If you like SuperTokens,
give us a star on Github!Star icon
If you like SuperTokens, give us a star on Github!
Star icon
GitHub logo Discord logo Twitter logo

Open Source User Auth

Quick to implement and easy to customize
See SuperTokens demo for your tech stack 👇
Copied!
Consult an expert Get started
Get started Consult an expert
Trusted by
Skoot logo Poppy logo Salad logo Offscript logo
Serif health logoSento.io logo
And many more
Trusted by
Skoot logo Poppy logo Salad logo Offscript logo Serif health logo
And many more

We are:

Developer First
green check mark
Pre built UI
.
Sign up / sign in forms (via our frontend SDK) that can be embedded on your website natively
green check mark
45 minutes
.
9/10 developers do the quick setup in under 45 minutes
green check mark
Feature segmentation
.
Pick only the features you need and see docs relevant to your use case (we call it ‘recipes’)
green check mark
Simple data model
.
Fewer database tables and simpler configuration due to our modular structure.
green check mark
Support
.
Quickest response times (<1hour) for support - available on Discord, email and calls for 18 hours / day
green check mark
Priced for startups
.
Generous limits and pricing for our managed service and free forever for self hosted!

"Wow this is insane! I literally spent 5min of copy-pasting React stuff and now I can see the auth page… so, at this point I should consider the frontend auth already set up? if that’s true, then ST is just magical."

Anton Mladenov       [email protected]
hi.health logo

“Configuring basic auth features like email verification, session management, refresh tokens, expiration, forgot password feature etc. takes a lot of time and SuperTokes in giving it out of the box. That is what I was looking for :) The simplicity is the key here. I saw plenty of other “safe” solutions, but none of them was simple like yours. I heard great opinions about SuperTokens, that’s why I chose it."

okukubambo       Our user on Discord
hi.health logo
yellow check mark
Lowest vendor lock in
.
We have guides and support to migrate to and from SuperTokens and you can override any API (eg: password hashing algorithm)
yellow check mark
SaaS or on prem:
.
Move between our managed service (simplicity) and your infrastructure (compliance) on demand - as your requirements change
yellow check mark
100% open source
.
What you see is what you get


yellow check mark
Control your data
.
User information is stored in your database enabling you to control and manage user data

“We are building a system for our startup with highest data privacy and sustainability issues in mind. For that we want to use as much OSS as possible and self host the services. I found SuperTokens and are pretty excited for the software.”

Erik Schake      [email protected] Cloudcamping
hi.health logo

“Two things that give SuperTokens an edge: 1. open-source/ability to deploy the core myself, and its simplicity. 2. Some less-important things that I still think gives supertoken an edge is it is not bundled with a database”

Joseph Gilley       Chief Architect at Iron Plans
hi.health logo
purple check mark
Own your user experience
.
Our frontend UI consists of React (Javascript) components that you can customize
purple check mark
Overrides
.
Heard of Auth0 Actions? Wait till you see SuperTokens’ Overrides
purple check mark
Integrate with any service
.
Integrate your own content delivery service (eg: SMS or email) for free

“I have implemented auth dozens of times .. (hydra, keycloak, auth0, okta, cognito). Supertokens is so .. as simple as possible but completely customizable, with ability to own all the data.... The number one complaint they [clients] usually have about auth0, cognito, etc. is that it is difficult or impossible to completely customize the forms and pages, plus it hops out to a different URL for oauth flow.”

