aicoolies logo

Authentication & Identity

Authentication libraries, identity providers, OAuth/OIDC solutions, and user management platforms for developers.

Showing 19 of 19 tools

Logto logo

Logto

Open-source auth infrastructure for modern apps

Logto is an open-source authentication and authorization platform built on OIDC and OAuth 2.1, serving as an alternative to Auth0, Cognito, and Firebase Auth. It provides pre-built sign-in flows with customizable UI, social login, Google One Tap, MFA, enterprise SSO via SAML, and role-based access control. SDKs cover 30+ frameworks including React, Next.js, Vue, Flutter, Go, and Python, with multi-tenancy support for SaaS applications.

freemiumOpen Source
Casdoor logo

Casdoor

Open-source IAM and SSO platform by Casbin

Casdoor is an open-source Identity and Access Management platform built by the Casbin community in Go and React. Supports OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, and MFA with a comprehensive web-based admin UI. Provides multi-tenant organization management, flexible RBAC and ABAC access control via Casbin models, and integrations with Google Workspace and Azure AD. Offers self-hosted deployment with optional managed cloud plans.

freemiumOpen Source

workers-oauth-provider

OAuth 2.1 provider framework for Cloudflare Workers

workers-oauth-provider is Cloudflare's official OAuth provider library for Workers. It implements the provider side of the OAuth 2.1 protocol with PKCE support and RFC 8414 compliance. Handles token management automatically via Cloudflare KV storage. Gives fullstack teams a path to implement OAuth at the edge without heavy auth servers. TypeScript-native with npm package available.

free
ZITADEL logo

ZITADEL

Open-source identity management with built-in multi-tenancy

ZITADEL is an open-source identity and access management platform that handles authentication, authorization, and user management for B2B and B2C applications. It supports OIDC, SAML, OAuth 2.0, Passkeys, MFA, and passwordless login out of the box. Built with multi-tenancy as a core feature, ZITADEL lets you manage multiple organizations with delegated admin access, custom branding, and isolated identity stores—all from a single deployment.

freemiumOpen Source
OpenFGA logo

OpenFGA

Fine-grained authorization engine by Okta

OpenFGA is an open-source authorization engine inspired by Google Zanzibar, built and maintained by Okta (Auth0). It provides relationship-based access control with a flexible modeling language, sub-millisecond permission checks, and SDKs for major languages. OpenFGA is used by companies including Grafana Labs, Canonical, and Docker for fine-grained access control in multi-tenant applications.

open-sourceOpen Source
SpiceDB logo

SpiceDB

Google Zanzibar-inspired authorization database

SpiceDB is an open-source authorization database inspired by Google's Zanzibar system, providing relationship-based access control (ReBAC) at scale. It defines permissions through a schema language that models relationships between users, resources, and roles, then evaluates authorization checks in single-digit milliseconds. Used by companies like Netflix and GitHub, SpiceDB handles millions of permission checks per second.

freemiumOpen Source
Descope logo

Descope

Drag-and-drop authentication flows with visual workflow builder

Descope is an authentication platform featuring a visual drag-and-drop flow builder for designing login and signup experiences. It supports passwordless authentication, social login, MFA, SAML SSO, and passkeys. Raised $53M Series A to build no-code identity workflows. SDKs for web, mobile, and backend with pre-built UI components that reduce auth implementation to minutes.

paid
FusionAuth logo

FusionAuth

Self-hosted customer identity management with no per-user pricing

FusionAuth is a customer identity and access management platform that can be self-hosted or cloud-deployed with no per-user fees. It supports OAuth2, OIDC, SAML, passwordless login, social providers, MFA, and advanced threat detection. Features a drag-and-drop theme builder for login page customization and supports multi-tenant application architectures with unlimited users on the community edition.

freemium
Kinde logo

Kinde

Auth platform combining authentication, feature flags, and billing

Kinde is a developer-focused authentication platform that bundles user management, feature flags, and billing management into a single service. It provides social login, passwordless auth, MFA, RBAC, and organization management out of the box. SDKs available for Next.js, React, Node, Python, and other frameworks. Free tier supports up to 10,500 monthly active users.

freemium
WorkOS logo

WorkOS

Enterprise SSO and directory sync APIs for SaaS applications

WorkOS provides B2B identity infrastructure for SaaS teams that need AuthKit user management, Enterprise SSO, Directory Sync, Admin Portal, audit logs, RBAC/FGA, Radar, and MCP Auth without building every identity integration themselves. It is strongest when enterprise customers require SAML/OIDC, SCIM provisioning, and organization-level auth workflows.

