30 open-source projects similar to nextauthjs/next-auth, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Next Auth alternative.
This project is a reference implementation and boilerplate for managing user authentication and session state within the Next.js framework. It serves as a practical example of how to integrate NextAuth.js to protect routes and handle identity verification. The repository demonstrates several authentication workflows, including OAuth identity integration with third-party providers, passwordless authentication using email magic links, and traditional credentials-based sign-in. It specifically showcases how to replace default authentication screens with custom branded sign-in pages. The impleme
OpenAuth is a standards-based authentication server and identity provider that implements OAuth 2.0 and OpenID Connect protocols. It serves as a centralized system for managing user identities, issuing access tokens, and orchestrating authentication flows across various services. The project functions as a federated identity gateway, aggregating external providers such as Google, GitHub, Microsoft, Apple, and Discord into a unified login flow. It distinguishes itself with a multi-tenant architecture that supports pluggable identity providers and customizable user interface frameworks for bran
Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey authentication service and an OAuth and SAML SSO gateway, allowing applications to authenticate users and issue tokens via standard identity protocols. The project distinguishes itself through a strong focus on passwordless access using WebAuthn-based passkeys and email-based passcodes. It provides framework-agnostic authentication interfaces as customizable web components that can be embedded directly into web applications to handle login, registration, and profile management.
Authboss is a modular HTTP authentication framework for managing user identity, session lifecycles, and password security. It provides a system of identity access middleware to control route access and synchronize user identity across requests via standard web protocols. The framework is distinguished by a pluggable architecture that allows for the registration of independent modules to extend identity logic. It utilizes a hook-based event system to execute custom business logic during authentication state changes and employs a selector-verifier token pattern to protect against timing attacks
Tinyauth is an authentication middleware service and identity provider that verifies user identities to grant system access. It operates as a standalone server or as an authentication gateway, utilizing a reverse proxy model to intercept requests and validate credentials before traffic reaches protected backend services. The project functions as an OpenID Connect provider for single sign-on experiences and an OAuth 2.0 gateway that delegates verification to external providers such as Google and GitHub. It also acts as an LDAP authentication server, allowing for centralized user management and
django-allauth is a comprehensive authentication framework for Django applications that manages user registration, account ownership verification, and secure login processes. It provides a system for handling the entire user account lifecycle, including the ability to define custom signup fields and implement identity verification. The project distinguishes itself by providing a suite of OAuth and SAML integrations for social account authentication and the capability to act as an OpenID Connect identity provider. It further supports decoupled architectures through a token-based headless authe
Lucia is an authentication library that provides session management, OAuth integration, and password-based login for web applications. It creates and validates server-side sessions using cryptographically random tokens stored in HttpOnly, Secure, SameSite=Lax cookies, with constant-time token comparison to prevent timing side-channel attacks. The library supports authentication through email and password, GitHub OAuth, Google OAuth, and passkey-based sign-in. It enforces two-factor authentication using time-based one-time passwords (TOTP) from authenticator apps, generates recovery codes for
wechatpy is a Python API SDK designed for interacting with official accounts, mini programs, and corporate communication APIs. It provides a unified interface for managing users, media, and messages, and includes a bot framework for processing incoming events and generating structured responses. The project implements a component-based client factory to perform actions across different account types and orchestrates OAuth2 flows for identity verification. It features an event-driven bot architecture and a pluggable token storage system to persist authentication sessions across environments.