Eric Dobbertin       Founder, Sheboygan Works
hi.health logo

“What I consider the biggest issue is that Auth0 adds too much complexity on things we need simple, plus, it’s expensive. For an early stage startup I don’t think we should be spending too much cash and time on auth, but this is the reality. And finally, the complexity of customizing the login/registration screens are simply TOO annoying. We have been using both email password + social login”

Gus Fune       [email protected]
hi.health logo
Green check mark
Pre built UI
.
Sign up / sign in forms (via our frontend SDK) that can be embedded on your website natively
Green check mark
45 minutes
.
9/10 developers do the quick setup in under 45 minutes
Green check mark
Feature segmentation
.
Pick only the features you need and see docs relevant to your use case (we call it ‘recipes’)
Green check mark
Simple data model
.
Fewer database tables and simpler configuration due to our modular structure
Green check mark
Support
.
Quickest response times (<1hour) for support - available on Discord, email and calls for 18 hours / day
Green check mark
Priced for startups
.
Generous limits and pricing for our managed service and free forever for self hosted!

“Configuring basic auth features like email verification, session management, refresh tokens, expiration, forgot password feature etc. takes a lot of time and SuperTokes in giving it out of the box. That is what I was looking for :) The simplicity is the key here. I saw plenty of other “safe” solutions, but none of them was simple like yours. I heard great opinions about SuperTokens, that’s why I chose it."

okukubambo       Our user on Discord
Discord logo

"Wow this is insane! I literally spent 5min of copy-pasting React stuff and now I can see the auth page… so, at this point I should consider the frontend auth already set up? if that’s true, then ST is just magical."

Anton Mladenov       [email protected]
Yellow check mark
Lowest vendor lock in
.
We have guides and support to migrate to and from SuperTokens and you can override any API (eg: password hashing algorithm)
Yellow check mark
SaaS or on prem
.
Move between our managed service (simplicity) and your infrastructure (compliance) on demand - as your requirements change
Yellow check mark
100% open source
.
What you see is what you get

Yellow check mark
Control your data
.
User information is stored in your database enabling you to control and manage user data

“We are building a system for our startup with highest data privacy and sustainability issues in mind. For that we want to use as much OSS as possible and self host the services. I found SuperTokens and are pretty excited for the software.”

Erik Schake      [email protected] Cloudcamping

“Two things that give SuperTokens an edge: 1. open-source/ability to deploy the core myself, and its simplicity. 2. Some less-important things that I still think gives supertoken an edge is it is not bundled with a database”

Joseph Gilley       Chief Architect at Iron Plans
Purple check mark
Own your user experience
.
Our frontend UI consists of React (Javascript) components that you can customize
Purple check mark
Overrides
.
Heard of Auth0 Actions? Wait till you see SuperTokens’ Overrides
Purple check mark
Integrate with any service
.
Integrate your own content delivery service (eg: SMS or email) for free

“I have implemented auth dozens of times .. (hydra, keycloak, auth0, okta, cognito). Supertokens is so .. as simple as possible but completely customizable, with ability to own all the data.... The number one complaint they [clients] usually have about auth0, cognito, etc. is that it is difficult or impossible to completely customize the forms and pages, plus it hops out to a different URL for oauth flow.”

Eric Dobbertin       Founder, Sheboygan Works
Sheboygan Works logo

"What I consider the biggest issue is that other providers adds too much complexity on things we need simple, plus, it’s expensive. For an early stage startup I don’t think we should be spending too much cash and time on auth, but this is the reality. And finally, the complexity of customizing the login/registration screens are simply TOO annoying. We have been using both email password + social login"

Gus Fune       [email protected]
Offscript logo
Trusted by
Circadia logo off script logo classcard logo
.
Trusted by
.
Circadia logo off script logo classcard logo
Blue shield

Protect and manage your data

SuperTokens stores user information in your database enabling you to control and manage your user data

yellow arrows intersecting

No complicated OAuth flows

Unless you require SSO, don’t worry about OAuth! Make auth simple again! How?

