// the find
authgear/authgear-server
Open source Auth0/Clerk/Firebase alternative. Passkeys, SSO, MFA, passwordless, biometric login. Self-hosted or cloud. Enterprise-ready for SaaS & mobile apps
Authgear is a self-hostable authentication server covering the full modern auth surface: OIDC/OAuth2/SAML, passkeys, biometric login, MFA, social providers, LDAP/ADFS, and RBAC. It ships a pre-built auth UI, an admin portal, and a GraphQL Admin API, positioning it as a drop-in replacement for Auth0 or Clerk for teams who want to own their auth stack. The target is SaaS products and multi-app platforms that need enterprise SSO without paying Auth0 enterprise pricing.
1. TypeScript hooks let you inject custom logic at key auth events (user creation, pre-login, etc.) without forking the server — a practical escape hatch that Auth0 charges extra for. 2. SQL migration history goes back to 2020 with clean, incremental files — you can see exactly what changed and when, which matters for compliance audits. 3. The separation between AuthUI, Portal, and Admin API as distinct components means you can expose only what you need; the GraphQL Admin API is particularly useful for automated user provisioning. 4. Helm chart with real production adopters (MTR, Bupa) suggests the deployment story has been stress-tested beyond 'it works on my cluster'.
1. 1828 stars and 117 forks for something competing with Keycloak (26k+ stars) is a signal — the community is thin, which means fewer battle-tested bug reports, fewer third-party integrations, and slower answers on Discord if you hit something edge-case. 2. TypeScript hooks require running a Node.js sidecar alongside a Go server — the operational complexity is real and the failure modes when the hook service is down are not immediately obvious from the docs. 3. The iAMSmart provider and several adopter logos suggest the product was built primarily for the Hong Kong enterprise market; some design decisions (WhatsApp OTP, regional identity providers) may feel like dead weight for a Western deployment. 4. No visible changelog or migration guide between major versions — if you're on v3 and v4 ships breaking changes to the auth flow config schema, the upgrade path is unclear.