Open Source · Self-Hosted · Free up to 10K Users

Add auth to your app in 5 minutes.
Own every byte of data.

BastionAuth is an open-source authentication SDK — like Clerk or Auth0 — that runs on your servers. Your users get a polished sign-in experience. You keep full control of the data.

Get Started Free See How It Works

// Install
npm install @bastionauth/nextjs

// Wrap your app — done.
<BastionProvider>
  <SignIn />
</BastionProvider>

Why does this exist?

Hosted auth services are convenient — but they come with trade-offs that matter more as you grow.

Hosted Auth (Clerk, Auth0)

✕User data lives on their servers — you don't control it
✕Per-user pricing that scales unpredictably as you grow
✕Vendor lock-in — migrating away is painful
✕Can't meet strict compliance (HIPAA, FedRAMP) without workarounds

BastionAuth

✓Data stays on your servers — full ownership
✓Free for up to 10K users — pay only for your infrastructure
✓Open source — no lock-in, fork anytime
✓Deploy inside your compliance boundary — HIPAA, FedRAMP ready

See it in action

One product, three perspectives — the people who sign in, the developers who build it, and the team leads who manage it.

📝

Email/password or one-click OAuth

→

🔗

Social Login

Google, GitHub, Microsoft, Apple

→

🔐

MFA Setup

TOTP app, backup codes, or SMS

→

🏠

Dashboard

Profile, sessions, security settings

End Users are the people who sign in to your app. They get a polished auth experience — sign up, social login, MFA, password reset — all working out of the box. You don't build any of this UI yourself.

Everything you need, nothing you don't

Production-ready auth features, all included out of the box.

Drop-in Components

Pre-built <SignIn />, <SignUp />, <UserButton /> components. Add auth UI in one line of code.

Multi-Factor Auth

TOTP authenticator apps, backup codes, and SMS verification. Enable with one config toggle.

Organizations & Teams

Multi-tenancy with role-based access control, invitations, and team management built in.

Enterprise Security

Audit logs, session management, brute-force protection, and rate limiting by default.

OAuth & SSO

Google, GitHub, Microsoft, Apple, and SAML SSO. Configure providers in minutes.

Self-Hosted

Deploy on your own infrastructure. Docker, Kubernetes, or bare metal. Your data never leaves.

Built for teams like yours

Whether you're a startup, an enterprise, or anything in between.

🚀

Startups

Stop paying per-user auth taxes that eat into your margins. BastionAuth is free up to 10,000 monthly active users. Just pay for your server.

Free up to 10K MAU

🏛️

Regulated Industries

Healthcare (HIPAA), government (FedRAMP), and finance teams — deploy inside your compliance boundary. User data never leaves your infrastructure.

HIPAA & FedRAMP ready

🔒

Privacy-Conscious Teams

Full control over your users' data. No tracking, no data mining, no vendor reading your user records. You own it all.

Complete data sovereignty

How does it compare?

Same developer experience, fundamentally different ownership model.

Feature	BastionAuth	Clerk	Auth0
Data ownership	You own it	Vendor	Vendor
Pricing	Free + infra cost	Per user / month	Per user / month
Self-hosted	Yes	No	Limited
Open source	Yes (MIT)	No	No
Drop-in components	Yes	Yes	Partial
MFA	Yes	Yes	Yes
HIPAA / FedRAMP	Deploy in your boundary	N/A	Enterprise plan

Ready to own your auth?

Get up and running in under 5 minutes. Free forever for up to 10,000 users.

npm install @bastionauth/nextjs

Get Started Free Read the Docs

Add auth to your app in 5 minutes.Own every byte of data.