Best open-source alternatives to Auth0
A cloud identity platform for authentication and authorization.
Auth0 provides developer-friendly OAuth2/OIDC, social login, MFA, and enterprise SSO as a managed service. It is widely adopted for its SDKs and quick time-to-value, but its per-MAU pricing scales poorly for large user bases and its SaaS nature means your identity data lives on third-party infrastructure.
12 alternatives listed- MIT LicenseOpen Source — No Paywall
PocketBase is an open source backend framework and standalone server aimed at developers who want a portable backend without assembling a large stack. It packages an embedded SQLite database, user and file management, realtime subscriptions, an admin dashboard, and a REST-ish API into a single Go-based project. The project can be used in two main ways: as a ready-to-run app via prebuilt executables, or as a Go library/toolkit for building custom applications with your own business logic. The README also points to official SDK clients for JavaScript and Dart, making it easy to integrate web, mobile, desktop, and CLI applications with PocketBase's web APIs.
Offline CapableMulti-UserBinarySourceFeatures:
- embedded SQLite database
- realtime subscriptions
- files management
- users management
- admin dashboard UI
+5 more
Auth:local - BSD 3-Clause "New" or "Revised" LicenseOpen Source — No Paywall
Appwrite is an open-source development platform aimed at teams building web, mobile, and AI applications. It combines backend services and hosting in a single system so developers can avoid assembling a separate stack for authentication, data storage, file handling, compute, messaging, and deployment. The README positions it as both a managed cloud offering and a self-hosted platform for infrastructure under the user's control. The project is designed for developers who want production-ready primitives without implementing common backend infrastructure from scratch. It supports a broad range of client and server SDKs, and its product suite includes authentication, databases, storage, functions, messaging, and Sites for web hosting. Self-hosting is described as container-based, with installation through Docker, docker-compose, and Kubernetes-oriented deployments, making it suitable for local development as well as controlled production environments.
Cloud OptionalMulti-UserDockerDocker ComposeKubernetesSourceFeatures:
- authentication
- multiple login methods
- session management
- multi-factor authentication
- user verification
+5 more
Auth:oauthlocal2fa authentik is an open-source identity provider built for modern single sign-on and broader identity management. It is aimed at organizations and self-hosters that need to centralize authentication and access management across applications, with support for common protocols such as SAML, OAuth2/OIDC, LDAP, and RADIUS. The project is designed to scale from small labs to large production clusters and includes an enterprise offering for larger organizations. The README highlights deployment options such as Docker Compose for smaller setups and Kubernetes for larger environments, along with cloud deployment paths like AWS CloudFormation and DigitalOcean Marketplace.
Cloud OptionalMulti-UserDocker ComposeKubernetesFeatures:
- SSO identity provider
- SAML support
- OAuth2/OIDC support
- LDAP support
- RADIUS support
+3 more
Auth:samloauthldap- Mozilla Public License 2.0Open Source — No Paywall
Tyk Gateway is an open source API gateway designed for organizations that need to expose, secure, and manage APIs at scale. It is positioned as cloud-native and enterprise-ready, with support for REST, GraphQL, TCP, and gRPC traffic, and it emphasizes low latency, scalability, and operational control. The project is aimed at teams building API platforms, including open banking, cloud applications, and partner or consumer-facing APIs. It can be deployed via Docker, Docker Compose, Kubernetes, Helm, or from source, and it integrates with related Tyk OSS components such as Tyk Pump, Tyk Operator, and Tyk Identity Broker. The README also points to a broader documentation site for installation, configuration, and API management workflows.
Cloud OptionalMulti-UserDockerDocker ComposeKubernetesHelmSourcePackage ManagerFeatures:
- API gateway
- Rate limiting
- Quotas
- Authentication
- Analytics logging
+5 more
Auth:oidc-ssooauthlocal Stack Auth is an open-source authentication platform aimed at developers building modern web applications. It offers managed authentication, user management, and authorization features, while remaining self-hostable and optional to use as a hosted service. The project is designed to help teams get started quickly with prebuilt sign-in and sign-up components, account settings, user dashboards, and support for OAuth, passwords, magic links, and passkeys. It also includes organization and team management, role-based access control, impersonation, webhooks, automated emails, token handling, and machine-to-machine authentication. The README indicates support for Next.js, React, JavaScript frontends, and any backend that can call its REST API. It appears geared toward projects that need a production-ready identity layer with both hosted and self-hosted deployment options, plus a developer-oriented setup and local development environment.
Cloud OptionalMulti-UserMulti-TenantSourceFeatures:
- Sign-in and sign-up components
- OAuth, password, and magic-link authentication
- User dashboard
- Account settings
- Multi-tenancy and teams
+5 more
Auth:oauthlocal- Open Software License 3.0Source-Available — Not OSS
TrailBase is a self-hosted backend platform aimed at developers building mobile, web, or desktop applications. It positions itself as an open Firebase alternative that emphasizes very low latency, fewer moving parts, and a single-executable deployment model. The project combines a server, client libraries, documentation, tests, and examples in one repository. Its README highlights type-safe REST and realtime APIs, multi-database support, a WebAssembly runtime, geospatial features, server-side rendering, authentication, and an admin UI. It can be run from pre-built binaries or Docker, and it also supports extending the server with WASM components such as an auth UI.
