SuperTokens

SuperTokens is the auth solution for developers who want to own their user data without building auth from scratch. Email/password, social login, passwordless, MFA, session management — all self-hosted with prebuilt UI components. It's what you'd build if you had six months and a security team.

If you're picking between rolling your own auth (don't) and paying Auth0 prices (ouch), SuperTokens is the middle ground. Auth0 is the commercial standard but expensive at scale. Clerk has better DX but is fully managed. Keycloak is enterprise-grade but complex. Lucia is lightweight but DIY.

Best for SaaS founders who need production-ready auth with the option to self-host. The managed cloud has a generous free tier (5K MAU). The prebuilt React components save weeks.

The catch: the core is Java, which means heavier infrastructure than Go or Rust alternatives. Some features (multi-tenancy, account linking) are only in the paid tier. The documentation, while good, assumes a specific architecture that may not match yours. And migrating away from SuperTokens' session model later is non-trivial.