30 open-source projects similar to stack-auth/stack, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Stack alternative.
Logto is an open-source identity provider that serves as a centralized authentication and authorization server for web, mobile, and command-line applications. It implements the OpenID Connect and OAuth 2.1 standards to handle secure user sign-in and the issuance of identity tokens. The platform is specifically designed as a multi-tenant authentication framework for software-as-a-service environments, featuring built-in organization management and tenant isolation. It includes an enterprise single sign-on gateway to integrate external identity providers and supports role-based access control t
InsForge is a backend-as-a-service platform that provides an integrated suite of tools for managing relational databases, identity provision, object storage, and serverless compute. It functions as an open-source identity provider and a PostgreSQL database manager featuring integrated vector storage and row-level security. The platform serves as an LLM orchestration gateway, offering a unified endpoint to route requests across various AI providers through an OpenAI-compatible interface. It enables AI-driven application generation and connects AI agents to backend resources using a standardize
Stack Auth is an open-source authentication and authorization platform that provides pre-built UI components, OAuth integration, team management, and session handling for web applications. It offers a complete authentication lifecycle covering sign-in, sign-up, session management, password recovery, and multi-factor security, with support for passkey authentication and OAuth providers including Google, GitHub, and Apple. The platform includes a team-based permission system with role-based access control, allowing users to be organized into teams with granular permissions for membership manage
SuperTokens Core is an open-source, self-hosted authentication and identity management platform designed for deployment within private infrastructure. It provides a comprehensive suite for managing user accounts, roles, and secure authentication flows, utilizing a modular, recipe-based architecture that allows developers to enable specific security features without modifying the core codebase. The platform distinguishes itself through its robust multi-tenancy capabilities, which allow for the logical or physical isolation of user records and configuration settings across different organizatio
Kill Bill is a subscription billing platform and usage-based billing engine designed to manage recurring invoicing and automated payment collection. It functions as a multi-tenant billing infrastructure, providing isolated environments for different organizational entities through a dedicated API. The system is distinguished by a plugin-based extension framework that allows for the integration of third-party payment gateways and custom business logic. It includes a payment gateway orchestrator to handle transactions and refunds, as well as a revenue recognition system to allocate contract rev
This project is a foundational boilerplate for building software-as-a-service applications using Next.js, TypeScript, and Tailwind CSS. It provides a pre-configured project structure designed to accelerate the launch of a product. The kit integrates a conversational user interface that renders markdown responses from large language models. It includes a secure identity layer for user registration and session persistence across multiple authentication providers, alongside a billing system for managing tiered pricing plans and real-time payment updates. The technical surface covers a type-safe
This project is an AI model API gateway and proxy server designed to provide a unified interface for interacting with diverse artificial intelligence service providers. It functions as a centralized middleware platform that routes, load balances, and translates API requests across multiple models, enabling developers to access text, image, audio, and video generation capabilities through a single, standardized integration. The gateway distinguishes itself through comprehensive administrative and financial controls, including event-driven usage accounting, real-time token consumption tracking,
Lens is a multi-cluster management platform and desktop application for administering Kubernetes environments. It provides a graphical interface for deploying Helm charts, editing YAML manifests, and managing the lifecycle of pods and deployments. The project features an AI-powered cluster assistant that enables users to query cluster state, perform autonomous troubleshooting, and translate natural language requests into system commands. It also supports collaborative team access through shared spaces, utilizing encrypted cluster sharing and role-based access control to manage credentials and
Jeesite is a full-stack low-code development framework designed for building enterprise administrative portals using Spring Boot, MyBatis, and Vue. It functions as a comprehensive platform for creating administrative dashboards with integrated role-based access control and organizational data permission systems. The framework distinguishes itself through a combination of automated CRUD code generation and an integrated RAG platform that connects large language models to enterprise data via vector stores. It further incorporates a BPMN-based workflow engine to automate complex business process
Guns is a development starter kit and application scaffold for building enterprise information systems. It provides a pre-configured architectural foundation integrating a Spring Boot 3 backend with a Vue 3 administrative dashboard. The project distinguishes itself through built-in support for multi-tenant application templates, enabling dynamic database routing to ensure data isolation between different organizations. It includes a role-based access control system and data visibility restrictions to manage permissions and record access across hierarchical organizational structures. The fram
