SuperTokens Open Source Authentication

SuperTokens is an open-source authentication library that gives developers session management, passwordless login, social sign-in, and email verification without sending users to a third-party domain. The core runtime is written in Java and can be self-hosted on any server or deployed as a managed service, ensuring that session tokens stay within the application domain rather than being managed by an external endpoint. The SDK architecture separates frontend and backend concerns: frontend SDKs for React, vanilla JavaScript, React Native, Flutter, iOS, and Android handle UI rendering and token refresh; backend SDKs for Node.js, Go, Python, and .NET handle token verification and session lifecycle. Authentication recipes include email-password with hashing and breach checking, passwordless login via magic links and OTP codes, social login with Google, GitHub, Apple, and others, and third-party passwordless flows. The session implementation uses short-lived access tokens with rotating refresh tokens, with configurable token theft detection that invalidates compromised sessions automatically. A plugin system extends functionality with CAPTCHA protection, multi-tenancy, account linking, and role-based access control. Pre-built login UI components are drop-in React elements that handle the full authentication flow, or developers can build custom interfaces using the SDK helper functions. The project has over fifteen thousand GitHub stars, secures more than two hundred fifty million identities, and is backed by Y Combinator. Migration tooling supports importing users from Auth0 and AWS Cognito without forcing password resets.