Stack Auth is an open-source authentication and authorization platform that provides pre-built UI components, OAuth integration, team management, and session handling for web applications. It offers a complete authentication lifecycle covering sign-in, sign-up, session management, password recovery, and multi-factor security, with support for passkey authentication and OAuth providers including Google, GitHub, and Apple. The platform includes a team-based permission system with role-based access control, allowing users to be organized into teams with granular permissions for membership manage
SuperTokens Core is an open-source, self-hosted authentication and identity management platform designed for deployment within private infrastructure. It provides a comprehensive suite for managing user accounts, roles, and secure authentication flows, utilizing a modular, recipe-based architecture that allows developers to enable specific security features without modifying the core codebase. The platform distinguishes itself through its robust multi-tenancy capabilities, which allow for the logical or physical isolation of user records and configuration settings across different organizatio
Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program
This project is an AI model API gateway and proxy server designed to provide a unified interface for interacting with diverse artificial intelligence service providers. It functions as a centralized middleware platform that routes, load balances, and translates API requests across multiple models, enabling developers to access text, image, audio, and video generation capabilities through a single, standardized integration. The gateway distinguishes itself through comprehensive administrative and financial controls, including event-driven usage accounting, real-time token consumption tracking,
Authboss is a modular authentication framework designed to manage user identity and account orchestration. It provides a comprehensive system for handling user registration, email verification, and the full lifecycle of user profiles. The framework distinguishes itself through a focused suite of security and identity tools, including multi-factor authentication via time-based passwords and SMS, and identity integration with external providers using OAuth1 and OAuth2 protocols. It also includes a dedicated account security manager that implements brute-force protection through credential-based
Ombi is a media request management system that coordinates content discovery between users, media servers, and download managers. It acts as a middleware layer to automate the process of requesting, approving, and acquiring movies, music, and TV shows. The project differentiates itself by acting as an integration layer that synchronizes libraries and user accounts across multiple media server instances. It features a content request orchestrator that supports voting-based automatic approval and the ability to import active requests directly from external watchlists. The platform covers a bro
This project is a foundational boilerplate for building software-as-a-service applications using Next.js, TypeScript, and Tailwind CSS. It provides a pre-configured project structure designed to accelerate the launch of a product. The kit integrates a conversational user interface that renders markdown responses from large language models. It includes a secure identity layer for user registration and session persistence across multiple authentication providers, alongside a billing system for managing tiered pricing plans and real-time payment updates. The technical surface covers a type-safe
Satellizer is an authentication library for AngularJS applications designed to manage user sign-in and session persistence using security tokens. It functions as a client-side implementation for exchanging credentials for tokens and attaching authorization headers to network requests. The library handles identity integration through a token manager that supports both email-based authentication and external OAuth providers. It enables the authorization of users via third-party services using secure popup windows and allows for linking or unlinking external accounts to a user profile. The proj
This project is a Next.js SaaS starter kit and billing boilerplate designed for building subscription-based software services. It provides a pre-configured foundation that integrates a PostgreSQL database schema with Stripe to manage recurring billing, tiered pricing models, and customer payment portals. The implementation features a synchronization system that uses webhooks to mirror external product data and subscription states into a local relational database. It includes an authentication layer that links external identity providers to user accounts and manages secure session tracking. T
This project is a modular authentication framework designed to manage user identity, session tracking, and access control across web applications. It provides a unified solution for handling email-based credentials and social identity federation, allowing developers to implement secure login and registration flows that maintain consistent user states across client and server environments. The system utilizes a plugin-based architecture and middleware-driven request interception to allow for the extension of core authentication logic. It features type-safe schema generation, which derives data
firebaseui-web is a library of pre-built web interface components for managing sign-in and identity flows using the Firebase SDK. It provides a customizable suite of themed and localized UI elements for user registration, password recovery, and account onboarding. The library supports a wide range of authentication methods, including traditional email and password, passwordless email sign-in, and phone-based verification with reCAPTCHA handling. It integrates third-party identity providers through OAuth, OIDC, and SAML standards, offering both popup and redirect strategies along with Google O
GoTrue is a JWT identity provider and user management API. It functions as an OAuth 2.0 compliant server that handles user registration and authentication while issuing signed JSON Web Tokens to control access to protected API resources. The service integrates external identity providers to allow users to sign in using third-party accounts. It also includes an SMTP notification service for delivering password resets, signup confirmations, and account recovery emails. The system covers broader capabilities for user account management, including the ability to update user profiles and manage c
Ory Keto is an open-source authorization server that implements Google Zanzibar’s relationship-based access control model. It stores every access relationship as a tuple in a SQL database and exposes a declarative TypeScript-like namespace language for defining object types, relations, and permissions. The service provides bidirectional permission resolution, configurable consistency levels for checks, and dual gRPC and REST APIs for broad integration. Keto extends the Zanzibar model with edge enforcement of access policies, structured compliance auditing of permission decisions, and infrastr
CodiMD is a real-time collaborative markdown editor and self-hosted knowledge base. It provides a shared workspace where multiple users can write and format notes using markdown syntax simultaneously. The platform extends basic editing by transforming markdown content into interactive mind maps for data visualization and structured visual slides for presentations. It functions as an OAuth compatible note server, integrating with external identity providers to manage user authentication and access control. The system supports self-hosting and cloud platform deployment, allowing users to maint
Payload is a headless content management system and application framework that uses a code-first approach to define data schemas and administrative interfaces. By utilizing a centralized, type-safe configuration object, it automatically generates database schemas, API endpoints, and a fully customizable admin panel. The system is built on a database-agnostic architecture, allowing it to interface with various storage engines while providing a unified, type-safe API for server-side operations, REST, and GraphQL. What distinguishes Payload is its deep extensibility and developer-centric design.
