out of the box. -
Passwordless & Modern Auth Support
Promotes passkeys and passwordless mechanisms for enhanced user experience and security. -
Session Management
Includes tab/window syncing, session polling, and short-lived session strategies. -
TypeScript Friendly
Developed with type safety in mind for better DX and IDE support.
Authentication for the Web, Reimagined with Auth.js
Modern applications demand authentication systems that are secure, flexible, and built to scale. But just as importantly, developers and organizations are increasingly looking for tools that let them own their data and maintain full control over how authentication works in their environments.
Enter Auth.js, a modern, open-source authentication toolkit designed for the web. Whether you're building a server-rendered app, a serverless API, or a full-stack JavaScript application, Auth.js is built to fit seamlessly into your stack, with no vendor lock-in and complete transparency.
A Modern Foundation
Auth.js is composed of modular, open-source packages that rely on standard Web APIs. It’s built from the ground up to be runtime-agnostic, meaning you can run it in Docker containers, Node.js environments, edge runtimes, or traditional server infrastructure. It's designed to work with any JavaScript runtime and integrates easily with any framework or platform.
Whether you're using OAuth 2.0, OIDC, email-based authentication, or modern passwordless technologies like WebAuthn and passkeys, Auth.js has you covered. And if you're working in regulated environments with Active Directory or LDAP, or you're going completely stateless, that's no problem. Auth.js adapts to your setup, not the other way around.
Keep Control of Your Data
Unlike many proprietary authentication services, Auth.js is fully open source and built to give you full control over your data. Use it with or without a database. If you do need persistence, Auth.js supports a wide range of database systems, from MySQL and Postgres to MongoDB and even GraphQL backends. It also works smoothly with popular hosting providers, so you’re never limited by your infrastructure.
Security is baked in from the start. Auth.js promotes passwordless authentication methods and implements best practices recommended by the OWASP. That includes secure CSRF token handling, restrictive cookie policies, and encrypted JSON Web Tokens by default. If you use JWTs, they’re encrypted using JWE with the A256CBC-HS512 algorithm, secure enough for even the most demanding applications.
Sessions are kept fresh through tab/window syncing and polling mechanisms, supporting short-lived sessions for improved security. Want to define your own session validation strategy or encode/decode JWTs your way? Advanced configuration options make that possible.
Built with TypeScript, Designed for Developers
All Auth.js packages are written with TypeScript in mind, ensuring type safety and predictability. The developer experience is central to the project, and the documentation provides detailed guidance to help you get started and customize your authentication flow with confidence.
Auth.js isn't just another authentication library. It’s a flexible, open, and secure foundation that enables developers to build trustworthy auth systems without giving up control. With full support for modern identity protocols and a developer-first mindset, Auth.js gives you everything you need to implement robust authentication on the web, on your terms.