paid
Ory logo

Ory

Modular open-source identity infrastructure with Kratos, Hydra, and Keto

Ory provides a suite of modular open-source identity components: Kratos for user management and authentication, Hydra for OAuth2 and OIDC, Oathkeeper for API gateway authorization, and Keto for fine-grained permission management. Used by OpenAI and other major organizations. API-first design with Go-based microservices that deploy independently or together as Ory Network cloud.

open-sourceOpen Source
Authentik logo

Authentik

Open-source identity provider for self-hosted SSO and access management

Authentik is an open-source Identity Provider supporting SAML, OAuth2/OIDC, LDAP, RADIUS, and SCIM for self-hosted single sign-on. It provides customizable authentication flows, multi-factor authentication, user management, and proxy-based SSO for applications without native support. Positioned as a modern Keycloak alternative with 22K+ GitHub stars, free Open Source use, and paid Enterprise/Enterprise Plus plans.

open-sourceOpen Source
Pangolin logo

Pangolin

Identity-aware VPN and reverse proxy for zero-trust remote access

Identity-based remote access platform built on WireGuard that combines reverse proxy and VPN capabilities. Pangolin supports clientless browser access for web apps and client-based private-resource access across macOS, iOS, Windows, Linux, and Android, with zero-trust rules, peer-to-peer tunnels, automatic SSL, SSO/OIDC options, and cloud or self-hosted deployment.

api-usage-based
SuperTokens logo

SuperTokens

Open-source authentication with self-hosting

SuperTokens is an open-source authentication solution with 14K+ GitHub stars providing email/password, passwordless, social login, MFA, session management, and user management. Designed for self-hosting with Docker — full control over user data with no vendor lock-in. Pre-built UI components for React, Vue, and vanilla JS. Backend SDKs for Node.js, Python, and Go. Managed cloud option also available. Emphasizes security with rotating refresh tokens and anti-CSRF protection by default.

open-sourceOpen Source
Lucia logo

Lucia

Lightweight session management for TypeScript

Lucia is a lightweight open-source auth library for TypeScript providing session management primitives without abstracting the database layer. Gives developers core building blocks — session creation, validation, invalidation — while they own the schema and auth logic. Supports any database through a simple adapter. Works with Next.js, SvelteKit, Astro, Express, and Hono. For developers wanting full control over auth implementation with minimal overhead and zero vendor lock-in.

open-sourceOpen Source
Better Auth logo

Better Auth

TypeScript-native open-source auth library

Better Auth is an open-source TypeScript-native auth library with 10K+ GitHub stars providing a comprehensive, framework-agnostic solution. Features email/password, social OAuth, magic links, passkeys, 2FA, session management, and organization support. Works with Next.js, Nuxt, SvelteKit, Astro, and any Node.js framework. Database adapters for PostgreSQL, MySQL, SQLite, MongoDB, Drizzle, and Prisma. Zero vendor lock-in alternative to Clerk and Auth0.

open-sourceOpen Source
Keycloak logo

Keycloak

Open-source identity and access management

Keycloak is an open-source IAM solution with 25K+ GitHub stars by Red Hat. Provides SSO, social login, LDAP/Active Directory federation, standard protocol support (OIDC, OAuth 2.0, SAML), fine-grained authorization, user federation, and admin console. Features identity brokering, multi-tenancy via realms, and client adapters for Java, JavaScript, and Node.js. Self-hosted with no per-user licensing, making it ideal for organizations needing full control over identity infrastructure.

open-sourceOpen Source
Auth0 logo

Auth0

Enterprise identity platform by Okta

Auth0 is an enterprise identity platform by Okta providing authentication, authorization, and user management as a service. Supports social login, passwordless, MFA, SAML, OIDC, machine-to-machine auth, and custom database connections. Features Actions for serverless extensibility, Organizations for B2B multi-tenancy, and adaptive MFA with risk assessment. SDKs for all major platforms. Free tier includes 25,000 MAU. Used by thousands of enterprises globally.

freemium
Clerk logo

Clerk

Drop-in authentication for modern JavaScript apps

Clerk is a complete authentication and user management platform for React, Next.js, and modern JavaScript frameworks. It provides pre-built UI for sign-in, sign-up, user profiles, organizations, MFA, passkeys, JWT sessions, webhooks, and billing. The Hobby plan supports up to 50,000 monthly retained users per app, with Pro, Business, and Enterprise tiers for growing teams.

freemium