Lucia
Authentication, simple and clean
The Lens
Lynis audits the security configuration of Linux and Unix systems: checks file permissions, installed software, kernel parameters, network settings, and authentication configs. It handles sessions, cookies, and the messy parts of auth, but you own the database, you own the code, and you control every decision. No redirect to someone else's login page.
It works with any database (Postgres, SQLite, MySQL, MongoDB) and any framework (Next.js, SvelteKit, Astro, Express). The API is deliberately minimal: create a session, validate a session, invalidate a session. OAuth, email/password, and magic links are all supported through clean patterns rather than black-box modules.
Completely free under the BSD Zero Clause License, one of the most permissive licenses that exists. No paid tier, no cloud service, no upsells.
The catch: Lucia deprecated itself in early 2025. The maintainer explicitly recommended using it as a learning resource and pattern guide rather than a production dependency going forward. The code works, but don't expect new features or security patches. If you're starting fresh, look at Better Auth (similar philosophy, actively maintained) or Logto for a self-hostable auth server with a UI. If you want a managed service and don't mind the vendor dependency, Clerk or Auth0 handle everything but you lose control.
Get tools like this every Wednesday
One featured tool, three on the radar. No fluff.
Free vs Self-Hosted vs Paid
fully free### Pricing Breakdown
**Free tier:** Everything. Lucia is a library, not a service. BSD-0 licensed, literally no restrictions whatsoever.
**Self-hosted:** You host your own database and application. Lucia is just code running in your app. The ops burden is whatever your app already requires. Lucia adds nothing on top.
**Comparison to alternatives:** - Logto: Free self-hosted, cloud starts at $0 (free tier: 50k MAU). Full auth server with admin UI - Clerk: Free up to 10,000 MAU, then $25/mo + $0.02/MAU. Managed, polished, but vendor lock-in - Auth0: Free up to 25,000 MAU, paid starts at $35/mo. Enterprise-grade but complex - Keycloak: Free self-hosted. Enterprise-grade but heavy Java deployment - SuperTokens: Free self-hosted, managed starts at $0 (5,000 MAU free) - Better Auth: Free (MIT). Spiritual successor to Lucia, same philosophy, actively maintained
**The real cost with Lucia:** $0 forever. But since it's deprecated, the hidden cost is maintaining auth code yourself without upstream security patches. That's a real risk. For new projects, the $0/mo self-hosted options (Logto, SuperTokens, Better Auth) give you the same control with active maintenance.
Free forever, but deprecated. Use the patterns, build new projects on Better Auth or Logto instead.
Similar Tools
About
- Stars
- 10,469
- Forks
- 526
Explore Further
More tools in the directory
openclaw
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
370.3k ★claw-code
The repo is finally unlocked. enjoy the party! The fastest repo in history to surpass 100K stars ⭐. Join Discord: https://discord.gg/5TUQKqFWd Built in Rust using oh-my-codex.
190.9k ★n8n
Fair-code workflow automation with native AI capabilities
187.3k ★