Green calendar

Save weeks

Auth can take weeks to build. See our 15 minute video for implementing SuperTokens

pink star in circles

Free Forever

Run SuperTokens on your own infrastructure for unlimited users for free

Backed by

YCombinator logo

SuperTokens provides

Login

Blue checkmark
A fully customisable frontend UI with default themes available
Blue checkmark
Email & password login and forgot password
flows
Blue checkmark
OAuth (Social, OpenID) login
Blue checkmark
Passwordless
Note: Login is currently available only for NodeJS, GoLang & Python. Other tech stacks will be supported soon

Session Management

Blue checkmark
JWTs, CSRF, sessions can all be confusing. Leave it to us.
Blue checkmark
We offer the most robust and secure session flow (Auth0 even uses one of our libraries).
Blue checkmark
Create, verify, refresh & revoke sessions.
Blue checkmark
Detects session hijacking using rotating refresh tokens.
Placeholder image
Note: Session management is available for NodeJS, GoLang & Python. Other tech stacks will be supported soon.

SuperTokens provides:

Login
Session Management

Login

green heavy check mark

A fully customisable frontend UI with default themes available

green heavy check mark

Email & password login and forgot password flows

green heavy check mark

OAuth (Social, OpenID) login

green heavy check mark

Passwordless

Note: Login is currently available only for NodeJS, GoLang & Python. Other tech stacks will be supported soon

Secure sessions

JWTs, CSRF, sessions can all be confusing. Leave it to us. We offer the most robust and secure session flow (Auth0 even uses one of our libraries).
green heavy check mark

Create, verify, refresh & revoke sessions.

green heavy check mark

Detects session hijacking using rotating refresh tokens.

See how we manage sessions
Note: Session management is available for NodeJS, GoLang & Python. Other tech stacks will be supported soon. The GIF representation is for NodeJS.

…See our Github Readme to learn more

How it works?

SuperTokens has a  frontendbackend  and  core.
They communicate with each other
Yellow laptop
FRONTEND CLIENT
Stacked servers
YOUR BACKEND
API
SuperTokens logo in cloud
SUPERTOKENS
CORE
The ST frontend provides a prebuilt UI that you can add to your website
Yellow laptop
FRONTEND CLIENT
Stacked servers
YOUR BACKEND
API
SuperTokens logo in cloud
SUPERTOKENS
MANAGED
SERVICE
Yellow arrowYellow arrowYellow arrow
Responsible for rendering the login UI widgets and managing session tokens automatically.
Yellow laptop
FRONTEND CLIENT
Yellow arrow
Responsible for rendering the login UI widgets and managing session tokens automatically.
Stacked servers
YOUR BACKEND
API
SuperTokens logo in cloud
SUPERTOKENS
MANAGED
SERVICE
Yellow arrowYellow arrow
Backend SDK adds authentication apis to your backend. E.g: Sign in, Sign up.
The Backend SDK is within your API layer
Yellow laptop
FRONTEND CLIENT
Stacked servers
YOUR BACKEND
API
SuperTokens logo in cloud
SUPERTOKENS
MANAGED
SERVICE
Yellow arrowYellow dotted arrowsYellow arrow
/api1/
/api2/
...
}
Application APIs
/auth/signin
/auth/signout
/auth/...
}
SuperTokens
Backend
APIs
Frontend SDK calls the APIs exposed by the Backend SDK
/*
Pink double headed arrow
/auth/*
Pink double headed arrow
Yellow laptop
FRONTEND CLIENT
Stacked servers
YOUR BACKEND
API
SuperTokens logo in cloud
SUPERTOKENS
MANAGED
SERVICE
The core is a seperate instance. Run it at your own server or host it with us
Yellow laptop
FRONTEND CLIENT
Stacked servers
YOUR BACKEND
API
SuperTokens logo in cloud
SUPERTOKENS
CORE
Yellow arrowYellow arrowYellow arrow
This is a HTTP service that contains the core logic for auth. It’s responsible for interfacing with the database and is used by our backend SDK for operations that require the db.
/*
Pink double headed arrow
/auth/*
Pink double headed arrow
Backend SDK calls the core to persist user data
Pink double headed arrow
/*
Pink double headed arrow
/auth/*
Pink double headed arrow
Yellow laptop
FRONTEND CLIENT
Stacked servers
YOUR BACKEND
API
SuperTokens logo in cloud
SUPERTOKENS
CORE

Lightning quick!

