Best open-source alternatives to Auth0

authentik is an open-source identity provider aimed at modern single sign-on and identity management use cases. It is intended for self-hosted deployments ranging from small labs to large production environments, and it explicitly positions itself as a replacement for products such as Okta, Auth0, Entra ID, and Ping Identity. The project supports multiple identity protocols, including SAML, OAuth2/OIDC, LDAP, and RADIUS, which makes it useful as a central authentication layer for heterogeneous application ecosystems. The README also points to an enterprise offering, and it provides deployment paths through Docker Compose, Kubernetes via Helm, AWS CloudFormation, and a DigitalOcean Marketplace app.

Stack Auth is an open-source authentication platform aimed at developers building modern web applications. It offers managed authentication, user management, and authorization features, while remaining self-hostable and optional to use as a hosted service. The project is designed to help teams get started quickly with prebuilt sign-in and sign-up components, account settings, user dashboards, and support for OAuth, passwords, magic links, and passkeys. It also includes organization and team management, role-based access control, impersonation, webhooks, automated emails, token handling, and machine-to-machine authentication. The README indicates support for Next.js, React, JavaScript frontends, and any backend that can call its REST API. It appears geared toward projects that need a production-ready identity layer with both hosted and self-hosted deployment options, plus a developer-oriented setup and local development environment.

Cerbos is a self-hosted authorization system designed to sit between an application and its access-control logic. It helps teams define permissions in YAML policies and evaluate those policies at runtime through APIs, so applications can make dynamic allow/deny decisions without embedding complex authorization logic directly in code. The project is aimed at developers and platform teams building applications that need fine-grained access control, including RBAC and more context-aware ABAC-style rules. It supports deployment as a standalone Policy Decision Point in environments such as Kubernetes, systemd, or serverless functions, and it integrates with applications through SDKs and query plan adapters. A cloud-hosted Cerbos Hub is also mentioned for collaborative policy authoring and distribution, but the core PDP is self-hosted.

ShotShare is a self-hosted image sharing platform designed for people who want a simple way to upload screenshots and share links without ads or extra clutter. It is described as open source and bare bones, suggesting a lightweight focus rather than a broad media management suite. The project is aimed at individuals or small groups running their own instance. The README explains deployment with Docker, local development with Docker Compose, and configuration through environment variables, with support for SQLite by default and other common SQL databases. It also documents integration with screenshot tools such as ShareX and Shutter, and provides commands for cleaning images and creating users when registration is disabled.