Authentication services compared — with real pricing, GDPR compliance details, and known gotchas from the community. Each entry includes vendor stability assessment, risk flags, and copy-paste integration code for Next.js and Express.
Every service is assessed on: vendor stability, real pricing (including per-MAU costs at scale), GDPR/compliance readiness, known gotchas, and integration time. Updated March 2026: Auth.js marked as maintenance mode (team joined Better Auth).
Quick recommendation:
| I need… | Use this | Starting price | Watch out for |
|---|---|---|---|
| Auth in 10 minutes (React/Next.js) | Clerk | Free (10K MAU), then $25/mo + $0.02/MAU | US-only data; $2,025/mo at 100K MAU |
| Self-hosted, GDPR-ready | Better Auth | Free forever (open source) | Build your own UI (1-3 days); need a database |
| Biggest free tier | Firebase Auth | Free (50K MAU), then $0.0055/MAU | Google Cloud lock-in |
| Auth + database + storage in one | Supabase Auth | Free (50K MAU), Pro $25/mo | Coupled to Supabase platform |
| Enterprise compliance (HIPAA/FedRAMP) | Auth0 | Free (25K MAU), Essentials $35/mo | Confusing pricing; $240/mo for roles |
| Maintain existing NextAuth v4 project | Auth.js | Free forever (open source) | MAINTENANCE MODE — do not start new projects |
| Service | Free Tier | Catches | Permanent? |
|---|---|---|---|
| Better Auth | Unlimited (open source) | You host it — need a database | Yes |
| Firebase Auth | 50,000 MAU | Google Cloud lock-in | Yes |
| Supabase Auth | 50,000 MAU | Pauses after 1 week idle; bundled with platform | Yes |
| Clerk | 10,000 MAU | $0.02/MAU on Pro; US data only | Yes |
| Auth0 | 25,000 MAU | Paid features start at $35/month | Yes |
| Auth.js | Unlimited (open source) | MAINTENANCE MODE — use Better Auth instead | Yes |
Need a database for self-hosted auth? See our database comparison — Neon’s free tier (0.5 GB) pairs well with Better Auth.
For fastest setup, Clerk gets you auth in 10 minutes with pre-built UI components. For full ownership and zero per-user cost, Better Auth is the recommended self-hosted option (it’s the official successor to Auth.js/NextAuth). For Google Cloud projects, Firebase Auth offers 50K MAU free.
Auth.js is in maintenance mode. The core team joined Better Auth in September 2025. Auth.js v5 never left beta and will not receive new features. Use Better Auth for all new projects. Auth.js is only appropriate for maintaining existing NextAuth v4 codebases.
Better Auth is the strongest choice for GDPR because it’s self-hosted — deploy your database in an EU region and all auth data stays in the EU. Clerk stores ALL user data in the US with no EU residency option, relying on the Data Privacy Framework (whose predecessor Privacy Shield was invalidated by Schrems II). Supabase Auth and Firebase Auth offer some regional options on paid tiers.
Choose Clerk if you need auth working in 10 minutes with polished UI components and can accept $0.02/MAU at scale. Choose Better Auth if you want zero per-user cost, full data ownership, GDPR-ready deployment, and the actively maintained successor to NextAuth. The trade-off is speed-to-ship vs long-term ownership.
MAINTENANCE MODE: Auth.js team joined Better Auth in Sept 2025. v5 never left beta. Use Better Auth for new projects.
Enterprise-grade identity platform. Feature-rich but expensive — pricing has drifted upward since Okta acquisition in 2022.
Open-source TypeScript auth framework. The Auth.js team joined Better Auth in Sept 2025, making it the recommended path forward for Next.js authentication.
Drop-in auth with pre-built UI components. Fastest time-to-auth, but stores data in US by default — GDPR risk for EU apps.
Google's managed auth service. Generous free tier (50K MAU), broad provider support, but ties you into the Firebase/Google Cloud ecosystem.
Auth built into the Supabase platform. PostgreSQL-backed, Row Level Security integration, generous free tier — but tightly coupled to Supabase.
Clerk vs Auth0 vs Auth.js vs Firebase Auth vs Supabase Auth →