PickYourTechPickYourTech home
SuperTokens logo

SuperTokens

Self‑hosted authentication platform delivering secure login and sessions.

Identity & SSO

Add passwordless, social, MFA, and session management to any app with free, on‑premise SDKs for Node, Go, Python, React and more.

SuperTokens banner

Overview

Overview

SuperTokens is a self‑hosted authentication solution that lets developers add secure login, passwordless, social, and multi‑factor authentication to any application. It provides a unified user and session management layer without the complexity of OAuth, giving teams full control over their user data.

Capabilities & Deployment

The architecture consists of a Java‑based Core service, language‑agnostic backend SDKs (Node, Go, Python, etc.) and frontend SDKs that handle token storage and UI widgets. Features include session verification without extra network hops, multi‑tenant support, role‑based access, and microservice‑friendly APIs. The Core can be run via Docker or directly on a server, connecting to any supported SQL database, allowing on‑premise deployments that keep user data in‑house while remaining extensible through community contributions.

Highlights

Passwordless and social login options
Built‑in session verification and refresh
Multi‑tenant and role‑based access control
Language‑agnostic SDKs and microservice‑friendly core

Pros

  • Free forever with unlimited users
  • Full data control via on‑prem deployment
  • Extensible SDKs for many languages
  • Simplified API avoids complex OAuth flows

Considerations

  • Requires self‑hosting and operational overhead
  • Core service runs on Java, may increase memory usage
  • Limited managed support compared to SaaS providers
  • Advanced features may need custom integration

Managed products teams compare with

When teams consider SuperTokens, these hosted platforms usually appear on the same shortlist.

Amazon Cognito logo

Amazon Cognito

Customer identity and access management service for adding user sign-up, sign-in, and authentication to apps

Auth0 logo

Auth0

Cloud-based identity management platform for adding user authentication and authorization to applications

Clerk logo

Clerk

User authentication and identity APIs for web and mobile apps

Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.

Fit guide

Great for

  • Teams that need full ownership of user data
  • Products requiring passwordless or MFA authentication
  • Microservice architectures needing language‑agnostic auth
  • Enterprises avoiding vendor lock‑in

Not ideal when

  • Startups seeking a zero‑maintenance SaaS auth solution
  • Projects with no ops resources to manage a Java service
  • Apps that only need a single OAuth provider without extra features
  • Environments where Java runtime is prohibited

How teams use it

Passwordless login for a mobile app

Users sign in via email link or SMS, reducing friction and improving conversion.

Multi‑tenant SaaS platform with role‑based access

Each organization has isolated user data and custom roles, managed through the dashboard.

Microservice authentication across Node and Go services

Backend SDKs validate sessions without contacting the core, enabling high‑throughput APIs.

Enterprise SSO integration with existing identity providers

Combine social login and corporate SSO while keeping user data on‑premise.

Tech snapshot

Java98%
JavaScript1%
TypeScript1%
Shell1%
CSS1%
Dockerfile1%

Tags

auth0social-loginpasswordhacktoberfestkeycloakpasswordless-loginsession-managementloginoauthemail-passwordpasswordlesspasswordless-authenticationaws-cognitojavaauthenticationsigninsupertokensfirebase-authemail-password-login

Frequently asked questions

Is SuperTokens truly free for production use?

Yes, the core platform and SDKs are open‑source and can be deployed without licensing fees, regardless of user count.

What databases are supported for storing user data?

SuperTokens works with any SQL database supported by the Java core, such as PostgreSQL, MySQL, and MariaDB.

Can I run SuperTokens as a Docker container?

A pre‑built Docker image is provided, allowing you to start the core service with a single command.

How does session verification avoid extra network hops?

The backend SDKs perform token verification locally; only refresh operations contact the core service.

Is there a hosted version if I don’t want to self‑host?

SuperTokens offers a managed cloud offering, but the open‑source project itself requires self‑hosting.

Project at a glance

Active
Visit siteView repo
Stars
14,859
Watchers
14,859
Forks
637
Repo age6 years old
Last commit2 days ago
Primary languageJava

Last synced 13 hours ago