This project is a production-ready starter kit and boilerplate for building multi-tenant software-as-a-service applications using .NET and React. It provides a multi-tenant application framework and a cloud-native infrastructure kit designed to support scalable cloud services. The project distinguishes itself through a modular monolith architecture that organizes business logic into isolated bounded contexts to prevent code entanglement. It implements comprehensive SaaS identity management, including role-based access control, account impersonation, and strict tenant data isolation across the
This project is a comprehensive enterprise architecture for building multi-tenant distributed systems, implemented as a Spring Cloud microservices platform. It provides a complete framework for managing microservices, focusing on multi-tenant data architecture and centralized identity provision. The platform is distinguished by its integrated approach to identity and security, utilizing an OAuth2 identity provider to manage single sign-on, role-based access control, and JWT token issuance across distributed services. It further separates organizational boundaries through multi-tenant data iso
This project is a Go-based identity and access management system that functions as a centralized authentication and authorization server. It provides a framework for managing user identities and controlling access to resources within enterprise environments. The system implements a role-based access control model, where permissions are grouped into roles and mapped to specific user accounts to manage resource access levels. The codebase covers the implementation of user authentication systems, identity management, and backend security patterns. It utilizes a database-backed identity store an
Zeebe is a cloud-native workflow engine and distributed state machine designed for business process orchestration using BPMN and DMN standards. It operates as a high-performance gRPC workflow runtime that executes complex business processes through a partitioned event-streaming architecture. The system also functions as an orchestrator for large language model agents, coordinating AI reasoning and tool use within deterministic business processes. The engine is distinguished by its peer-to-peer broker networking and a consensus-based data replication model that ensures high availability and fa
This project is a type-safe web application template and admin dashboard starter built with Next.js, TypeScript, and the shadcn/ui component library. It serves as a multi-tenant SaaS boilerplate designed for developing administrative interfaces and software-as-a-service applications. The starter distinguishes itself through integrated SaaS infrastructure, including multi-tenant workspace management, organization-level permissions, and subscription billing integration. It features role-based access control to gate specific pages and navigation items based on user roles or subscription tiers.
Vue Manage System is a type-safe administrative dashboard framework built with Vue 3 and Element Plus. It serves as a management template for backend systems, integrating role-based access control to restrict pages and actions based on assigned user permissions. The project distinguishes itself through a comprehensive set of administrative tools, including a data visualization dashboard with interactive charts and a content management system featuring rich text editing and image cropping utilities. It utilizes TypeScript for static typing and Pinia for centralized state management. The syste
Kanidm is a centralized identity management server designed to handle authentication, authorization, and directory services across distributed infrastructure. It provides a comprehensive framework for managing human and service accounts, utilizing a schema-driven database to store identity records, group memberships, and system attributes. The platform supports a wide range of authentication methods, including passkeys, passwords, and standard protocols like OAuth2, OIDC, LDAP, and RADIUS. The system distinguishes itself through a granular access control engine that enforces security policies
Boundary is an identity-aware access proxy and privileged access management tool. It brokers secure network connections to infrastructure targets by mapping verified user identities to granular permissions, providing a gateway to servers and databases without the need for static credentials or VPNs. The system distinguishes itself through just-in-time connectivity and automated credential injection, delivering short-lived secrets to users during session initialization. It implements a composable security model using allow-only role-based access control and hierarchical resource scoping to iso
Deepagents is an LLM agent orchestration platform and stateful application server designed for deploying and managing AI agents built with computational graphs. It provides a containerized runtime environment that handles agent execution, state persistence, and the versioning of AI assistants. The platform distinguishes itself through deep integration with the Model Context Protocol, allowing agents to function as servers that expose tools and capabilities to external clients. It features a sophisticated observability suite for capturing execution traces, performing LLM-based evaluations agai
This project is a starter kit for building software as a service applications. It provides a foundational framework for developing scalable products with integrated subscription billing, user management, and automated cloud deployment pipelines. The core architecture centers on a multi-tenant application framework that isolates data and permissions between organizations using team workspaces and role-based access control. It utilizes a GraphQL API to ensure type-safe communication and data consistency between the frontend and backend. The system covers comprehensive identity and access manag
