Own your identity layer

Open-source, self-hosted authentication & authorization

Authorizer is an open-source authentication and authorization server you run on your own infrastructure—your users live in your database, not someone else's dashboard.

Authorizer — open-source authentication on Product Hunt
  • Build secure apps faster with OAuth2 and OpenID Connect
  • No per-seat auth tax—pay for infrastructure, not usage
  • Own user data in your preferred database
  • Multiple auth methods: social, password, magic link, and more
  • Role-based access for your APIs and products
  • Standards-based APIs your stack already understands
Deploy your instance

Try it now ☝️

Authorizer vs hosted identity platforms

Hosted identity platforms give you dashboards, enterprise SSO marketplaces, and batteries-included UI—in exchange for running your most sensitive infrastructure on someone else's servers and paying a per-seat auth tax as you grow. Authorizer is a different tradeoff: open source and self-hosted so authentication runs where you run your product—and user records stay in your database.

High-level comparison of Authorizer with typical hosted identity vendors
FactorAuthorizerHosted identity platforms
DeploymentSelf-hosted on your cloud or VPC; you operate the serviceHosted SaaS you don't run; identity lives on vendor infrastructure
Data & residencyUser directory lives in your database (SQL, NoSQL, graph)Typically vendor-managed user stores and dashboards
Pricing modelOpen source; pay for infra, not per-seat auth taxUsage/seat/connection-based pricing that scales against you
Enterprise SSO (SAML/OIDC IdPs)Core OAuth2/OIDC server; extend for your SSO needsMature multi-IdP SSO marketplaces and B2B org patterns
Drop-in UIBuilt-in login + headless APIs; React SDK availablePolished hosted components and universal login pages
Best whenYou need ownership, compliance-friendly data location, or deep backend controlYou want zero ops and fastest time-to-market on hosted identity

A category-level comparison. Check the docs for feature details against your exact requirements.

Where Authorizer wins

Authorizer’s strongest position in the market is as a self-hosted alternative to hosted identity platforms (and for teams who outgrow “just use hosted auth”). It’s a practical choice when ownership, cost predictability, and database flexibility matter more than outsourced operations.

Self-hosted auth for teams that need control

If you have data residency requirements, a private network, or you simply prefer to operate critical security infrastructure yourself, Authorizer gives you a full authentication and authorization layer without handing your user directory to a third party.

Bring your database (seriously)

Authorizer supports a broad set of SQL, NoSQL, and graph databases. That means your users live where your app already lives—simpler compliance stories, fewer data silos, and easier integration with internal tooling.

Standards first, UI optional

OAuth2 and OpenID Connect make integration predictable across stacks. Use the built-in login, go headless, or embed UI with the React SDK—whatever matches your product and threat model.

v2 direction (based on the roadmap)

The v2 roadmap is focused on the enterprise foundations buyers expect from hosted identity platforms—without giving up self-hosting.

  • Security hardening
    Rate limiting and brute-force protections, CAPTCHA/bot protection, and safer operational defaults.
  • Auditability & observability
    Structured audit logs and Prometheus metrics for production monitoring and compliance workflows.
  • B2B + automation
    Machine-to-machine auth (client credentials), API keys, fine-grained permissions, and directory sync (SCIM) on the v2 roadmap.

Roadmap items are plans and may change; check the product repository for current status.

Get started in 3 simple steps

Authentication and authorization have never been this simple before!

  • 1

    Get Authorizer instance

    Deploy production ready Authorizer instance using one click deployment options available below

    Read more
  • 2

    Setup instance

    Open authorizer instance endpoint in browser. Sign up as an admin with a secure password. Configure environment variables from dashboard

    Read more
  • 3

    Integrate with your application

    Load the @authorizerdev/authorizer-js library and initialize the authorizer object. Authorizer object can be instantiated with JSON object with following keys in its constructor.

    Read more

Deploy your instance now

Deploy to RailwayDeploy to HerokuDeploy to Render

Authentication | Authorization | Security | Integrations

The hardest part of the application development, made simple.

You can use Authorizer off the shelf and provide an amazing digital experience in just 3 minutes.
We rather have you focused on your core business and build stuff that matters.

