Authentication & Identity
Authentication libraries, identity providers, OAuth/OIDC solutions, and user management platforms for developers.
Showing 19 of 19 tools
Logto
Open-source auth infrastructure for modern apps
Logto is an open-source authentication and authorization platform built on OIDC and OAuth 2.1, serving as an alternative to Auth0, Cognito, and Firebase Auth. It provides pre-built sign-in flows with customizable UI, social login, Google One Tap, MFA, enterprise SSO via SAML, and role-based access control. SDKs cover 30+ frameworks including React, Next.js, Vue, Flutter, Go, and Python, with multi-tenancy support for SaaS applications.
Casdoor
Open-source IAM and SSO platform by Casbin
Casdoor is an open-source Identity and Access Management platform built by the Casbin community in Go and React. Supports OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, and MFA with a comprehensive web-based admin UI. Provides multi-tenant organization management, flexible RBAC and ABAC access control via Casbin models, and integrations with Google Workspace and Azure AD. Offers self-hosted deployment with optional managed cloud plans.
workers-oauth-provider
OAuth 2.1 provider framework for Cloudflare Workers
workers-oauth-provider is Cloudflare's official OAuth provider library for Workers. It implements the provider side of the OAuth 2.1 protocol with PKCE support and RFC 8414 compliance. Handles token management automatically via Cloudflare KV storage. Gives fullstack teams a path to implement OAuth at the edge without heavy auth servers. TypeScript-native with npm package available.
ZITADEL
Open-source identity management with built-in multi-tenancy
ZITADEL is an open-source identity and access management platform that handles authentication, authorization, and user management for B2B and B2C applications. It supports OIDC, SAML, OAuth 2.0, Passkeys, MFA, and passwordless login out of the box. Built with multi-tenancy as a core feature, ZITADEL lets you manage multiple organizations with delegated admin access, custom branding, and isolated identity stores—all from a single deployment.
OpenFGA
Fine-grained authorization engine by Okta
OpenFGA is an open-source authorization engine inspired by Google Zanzibar, built and maintained by Okta (Auth0). It provides relationship-based access control with a flexible modeling language, sub-millisecond permission checks, and SDKs for major languages. OpenFGA is used by companies including Grafana Labs, Canonical, and Docker for fine-grained access control in multi-tenant applications.
SpiceDB
Google Zanzibar-inspired authorization database
SpiceDB is an open-source authorization database inspired by Google's Zanzibar system, providing relationship-based access control (ReBAC) at scale. It defines permissions through a schema language that models relationships between users, resources, and roles, then evaluates authorization checks in single-digit milliseconds. Used by companies like Netflix and GitHub, SpiceDB handles millions of permission checks per second.
Descope
Drag-and-drop authentication flows with visual workflow builder
Descope is an authentication platform featuring a visual drag-and-drop flow builder for designing login and signup experiences. It supports passwordless authentication, social login, MFA, SAML SSO, and passkeys. Raised $53M Series A to build no-code identity workflows. SDKs for web, mobile, and backend with pre-built UI components that reduce auth implementation to minutes.
FusionAuth
Self-hosted customer identity management with no per-user pricing
FusionAuth is a customer identity and access management platform that can be self-hosted or cloud-deployed with no per-user fees. It supports OAuth2, OIDC, SAML, passwordless login, social providers, MFA, and advanced threat detection. Features a drag-and-drop theme builder for login page customization and supports multi-tenant application architectures with unlimited users on the community edition.
Kinde
Auth platform combining authentication, feature flags, and billing
Kinde is a developer-focused authentication platform that bundles user management, feature flags, and billing management into a single service. It provides social login, passwordless auth, MFA, RBAC, and organization management out of the box. SDKs available for Next.js, React, Node, Python, and other frameworks. Free tier supports up to 10,500 monthly active users.
WorkOS
Enterprise SSO and directory sync APIs for SaaS applications
WorkOS provides B2B identity infrastructure for SaaS teams that need AuthKit user management, Enterprise SSO, Directory Sync, Admin Portal, audit logs, RBAC/FGA, Radar, and MCP Auth without building every identity integration themselves. It is strongest when enterprise customers require SAML/OIDC, SCIM provisioning, and organization-level auth workflows.