This project is a comprehensive starter kit for building subscription-based web applications using Next.js and TypeScript. It provides a structural foundation for developing software-as-a-service platforms, incorporating integrated user authentication, payment tiers, and multi-tenant organization management. The framework distinguishes itself with a dedicated multi-tenant application architecture that organizes users into teams and organizations with workspace switching. It includes a built-in monetization layer via Stripe subscription integration for managing pricing tiers and billing cycles
Polar is a digital product monetization engine and subscription management system. It serves as a merchant of record platform that handles global sales tax and VAT compliance, providing the infrastructure for selling subscriptions and one-time digital goods via hosted checkouts and embedded payment flows. The project functions as an entitlement and access manager, automating the granting and restriction of digital benefits, license keys, and third-party platform roles. It includes a dedicated usage-based billing infrastructure that tracks customer activity through meters to apply aggregation
Fonoster is a conversational AI framework and multi-tenant communications platform as a service. It serves as a programmable voice gateway and SIP telephony platform, enabling the creation of voice-based assistants and automated communication workflows using large language models. The project distinguishes itself through a vendor-agnostic speech integration engine that abstracts speech-to-text and text-to-speech providers. It features a multi-tenant architecture that isolates telephony resources and user identities into distinct organizational workspaces. The system covers a broad range of t
TheHive is a security incident response platform and multi-tenant case management system. It functions as a Security Orchestration, Automation, and Response (SOAR) tool and a threat intelligence platform designed to coordinate security investigations by managing alerts, cases, and observables. The platform is distinguished by its multi-tenant architecture, which isolates data across different organizations while supporting selective cross-tenant sharing. It features a SOAR automation engine capable of executing sandboxed JavaScript logic to automate workflows and trigger response actions thro
Vendure is a Node.js e-commerce engine and headless commerce framework built with NestJS and TypeScript. It serves as a multi-channel commerce platform that manages product catalogs, orders, and customers via a strongly typed GraphQL API. The platform is distinguished by its highly extensible architecture, featuring a customizable administrative dashboard where developers can inject custom React components and entity views. It supports multi-channel commerce, allowing the isolation of products, currencies, and regional catalogs from a single unified backend. The engine covers a broad range o
Blynk is an embedded device framework and IoT cloud connectivity library designed to establish secure, bi-directional communication between microcontrollers and a remote management platform. It provides the core identity of an IoT device management tool, enabling the synchronization of device states, remote hardware control, and the mapping of hardware data to cloud-based interfaces. The project distinguishes itself through a virtual-pin system that decouples cloud communication from physical pins, allowing for hardware-independent data exchange. It also supports advanced architectural offloa
Ever Gauzy is an integrated business management suite providing an ERP and CRM framework for professional services automation. It functions as a multi-tenant SaaS platform that combines time tracking, billing, and human resource management into a unified system. The project is distinguished by its headless architecture, utilizing a REST and GraphQL API gateway to expose business operations. It features a Model Context Protocol server that allows AI assistants to interact with system data and execute functional tools for automated business workflows. The platform covers a broad operational su
Skateshop is a Next.js e-commerce storefront and subscription-based commerce platform. It provides a retail website featuring product catalogs, shopping carts, and checkout flows, paired with a retail store management dashboard for tracking inventory, orders, and payments. The project includes a subscription system to process recurring payments and manage tiered access to premium services. It also integrates a markdown blog engine for publishing technical content and an email marketing system to collect subscribers and distribute newsletters. The platform covers identity management through u
Unkey is an API key management platform and gateway control plane designed for issuing, verifying, and revoking secure keys with global distribution. It provides the infrastructure necessary to authenticate requests and authorize access to protected resources with low latency. The platform distinguishes itself through edge-based request authentication and distributed rate limiting, which allow for the verification of keys and enforcement of request quotas at the network edge. It also features a usage-based billing engine and a self-service developer portal, enabling the tracking of metered AP
Worklenz is a project management platform and professional services automation tool designed for planning work, tracking tasks via Kanban boards, and managing team collaboration. It functions as a combined resource management tool and time tracking software, providing a centralized workspace to analyze team capacity, balance workloads, and log work hours. The platform is distinguished by its deep integration with GitHub and Slack, allowing for the synchronization of repository activity and the delivery of real-time project notifications to external communication channels. It further streamlin