Web Dev Tools
Categories

Auth

Identity, session, and user management for your app.

The auth space shifted hard between 2023 and 2026. Lucia is sunset (the maintainer published the codebase as a learning resource). NextAuth.js became Auth.js and supports many frameworks. Better Auth emerged as the most-recommended self-hostable choice for new projects.

Self-hostable libraries (you own the DB)

  • Better Auth — TypeScript-first, plugin-rich (organizations, 2FA, passkeys, magic links, OAuth, OIDC, SSO, anonymous, username/password, etc.), works with Drizzle/Prisma/Kysely, framework-agnostic. The most popular new-project pick in 2026.
  • Auth.js (formerly NextAuth.js) — works with Next.js, SvelteKit, Express, Solid Start. Mature; OAuth-heavy but supports credentials.
  • Lucia — sunset; Lucia v3 codebase is a teaching reference for rolling your own. Don't start a new project on it.
  • Iron Session / Iron Auth — minimal session libraries; good for very small apps.
  • Arctic (by Lucia's author) — OAuth client library; pair with your own session code.
  • oslo — primitives for crypto / encoding; companion to Arctic.

Hosted / managed (free tiers)

  • Clerk — drop-in components, great UX, generous free tier (10k MAU on the free plan).
  • WorkOS — enterprise SSO/SAML/SCIM/Directory Sync; free for AuthKit on the user-tier free.
  • Auth0 — mature; free tier exists but less generous than alternatives.
  • Stack Auth — open source + hosted, Next.js focused.
  • Kinde — hosted auth, free tier.
  • Supabase Auth — bundled with Supabase.
  • Firebase Auth — bundled with Firebase.

Self-hostable identity servers

See OIDC / Identity Providers for Logto, Keycloak, Authentik, ZITADEL, Ory — when you want a separate identity server, not a library.

Plugins / patterns worth knowing

  • Passkeys / WebAuthn — Better Auth and Auth.js both support natively; SimpleWebAuthn is the underlying lib.
  • Organizations / multi-tenancy — Better Auth org plugin, Clerk Organizations, WorkOS, Stack Auth.
  • Magic links / OTP — most libraries; Better Auth ships first-class.
  • 2FA / TOTP — Better Auth plugin, otplib for rolling your own.
  • OAuth / OIDC providers — Better Auth supports them natively; or use Arctic with your own sessions.

Pick this if…

  • Self-host, TS-first: Better Auth.
  • Already on Next.js + want it just to work: Auth.js or Better Auth.
  • You don't want to think about it and you're funded: Clerk.
  • Enterprise SSO / SAML / SCIM: WorkOS or a self-hosted identity server.
  • You're already on Supabase / Firebase / Convex: use the bundled auth.

Previous

Databases & ORMs

Next

Authorization (RBAC / ABAC / ReBAC)

On this page