Ory
Modular open-source identity infrastructure with Kratos, Hydra, and Keto
Ory provides a suite of modular open-source identity components: Kratos for user management and authentication, Hydra for OAuth2 and OIDC, Oathkeeper for API gateway authorization, and Keto for fine-grained permission management. Used by OpenAI and other major organizations. API-first design with Go-based microservices that deploy independently or together as Ory Network cloud.
Authentik
Open-source identity provider for self-hosted SSO and access management
Authentik is an open-source Identity Provider supporting SAML, OAuth2/OIDC, LDAP, RADIUS, and SCIM for self-hosted single sign-on. It provides customizable authentication flows, multi-factor authentication, user management, and proxy-based SSO for applications without native support. Positioned as a modern Keycloak alternative with 22K+ GitHub stars, free Open Source use, and paid Enterprise/Enterprise Plus plans.
Pangolin
Identity-aware VPN and reverse proxy for zero-trust remote access
Identity-based remote access platform built on WireGuard that combines reverse proxy and VPN capabilities. Pangolin supports clientless browser access for web apps and client-based private-resource access across macOS, iOS, Windows, Linux, and Android, with zero-trust rules, peer-to-peer tunnels, automatic SSL, SSO/OIDC options, and cloud or self-hosted deployment.
SuperTokens
Open-source authentication with self-hosting
SuperTokens is an open-source authentication solution with 14K+ GitHub stars providing email/password, passwordless, social login, MFA, session management, and user management. Designed for self-hosting with Docker — full control over user data with no vendor lock-in. Pre-built UI components for React, Vue, and vanilla JS. Backend SDKs for Node.js, Python, and Go. Managed cloud option also available. Emphasizes security with rotating refresh tokens and anti-CSRF protection by default.
Lucia
Lightweight session management for TypeScript
Lucia is a lightweight open-source auth library for TypeScript providing session management primitives without abstracting the database layer. Gives developers core building blocks — session creation, validation, invalidation — while they own the schema and auth logic. Supports any database through a simple adapter. Works with Next.js, SvelteKit, Astro, Express, and Hono. For developers wanting full control over auth implementation with minimal overhead and zero vendor lock-in.
Better Auth
TypeScript-native open-source auth library
Better Auth is an open-source TypeScript-native auth library with 10K+ GitHub stars providing a comprehensive, framework-agnostic solution. Features email/password, social OAuth, magic links, passkeys, 2FA, session management, and organization support. Works with Next.js, Nuxt, SvelteKit, Astro, and any Node.js framework. Database adapters for PostgreSQL, MySQL, SQLite, MongoDB, Drizzle, and Prisma. Zero vendor lock-in alternative to Clerk and Auth0.
Keycloak
Open-source identity and access management
Keycloak is an open-source IAM solution with 25K+ GitHub stars by Red Hat. Provides SSO, social login, LDAP/Active Directory federation, standard protocol support (OIDC, OAuth 2.0, SAML), fine-grained authorization, user federation, and admin console. Features identity brokering, multi-tenancy via realms, and client adapters for Java, JavaScript, and Node.js. Self-hosted with no per-user licensing, making it ideal for organizations needing full control over identity infrastructure.
Auth0
Enterprise identity platform by Okta
Auth0 is an enterprise identity platform by Okta providing authentication, authorization, and user management as a service. Supports social login, passwordless, MFA, SAML, OIDC, machine-to-machine auth, and custom database connections. Features Actions for serverless extensibility, Organizations for B2B multi-tenancy, and adaptive MFA with risk assessment. SDKs for all major platforms. Free tier includes 25,000 MAU. Used by thousands of enterprises globally.
Clerk
Drop-in authentication for modern JavaScript apps
Clerk is a complete authentication and user management platform for React, Next.js, and modern JavaScript frameworks. It provides pre-built UI for sign-in, sign-up, user profiles, organizations, MFA, passkeys, JWT sessions, webhooks, and billing. The Hobby plan supports up to 50,000 monthly retained users per app, with Pro, Business, and Enterprise tiers for growing teams.