Multi-UserDockerBinarySourceFeatures:
- single-executable deployment
- type-safe REST APIs
- realtime APIs
- multi-DB support
- WebAssembly runtime
+5 more
Auth:local - Apache License 2.0Open Source — No Paywall
Cerbos is a self-hosted authorization system designed to sit between an application and its access-control logic. It helps teams define permissions in YAML policies and evaluate those policies at runtime through APIs, so applications can make dynamic allow/deny decisions without embedding complex authorization logic directly in code. The project is aimed at developers and platform teams building applications that need fine-grained access control, including RBAC and more context-aware ABAC-style rules. It supports deployment as a standalone Policy Decision Point in environments such as Kubernetes, systemd, or serverless functions, and it integrates with applications through SDKs and query plan adapters. A cloud-hosted Cerbos Hub is also mentioned for collaborative policy authoring and distribution, but the core PDP is self-hosted.
Telemetry: Opt-OutCloud OptionalMulti-UserDockerBinaryPackage ManagerHelmFeatures:
- context-aware access control rules
- YAML policy authoring
- GitOps-managed deployment
- policy evaluation APIs
- CheckResources API
+5 more
Auth:local - Apache License 2.0Open Source — No Paywall
DreamFactory is a self-hosted enterprise data access platform designed to sit between applications, AI systems, and a wide range of data sources. It is aimed at teams that need to expose databases and services through governed APIs without building custom backend services from scratch. The project generates REST APIs from connected databases and adds access controls such as roles, API keys, audit logging, and identity passthrough. It also includes a built-in MCP server for AI and LLM integration, allowing models like ChatGPT or Claude to query data through structured endpoints rather than raw SQL. The README highlights support for multi-tenant deployments, web-based administration, and connectors for both SQL and NoSQL systems as well as file and messaging services.
Offline CapableMulti-UserMulti-TenantDockerKubernetesSourceFeatures:
- automatic REST API generation
- OpenAPI/Swagger documentation
- stored procedure support
- relationship handling
- server-side filtering, sorting, and pagination
+5 more
Auth:ldapoidc-ssooauthsamllocal - Mozilla Public License 2.0Open Source — No Paywall
Mozilla Accounts is Mozilla’s monorepo for its account system, formerly known as Firefox Accounts. The README identifies it as the central codebase for Mozilla Accounts and the related Subscription Platform, but it does not describe product features or end-user workflows in detail. For development, the README points contributors to the project’s documentation hub and a separate contribution guide. As written, it is primarily an entry point for developers and contributors rather than a user-facing product overview, so the README provides little information about installation, runtime requirements, or operational characteristics.
- Apache License 2.0Open Core — Some Features Paid
Para is a backend server and framework intended for developers who need a scalable, multitenant data layer and API service. It is described as useful for building and prototyping applications faster by handling backend operations such as persistence, retrieval, search, caching, security, and monitoring. The project can be used as a library inside a JVM application or deployed as a standalone API server. It includes a RESTful JSON API, JWT-based client authentication, webhooks, permission controls, and support for multiple data stores and search engines. The README also highlights a web console for managing users, objects, permissions, and backups, making it suitable for teams building cloud or self-hosted application backends.
Cloud OptionalMulti-UserMulti-TenantDockerDocker ComposeKubernetesHelmBinarySourceFeatures:
- RESTful JSON API
- multitenancy
- webhooks
- LDAP/SAML/social login security
- JWT authentication
+5 more
Auth:ldapsamloauthlocal
What to look for in a Auth0 alternative
Prioritize standards compliance (OAuth2, OIDC, SAML) and SDK ecosystem coverage for your stack. Check whether the alternative supports social providers, passwordless, and adaptive MFA out of the box. Operational complexity matters here — identity infrastructure is critical path, so assess deployment reliability, upgrade paths, and community support carefully.
Other SaaS alternatives
- Notion (64)
- Dropbox (49)
- Evernote (34)
- Slack (32)
- Squarespace (31)
- Asana (30)
- Trello (30)
- ChatGPT (29)
- WordPress.com (29)
- Microsoft Teams (29)
- Wix (28)
- Vercel / Heroku / Render (27)
- Shopify (26)
- Microsoft OneDrive (25)
- Cursor IDE (23)
- Discord (23)
- Google Analytics (21)
- Make (Integromat) (20)
- Airtable (20)
- Jira (20)
- Spotify (20)
- Zoom (19)
- Microsoft 365 (19)
- Sentry (18)
- Microsoft OneNote (18)
- Webflow (18)
- Claude Code - CLI (17)
- Salesforce (15)
- Plex (14)
- Google Workspace (14)
- Miro (13)
- Datadog (13)
- GitHub (13)
- HubSpot (13)
- monday.com (12)
- YouTube (12)
- Bitbucket (11)
- Google Calendar (11)
- Twilio (10)
- Hotjar (10)
- Postman (9)
- Calendly (9)
- Stripe (9)
- Zendesk (9)
- PayPal (9)
- Apple iCloud (8)
- 1Password (8)
- Basecamp (8)
- Lovable (7)
- Intercom (7)
- v0 (6)
- Adobe Premiere Pro (6)
- Adobe Photoshop (6)
- Typeform (6)
- Adobe Lightroom (5)
- Netflix (5)
- Mailchimp (5)
- DocuSign (5)
- Figma (3)
- Buffer (3)
- AutoCAD (3)
- Adobe Illustrator (3)
- Midjourney (2)
- Canva (2)
- Loom (2)
- Adobe After Effects (2)
- Adobe InDesign (2)
- Grammarly (1)
- Authentik (1)
- Listmonk (1)
