Authgear is an open-source authentication platform designed as a self-hosted alternative to Auth0, Clerk, and Firebase Authentication. It provides enterprise-grade identity management with modern authentication methods including Passkeys, biometric login, MFA, SSO via OAuth 2.0 and SAML, and passwordless flows via email/SMS/WhatsApp. Built in Go, Authgear is optimized for SaaS and mobile applications requiring scalable, secure, and customizable user authentication without vendor lock-in. The platform includes a full-stack solution: a core server, admin portal, pre-built UI components, and a GraphQL Admin API — all designed to reduce development time while maintaining control over user data and security policies.
Developers and DevOps teams seeking to replace proprietary identity services with a transparent, extensible system will find Authgear ideal. It supports both cloud-hosted and on-premise deployments, with Helm charts for Kubernetes and detailed guides for local development. Authgear is used by enterprises like Bupa, MTR, and Hongkong Land to manage authentication across high-traffic consumer applications.
What You Get
- Passkeys & WebAuthn - Support for FIDO2-compliant hardware keys and password managers, enabling phishing-resistant biometric login without passwords.
- Passwordless Authentication - Email magic links and OTP via SMS, WhatsApp for frictionless signups and logins with built-in rate limiting.
- Multi-Factor Authentication (MFA) - TOTP (Google Authenticator, Authy), SMS, and email-based second factors with adaptive MFA planned.
- Pre-built Authentication UIs - Customizable login, signup, and account settings pages with dark/light mode support, ready for direct integration.
- Admin Portal - Web-based GUI to manage users, sessions, roles, authentication flows, audit logs, and rate limits without code changes.
- GraphQL Admin API - Full programmatic control over users, sessions, policies, and configurations via a documented GraphQL endpoint.
- SSO & Enterprise Identity - OAuth 2.0 integrations for Google, Facebook, Apple, LinkedIn, WeChat; SAML 2.0 support for ADFS and other enterprise identity providers.
- Webhooks & TypeScript Hooks - Trigger custom logic on events like user signup or login; extend Authgear with server-side TypeScript functions.
- I18n & Template Customization - Translate authentication emails and SMS templates into multiple languages with full template control.
- Role-Based Access Control (RBAC) - Define roles and groups to enforce fine-grained permissions across applications powered by Authgear.
- Helm Chart Deployment - Production-ready Kubernetes deployment with configurable persistence, ingress, and secrets management.
Common Use Cases
- Building a multi-tenant SaaS dashboard with biometric login - A B2B platform uses Authgear to enable employees to log in via Face ID or Passkeys on mobile, with SAML integration for corporate identity providers.
- Creating a mobile-first e-commerce platform with 10k+ SKUs - A retail app integrates Authgear’s React Native SDK to offer passwordless signups via WhatsApp OTP and biometric login, reducing cart abandonment.
- Problem: Managing 50+ legacy auth systems → Solution: Centralize with Authgear - An enterprise consolidates LDAP, OAuth, and custom login systems into a single Authgear instance with unified audit logs and MFA enforcement.
- DevOps teams managing microservices across multiple cloud providers - Teams deploy Authgear via Helm on AWS EKS and Azure AKS, using the Admin API to programmatically manage user access across 15+ microservices.
Under The Hood
Authgear is a modern, modular authentication platform designed to provide flexible and extensible authentication-as-a-service. It combines a robust backend built with Go and a customizable frontend UI framework powered by TypeScript and React, enabling developers to build secure and scalable authentication flows with minimal friction.
Architecture
The system adopts a layered monolithic architecture that emphasizes clear separation between presentation, business logic, and data access layers. This design enables modular development with well-defined boundaries.
- The architecture uses a layered approach to separate concerns across UI, service, and data layers
- Authentication UI and portal components are structured as independent yet integrated modules with shared utilities
- Controller classes and component-based UI patterns are consistently applied throughout the codebase
- State management and component interactions follow well-defined interfaces and design patterns
Tech Stack
The platform leverages modern technologies for both backend and frontend, prioritizing developer experience and maintainability through contemporary tooling.
- Built with Go for the backend services and TypeScript/React for the frontend UI, incorporating Vite and Turbo for fast development
- Relies on a rich ecosystem of React libraries including Apollo Client, Fluent UI, Radix UI, and Tailwind CSS for styling
- Uses Vite for build processes, with configuration files for TypeScript, ESLint, and Tailwind to support streamlined workflows
- Integrates Jest, Playwright, and Storybook for comprehensive testing and component-driven development practices
Code Quality
The codebase demonstrates a mature approach to testing and error handling, with consistent patterns across modules. While the overall quality is solid, some technical debt remains in areas such as asynchronous test handling.
- Extensive unit and integration tests are implemented across multiple modules to ensure reliability
- Error handling is consistently managed through try/catch blocks and custom error throwing mechanisms
- Code maintains reasonable consistency in naming and style, though some areas show signs of technical debt
- The learning curve is moderate due to the complexity of inter-module dependencies and architectural patterns
What Makes It Unique
Authgear stands out through its innovative modular design and developer-centric tooling that prioritize extensibility and customization.
- A pluggable authentication flow engine enables flexible support for multiple methods without requiring monolithic changes
- The frontend UI is treated as a first-class citizen, offering a rich and customizable component library for branding and UX
- Bot protection mechanisms like Cloudflare Turnstile and reCAPTCHA v2 are unified into a flexible integration framework
- Strong emphasis on developer productivity through Nix-based reproducible builds, Makefiles, and comprehensive linting/testing configurations