 Frontend implementation in 4.5 minutes. Backend in 2.5 minutes. With default configs
That’s what all our competitors (try to) claim. Here is our proof:
 Frontend implementation in 4.5 minutes. Backend in 2.5 minutes. With default configs

That’s what all our competitors (try to) claim. Here is our proof:
Interact with the SuperTokens demo app.
Sign up, see forgot password flow and more.
Interact with the SuperTokens demo app.
Sign up, see forgot password flow and more.
See interactive demo

 What others say

profile image

Anton Mladenov

Engineer @hi.health

Wow this is insane! I literally spent 5 min of copy-pasting React stuff and now I can see the auth page...so, at this point I should consider the frontend auth already set up?

If that’s true, then ST is just magical.

Brandon Bayer

Founder @Blitzjs

I' m SO excited to finally ship built-in authentication in @blitz_js !!! Including design, we've been working on this for over 4 months! Thank you to @rishpoddar for being the genius behind our auth!!! Check out his company @supertokensio for framework agnostic session management

profile image

Anuj Chabbria

Cofounder @Report Card

Supertokens is our guardian angel. We’re able to secure multiple assets with one library, providing the most seamless and secure experience for our users. Kudos to the Super team!

profile image

Fares Siddiqui

Founder @Circadia

We were using AWS Cognito and storing sensitive identity tokens on the frontend. SuperTokens secured our user accounts and patient data, and built an integration for our custom setup

profile image

Stephano Paraskeva

Consultant

orange quotation marks

SuperTokens brings with it, what money can’t buy - trust and transparency. I use SuperTokens in all of my projects because I’m able to control where and how SuperTokens works within my apps, allowing for more granular control over my authentication

Really looking forward to trying this out. Feels like Supertokens may have a 1up on Keycloak though in terms of initial learning
curve and integration effort.Wish you guys the best on this quest!
profile image
Mark Mankarious
@markmanx
Twitter logo
Love everything about this EXCEPT the choice of Java. Anyways, great work! This
has been something I’ve dreamt of for years (open source Auth0 replacement). I have no doubt you’ll find success.
profile image
Hunter Carter
@school_4_ants
Twitter logo
Recently learned about https://supertokens.io and I’m so hyped about this!
profile image
Joel Sequeira
@joelseq03
Twitter logo

We are building the "Stripe for Auth"

upvotes on hackernews
00
Days
:
00
Hrs
:
00
Min
:
00
Sec

Launching 2FA

Lock with password
Add phone, email based OTP verification
Google Authenticator
Google Authenticator
Thank you! Your submission has been received!
Something went wrong while submitting the form. Please try again
2 factor authentication illustration

We hear you

Coming soon
red check mark
Passwordless
red check mark
2FA (email, SMS and app based)
red check mark
Support for more technologies (Javalin and
Laravel)
2-factor auth
Magic Links
Visit our product roadmap page to learn more
GDPR LogoSOC under observation period
In progress
Under observation period
GDPR Logo
In progress
SOC under observation period
Under observation period

Questions?

We answer within 30 minutes for 18 hours / day
Consult an expert

Get started with SuperTokens today

Get a demo Get started
Get started Get a demo
Heart icon
Join the SuperTokens Team!
White cross
See open positions
Heart icon
Join the SuperTokens Team - we're hiring!
See open positionsWhite cross
Heart icon
Join the SuperTokens Team - we're hiring!
See open positionsWhite cross
Heart icon
Come grow with us! We're looking for awesome people to join the SuperTokens team!
See open positionsWhite cross
.
Trusted by
.
Circadia logo
Hubble
Circadia logo
.
Trusted by
.
Circadia logo
Hubble
Circadia logo