aicoolies logo
Logto logo
Logto logo

Logto

Open-source auth infrastructure for modern apps

freemiumopen sourceupdated Apr 21, 2026
Visit Website →
Share

Logto is an open-source authentication and authorization platform built on OIDC and OAuth 2.1, serving as an alternative to Auth0, Cognito, and Firebase Auth. It provides pre-built sign-in flows with customizable UI, social login, Google One Tap, MFA, enterprise SSO via SAML, and role-based access control. SDKs cover 30+ frameworks including React, Next.js, Vue, Flutter, Go, and Python, with multi-tenancy support for SaaS applications.

Logto provides a complete authentication and authorization infrastructure that eliminates the complexity of implementing OIDC, OAuth 2.1, and SAML from scratch. It ships with pre-built, customizable sign-in and sign-up flows covering email, phone, social login providers, Google One Tap, passwordless magic links, and multi-factor authentication. The admin console offers visual configuration of these flows without writing code, while the underlying protocol compliance ensures compatibility with any OIDC-reliant service.

For SaaS builders, Logto's multi-tenancy model supports organization-level authentication where each tenant can have its own SSO configuration, branding, and role-based access control policies. Enterprise SSO integration via SAML and OIDC connects to corporate identity providers like Okta, Azure AD, and Google Workspace. The RBAC system supports both API-level and UI-level permissions, with scopes that flow through access tokens for zero-trust authorization at every service boundary.

SDKs are available for over 30 frameworks and platforms including React, Next.js, Angular, Vue, Express, Go, Python, Ruby, Flutter, iOS, and Android, with each SDK handling the full authentication lifecycle from login to token refresh. The open-source edition self-hosts via Docker and includes the complete auth server, admin console, and connector system. Logto Cloud offers a managed alternative with automatic scaling, built-in analytics, and webhook integrations for teams that prefer not to operate auth infrastructure.

Pricing

Free open source, Logto Cloud available

Platforms

Node.js server; Docker, self-hosted

Categories

Tags

Use Cases

Alternatives

Keycloak logo

Keycloak

Open-source identity and access management

Keycloak is an open-source IAM solution with 25K+ GitHub stars by Red Hat. Provides SSO, social login, LDAP/Active Directory federation, standard protocol support (OIDC, OAuth 2.0, SAML), fine-grained authorization, user federation, and admin console. Features identity brokering, multi-tenancy via realms, and client adapters for Java, JavaScript, and Node.js. Self-hosted with no per-user licensing, making it ideal for organizations needing full control over identity infrastructure.

open-sourceOpen Source
Auth0 logo

Auth0

Enterprise identity platform by Okta

Auth0 is an enterprise identity platform by Okta providing authentication, authorization, and user management as a service. Supports social login, passwordless, MFA, SAML, OIDC, machine-to-machine auth, and custom database connections. Features Actions for serverless extensibility, Organizations for B2B multi-tenancy, and adaptive MFA with risk assessment. SDKs for all major platforms. Free tier includes 25,000 MAU. Used by thousands of enterprises globally.

freemium
SuperTokens logo

SuperTokens

Open-source authentication with self-hosting

SuperTokens is an open-source authentication solution with 14K+ GitHub stars providing email/password, passwordless, social login, MFA, session management, and user management. Designed for self-hosting with Docker — full control over user data with no vendor lock-in. Pre-built UI components for React, Vue, and vanilla JS. Backend SDKs for Node.js, Python, and Go. Managed cloud option also available. Emphasizes security with rotating refresh tokens and anti-CSRF protection by default.

open-sourceOpen Source
Clerk logo

Clerk

Drop-in authentication for modern JavaScript apps

Clerk is a complete authentication and user management platform for React, Next.js, and modern JavaScript frameworks. It provides pre-built UI for sign-in, sign-up, user profiles, organizations, MFA, passkeys, JWT sessions, webhooks, and billing. The Hobby plan supports up to 50,000 monthly retained users per app, with Pro, Business, and Enterprise tiers for growing teams.

freemium

Related Tools

MCP Context Forge logo

MCP Context Forge

IBM-backed ContextForge gateway for federating MCP, A2A, REST, and gRPC APIs

MCP Context Forge is IBM’s Apache-2.0 ContextForge project for operating a gateway, registry, and proxy across MCP servers, A2A agents, REST APIs, and gRPC services. It centralizes discovery, authentication, policy controls, federation, and observability, with deployment paths through PyPI, Docker, and Kubernetes.

open-sourceOpen Source
Mergify logo

Mergify

Merge queue, CI insights, flaky-test controls, and stacked pull requests for GitHub teams

Mergify is a pull request automation platform that keeps main branches green with merge queue batching, merge protections, CI Insights, flaky-test detection, and stacked pull requests. Its Stacks workflow turns commits on one local branch into focused PR chains, helping teams review large AI-generated or feature-heavy changes without losing queue safety.

freemium
Terrateam logo

Terrateam

Open-source GitOps automation for Terraform and OpenTofu pull requests

Terrateam is open-source GitOps infrastructure orchestration for Terraform and OpenTofu pull requests. It automates plans and applies in GitHub workflows, supports monorepos and many workspaces, and adds apply-only locks, OPA/Rego policy checks, cost and drift signals, and approval controls without forcing teams into a separate IaC platform.

freemiumOpen Source
Digger logo

Digger

Open-source IaC orchestration that runs Terraform plans and applies from pull request comments

Digger is an open-source infrastructure-as-code orchestration tool for running Terraform and OpenTofu plan/apply workflows from pull request comments. It uses the team’s existing VCS and CI runners instead of adding a separate runner fleet, supports GitHub, GitLab, and Azure DevOps style workflows, and stores PR-level locks and plan cache in the user’s cloud account.

open-sourceOpen SourceTelemetry
KubeAI logo

KubeAI

Kubernetes operator for serving AI inference workloads

KubeAI is an Apache-2.0 Kubernetes operator for deploying and scaling AI inference workloads, including LLMs, embeddings, reranking, and speech-to-text. It gives platform teams OpenAI-compatible endpoints, model proxy/controller primitives, model caching, scale-from-zero behavior, and cluster-native resource management for self-hosted inference on Kubernetes.

open-sourceOpen Source

kubectl-ai

Google’s open-source Kubernetes assistant that translates natural-language intent into precise cluster operations.

kubectl-ai is an AI-powered Kubernetes assistant from Google Cloud Platform. It acts as an intelligent interface for cluster work, translating operator intent into Kubernetes commands and workflows. The key distinction from reactive diagnosis tools is that kubectl-ai is designed as an interactive natural-language interface for planning and executing Kubernetes operations, with provider configuration and MCP-oriented workflows around the CLI.

open-sourceOpen SourceTelemetry