Hey friends ๐
Auth0 and its parent company, Okta, are what developers think of when managing user authentication and authorisation. Both do, in general, a great job at implementing secure access for our favourite apps!
They are also the tools to help us work with the temperamental 0Auth2. ๐
Though this option deserves to be considered, many decent alternatives are on the market.
In the open-source world, we are particularly excited about the below 5 alternatives!
Let's dive straight into it ๐
ORY
Ory is a big name in the industry. It maintains advanced open-source security software solving authentication, authorisation, access control, application network security, and delegation. Ory Kratos is the open-source repository that is Auth0-like. It focuses on the identity, user management and authentication system for the Cloud.
The main features you can expect are:
Registration, login, and account management flows for passkeys, biometric authentication, social sign-in, SSO, and multi-factor authentication
Pre-built login, registration, and account management pages and components
OAuth2 and OpenID Connect provider for single sign-on, API access, and machine-to-machine authorization
Low-latency permission checks based on Google's Zanzibar model and with built-in support for the Ory Permission Language
Hanko
Hanko is an elegant project focused on an open-source authentication and user management solution. Their approach focuses on moving the login beyond passwords. Passkeys are the future, and this was well articulated in the blog post The Beginning of the End of the password, an article written by Google.
Since passkeys were announced only very recently, the ecosystem of devices, browsers, and operating systems is getting ready to move beyond passwords.
Hanko has been preparing for this shift, and as of present, it provides:
Fast integration with Hanko Elements web components (login box and user profile)
API-first, small footprint, cloud-native
Availability for self-hosting and on Hanko Cloud.
The easiest way to get started with hank is with docker-compose:
1๏ธโฃ Clone this repository: git clone https://github.com/teamhanko/hanko.git
2๏ธโฃ In the newly created hanko folder, run: docker compose -f deploy/docker-compose/quickstart.yaml -p "hanko-quickstart" up --build
3๏ธโฃ After the services are running, the login page can be viewed at localhost:8888
. To receive emails without your own SMTP server, Hanko added mailslurper which will be available at localhost:8080
.
Cerbos
Cerbos is an authorisation layer. It enables you to define context-aware access control rules for your application resources in YAML policies, which are managed and deployed via your Git-ops infrastructure. You can set up a self-hosted Cerbos Policy Decision Point.
With Cerbos you can:
Define authorisation logic in a collaborative IDE and testing environment
Collaborate with colleagues to author and share policies in private playgrounds
Deploy with a fully hosted CI/CD pipeline
Build special policy bundles for client-side or in-browser authorisation
Here is how Cerbos works with your application (a more advanced explanation can also be found here ) : ๐
To try out Cerbos, you can get started with their very fun Cerbforce tutorial. ๐
Zitadel
Zitadel is an open-source user management tool quickly set up like Auth0. Zitadel is built with a complex multi-tenancy architecture in mind, and it provides solutions to handle B2B customers and partners.
Zitadel is built with the following structure in mind:
API-first approach
Multi-tenancy authentication and access management
Strong audit trail due to event sourcing as storage pattern
Actions to react on events with custom code
Self-service for end-users, business customers, and administrators
CockroachDB or a Postgres database as storage option
You should consider Zitadel if you are interested in leveraging the below features:
Multi-tenancy with team management
Secure Login
Self-service
OpenID Connect
OAuth2.x
SAML2
LDAP
Passkeys / FIDO2
OTP
If the information above makes you think Zitadel is a good fit for you, you can get started by checking out their guide here.
SuperTokens
SuperTokens is another open-source authentication solution.
The main features you can find on the platform are the following:
Various login types: Email / password, Passwordless (OTP or Magic link based), Social / OAuth 2.0
Access control
Session management
User management
Self-hosted / managed cloud
Their architecture is unique because your backend API layer would sit in the middle of your front end and SuperTokens'. This enables easy customisations to the auth logic and allows for a secure session solution.
To start with SuperTokens, you can use their practical guide to pick the login type you want and get started here.
That's it for this one. โ๏ธ
As you have learned in this article, there are many exciting alternatives to Auth0.
You should look into each alternative and determine what service best suits your current or future needs.
In the meantime, I invite you to consider supporting these projects by starring them.
(We are not affiliated with them. We just think that great projects deserve great recognition.) โญ๏ธ
See you next week,
Your Hashnode buddy ๐
Bap