next-iron-session is a session management library for Next.js applications that stores encrypted user state in secure browser cookies. This system enables stateless session management, allowing applications to maintain user identity without requiring a server-side database for session tracking. The project provides utilities for securing data payloads through symmetric-key encryption and signing, including support for versioned encryption key rotation. It includes tools for implementing passwordless authentication via secure one-time magic links and integrating external identity providers thr
HedgeDoc is a self-hosted documentation platform and real-time collaborative Markdown editor. It serves as a digital workspace for creating shared technical notes and managing knowledge through a privately hosted system. The platform enables multiple users to write and format Markdown documents simultaneously in a shared live environment. It integrates external identity providers such as LDAP, SAML, and social platforms via OAuth2 to manage user access and authentication. The system includes capabilities for content publishing, including exporting notes to GitHub Gists and generating automat
Devise is a comprehensive identity management system and authentication framework for Ruby on Rails applications. It provides a complete set of tools for managing user registration, secure sign-in, and session handling using a modular strategy pattern. The framework distinguishes itself by offering a suite of security hardening features, including brute force protection through account locking and secure password recovery workflows. It also functions as an integrator for external identity providers and third-party authentication via standardized protocols. Broad capabilities cover the full u
supabase-js is a comprehensive client library designed to integrate frontend applications with a hosted backend-as-a-service. It provides a unified interface for interacting with a PostgreSQL database, identity management systems, cloud object storage, and real-time data synchronization. The library features an isomorphic client design that operates across both browser and server environments. It distinguishes itself through a type-safe approach, utilizing TypeScript to map database schemas directly to client-side definitions, and employs a PostgREST-based API to translate JavaScript calls in
ScribeJava is a Java library used to implement OAuth authentication and authorization flows. It functions as an OAuth client implementation and a third-party API integrator, allowing Java applications and Android environments to securely exchange data with external identity providers. The library provides a framework for managing secure data exchanges through pre-configured provider settings. It enables applications to link to external login services for user authentication and interaction with third-party APIs without requiring the local storage of passwords. The project covers identity pro
This project is a Spring Cloud microservices boilerplate and distributed system infrastructure designed to accelerate the development of enterprise Java applications. It provides a reference architecture that combines a Java backend with a decoupled Vue.js frontend framework. The system includes a complete e-commerce reference implementation, featuring a digital storefront with a full shopping workflow and a backend operations platform for business management. It also integrates OAuth 2.0 for identity management, supporting stateless authentication and third-party login services. The infrast
Taxonomy is a full-stack application template and reference implementation built with the Next.js app router. It serves as a comprehensive starter for developing web applications using server components and modern React patterns. The project integrates a variety of specialized systems, including an identity management workflow for OAuth and session handling, and a billing system for managing recurring subscriptions and payment events. It also features a content pipeline that transforms Markdown and JSX files into type-safe data collections for rendering blogs and documentation. The architect