SECURE SESSION MANAGEMENT

Auth with best services baked in. Secure Session management implemented with HTTP only cookies. Authorization Code flow implemented for mobile based auth.

AUTH RECIPES

Multiple auth recipes supported out of the box: social login, email and password, magic link, and more.

CONNECT TO YOUR DATABASE

It supports 11+ databases including major SQL, NoSQL and GraphDBs

INTEGRATE OR IMPLEMENT

Built-in universal login page, plus APIs and SDKs so you can build custom UI in JavaScript, React, or any framework.

Role Based Access Control

Define the roles and authorize your APIs with role based session tokens

DEPLOY ANYWHERE

Deploy authentication and authorization anywhere you need: Railway, Heroku, Render, Docker, Kubernetes, and more.

CUSTOMIZE EMAILS

Send emails with custom email templates and dynamic variables

LISTEN TO EVENTS

Configure webhooks for various events on the authorizer service and take perform necessary actions with event data

MULTI FACTOR AUTHENTICATION

Added layer of security with email based OTP for your basic authentication recipe

Myriad Database Support

You name it and we have it covered for you

  • MongoDB
  • Cassandra
  • PostgreSQL
  • ArangoDB
  • MySQL
  • SQLite
  • SQL Server
  • YugaByte
  • MariaDB
  • PlanetScale
  • Scylla
  • AWS DynamoDB
  • Couchbase
Request new Database Support

Loved By Users

Join our community on Discord. You can also share your experience here and help us build more trust.

First time I found Authorizer at Product Hunt I fall in love with this. Then I realize this is a perfect fit solution for me. So, I want to say thank you for building an amazing product. Especially as you made it Open Source.

- Aris Ripandi

Authorizer simplifies the implementation of a login system and is fast and light on resources. The React.js library also vastly simplifies the implementation of state management in a project. The author, Lakhan Samani, is also extremely helpful and easy to work with. Overall, Authorizer saves numerous hours of headaches and provides a great experience for developers.

- Rattley

I have been working on an edutainment product for the past few months. The authentication, authorization flow was one of the tasks that I had to take care of. I used the Authorizer for the same and it did not take me much time, from integration with the product to setting it up on the cloud. It was a great experience as a developer to be able to use an open-source solution to a fairly complex problem with such ease. Thanks to the authorizer team.

- Nitesh Agarwal

Authorization/Authentication has been always big pain but I found Authorizer is the simplest and fastest way of building auth service for our app. I also was able to partially adopt our own customized authentication flow with Authorizer because they provide flexible enough libs and APIs. I would not be able to fine other product that can handle this easily. Truly, all in one solution ever.

- Peter Choi

Frequently asked questions

Quick answers about self-hosting your authentication and authorization.

What is Authorizer?
Authorizer is an open-source authentication and authorization server you deploy on your own infrastructure. It supports OAuth2 and OpenID Connect, social logins, magic links, email/password, multi-factor authentication, webhooks, and role-based access control—while storing users in a database you control.
How is Authorizer different from hosted authentication platforms?
Hosted authentication platforms run identity on their servers and bill per seat or connection as you scale. Authorizer is self-hosted and open source: you run the service, choose your own database backend, and keep every user record in your own storage. It's the better fit when data residency, customization, cost predictability, and ownership matter more than outsourced operations.
Which databases does Authorizer support?
Authorizer supports 13+ databases across SQL, NoSQL, and graph, including PostgreSQL, MySQL, MariaDB, SQLite, SQL Server, MongoDB, Cassandra, ScyllaDB, ArangoDB, YugabyteDB, PlanetScale, AWS DynamoDB, and Couchbase. Your users live in the database your application already uses.
Can I use Authorizer in production?
Yes. Authorizer is built for production with secure session handling over HTTP-only cookies, one-click deployment templates for Railway, Heroku, and Render, plus Docker and Kubernetes support, and SDKs for integration via standard OAuth2 and OpenID Connect flows.
Is Authorizer free?
Authorizer is free and open source. There is no per-seat or per-user auth tax—you only pay for the infrastructure you run it on. You can self-host it on your own cloud, VPC, or a one-click platform deployment.