Authentication libraries, identity providers, OAuth/OIDC solutions, and user management platforms for developers.
Showing 15 of 15 tools
Fine-grained authorization engine by Okta
OpenFGA is an open-source authorization engine inspired by Google Zanzibar, built and maintained by Okta (Auth0). It provides relationship-based access control with a flexible modeling language, sub-millisecond permission checks, and SDKs for major languages. OpenFGA is used by companies including Grafana Labs, Canonical, and Docker for fine-grained access control in multi-tenant applications.
Google Zanzibar-inspired authorization database
SpiceDB is an open-source authorization database inspired by Google's Zanzibar system, providing relationship-based access control (ReBAC) at scale. It defines permissions through a schema language that models relationships between users, resources, and roles, then evaluates authorization checks in single-digit milliseconds. Used by companies like Netflix and GitHub, SpiceDB handles millions of permission checks per second.
Drag-and-drop authentication flows with visual workflow builder
Descope is an authentication platform featuring a visual drag-and-drop flow builder for designing login and signup experiences. It supports passwordless authentication, social login, MFA, SAML SSO, and passkeys. Raised $53M Series A to build no-code identity workflows. SDKs for web, mobile, and backend with pre-built UI components that reduce auth implementation to minutes.
Self-hosted customer identity management with no per-user pricing
FusionAuth is a customer identity and access management platform that can be self-hosted or cloud-deployed with no per-user fees. It supports OAuth2, OIDC, SAML, passwordless login, social providers, MFA, and advanced threat detection. Features a drag-and-drop theme builder for login page customization and supports multi-tenant application architectures with unlimited users on the community edition.
Auth platform combining authentication, feature flags, and billing
Kinde is a developer-focused authentication platform that bundles user management, feature flags, and billing management into a single service. It provides social login, passwordless auth, MFA, RBAC, and organization management out of the box. SDKs available for Next.js, React, Node, Python, and other frameworks. Free tier supports up to 10,500 monthly active users.
Enterprise SSO and directory sync APIs for SaaS applications
WorkOS provides APIs that let SaaS applications support enterprise authentication features including SAML SSO, SCIM directory sync, and RBAC without building identity infrastructure from scratch. Used by Vercel, Perplexity, and Webflow. Offers AuthKit for complete user management with social login, MFA, email/password authentication, and organization-based multi-tenancy.
Modular open-source identity infrastructure with Kratos, Hydra, and Keto
Ory provides a suite of modular open-source identity components: Kratos for user management and authentication, Hydra for OAuth2 and OIDC, Oathkeeper for API gateway authorization, and Keto for fine-grained permission management. Used by OpenAI and other major organizations. API-first design with Go-based microservices that deploy independently or together as Ory Network cloud.
Open-source identity provider for self-hosted SSO and access management
Authentik is an open-source Identity Provider supporting SAML, OAuth2/OIDC, LDAP, RADIUS, and SCIM for self-hosted single sign-on. It provides customizable authentication flows, multi-factor authentication, user management, and proxy-based SSO for applications without native support. Positioned as a modern, simpler alternative to Keycloak with over 14,000 GitHub stars and enterprise features.
Identity-aware VPN and reverse proxy for zero-trust remote access
Pangolin is an open-source, identity-based remote access platform built on WireGuard that combines reverse proxy and VPN into a single self-hosted stack. It provides browser-based access to web apps and client-based access to private resources like SSH, databases, and RDP with zero-trust security. A self-hosted alternative to Cloudflare Tunnels, it handles routing, load balancing, health checking, and automatic SSL without exposing your network.
Open-source authentication with self-hosting
SuperTokens is an open-source authentication solution with 14K+ GitHub stars providing email/password, passwordless, social login, MFA, session management, and user management. Designed for self-hosting with Docker — full control over user data with no vendor lock-in. Pre-built UI components for React, Vue, and vanilla JS. Backend SDKs for Node.js, Python, and Go. Managed cloud option also available. Emphasizes security with rotating refresh tokens and anti-CSRF protection by default.
Lightweight session management for TypeScript
Lucia is a lightweight open-source auth library for TypeScript providing session management primitives without abstracting the database layer. Gives developers core building blocks — session creation, validation, invalidation — while they own the schema and auth logic. Supports any database through a simple adapter. Works with Next.js, SvelteKit, Astro, Express, and Hono. For developers wanting full control over auth implementation with minimal overhead and zero vendor lock-in.
TypeScript-native open-source auth library
Better Auth is an open-source TypeScript-native auth library with 10K+ GitHub stars providing a comprehensive, framework-agnostic solution. Features email/password, social OAuth, magic links, passkeys, 2FA, session management, and organization support. Works with Next.js, Nuxt, SvelteKit, Astro, and any Node.js framework. Database adapters for PostgreSQL, MySQL, SQLite, MongoDB, Drizzle, and Prisma. Zero vendor lock-in alternative to Clerk and Auth0.
Open-source identity and access management
Keycloak is an open-source IAM solution with 25K+ GitHub stars by Red Hat. Provides SSO, social login, LDAP/Active Directory federation, standard protocol support (OIDC, OAuth 2.0, SAML), fine-grained authorization, user federation, and admin console. Features identity brokering, multi-tenancy via realms, and client adapters for Java, JavaScript, and Node.js. Self-hosted with no per-user licensing, making it ideal for organizations needing full control over identity infrastructure.
Enterprise identity platform by Okta
Auth0 is an enterprise identity platform by Okta providing authentication, authorization, and user management as a service. Supports social login, passwordless, MFA, SAML, OIDC, machine-to-machine auth, and custom database connections. Features Actions for serverless extensibility, Organizations for B2B multi-tenancy, and adaptive MFA with risk assessment. SDKs for all major platforms. Free tier includes 25,000 MAU. Used by thousands of enterprises globally.
Drop-in authentication for modern JavaScript apps
Clerk is a complete authentication and user management platform for React, Next.js, and modern JavaScript frameworks. Provides pre-built UI components for sign-in, sign-up, and user profiles with social login, passwordless auth, MFA, and organization management. Features session management, JWT tokens, webhook events, and role-based access control. Handles millions of authentications monthly with a generous free tier of 10,000 monthly active users.
