Logto

Logto is auth infrastructure that doesn't make you choose between open-source control and modern developer experience. Full OAuth 2.1, OIDC, multi-tenancy, RBAC, and social login — with a clean admin console that makes Keycloak's UI look like a 2005 enterprise portal. The open-source core is genuinely usable, not a demo for the paid tier.

If you're building a SaaS and need auth with multi-tenant support, Logto hits the sweet spot between Clerk's polish and Keycloak's power. Clerk is easier to integrate but proprietary and charges per user. Auth.js (Better Auth) gives you full data ownership but requires more wiring. Authentik is the self-hosted alternative with a visual flow editor.

The catch: Logto is MPL-2.0 licensed, which is permissive but requires sharing modifications to the MPL-licensed files. The project is younger than Keycloak or Auth0 — enterprise features like SAML support and advanced audit logging are still maturing. And token-based pricing on the cloud tier, while cheaper than per-user pricing, requires understanding your token consumption patterns.