SuperTokens Core is an open-source, self-hosted authentication and identity management platform designed for deployment within private infrastructure. It provides a comprehensive suite for managing user accounts, roles, and secure authentication flows, utilizing a modular, recipe-based architecture that allows developers to enable specific security features without modifying the core codebase.
The platform distinguishes itself through its robust multi-tenancy capabilities, which allow for the logical or physical isolation of user records and configuration settings across different organizational environments. It employs a claims-based session management model that uses cryptographically signed tokens to enable stateless authorization, alongside an event-driven hook system that triggers custom business logic during authentication lifecycle events.
The system covers a broad capability surface, including diverse authentication methods such as passwordless flows, social and enterprise single sign-on, and hardware-backed passkey support. It also integrates advanced security features like threat detection, multi-factor authentication enforcement, and granular role-based access control, while providing tools for session monitoring, request tracing, and user data migration from legacy systems.
The project is designed to be run as a containerized service, offering horizontal scalability to handle varying traffic loads. Detailed documentation and administrative interfaces are available to assist with environment configuration, UI theming, and the integration of custom authentication logic.
