Auth Pricing Wars: Cognito vs Auth0 vs Firebase vs Supabase
While browsing the r/SaaS subreddit yesterday - I saw that Amazon recently
tripled the cost of Cognito
for large userbases (60K+ MAU) and reduced the free limits (now charging from
15K+ MAU). Cognito has traditionally been the most affordable service for
identity and access management.
What Is Amazon Cognito?
If you're not familiar, Amazon Cognito provides an authentication server and an
authorization service for OAuth 2.0 access tokens. In the context of API
authentication, Cognito is often used as an alternative to
IAM roles/policies
and
Lambda authorizers,
with the former only applying to AWS users/services (ie. internal APIs) and the
latter having unpredictable costs and requiring custom code.
Why Did Cognito Raise Prices?
The increase in prices likely has to do with
additional features
being added to Cognito to make it more competitive with SaaS offerings out there
today. These features include passwordless login (passkeys), email OTP, and SMS
OTP. If you are using Amazong Cognito for authenticating your API calls, and
have >15,000 Monthly Active Users - then you might want to consider looking for
alternatives before you need to start paying. I found a
auth price comparison tool which you
can user to compare plans and prices. For more context - here's a breakdown of
some Cognito competitors and their monthly pricing.
Now if you're a B2B SaaS startup - these prices are likely negligible compared
to the average revenue per user. If you're a scaling social media or B2C company
however, these costs can add up fast. There's a huge variety in platforms,
features and pricing so let's dive into some popular Cognito alternatives.
Auth0
Auth0 (now part of Okta) is a flexible identity management
platform offering authentication and authorization as a service. Its often used
to offer Universal Login (authentication across platforms) and Multi-Factor
Authentication. I've used Auth0 in the past and have found it to be quite
powerful - with extensibility around signup/login flows, detailed monitoring,
OIDC-support (unlike most options on this list), and documentation for almost
every use-case. Despite being one of the pioneers in the developer tooling
space - I feel like Auth0 has not kept up with the ease of use that other
platforms have, and is definitely more focused on enterprises (thus the higher
cost). If you're using Auth0 for your enterprise API authentication, check out
this guide.
Auth0 Pricing
Auth0 isn't cheap - but the mature suite of features and tools it offers make it
the most suitable option for mature businesses. Not having these features would
likely cost you more in productivity. If you're an enterprise organization, this
is the platform you should use.
Supabase Auth
Supabase is an open-source BaaS platform that includes an
authentication service which can be easily
integrated using the Supabase SDK. What makes Supabase great is that it can
support almost every type of authentication method (ex. Email/Password, magic
link, etc.) and provider (ex. Github, Google, etc.) with relatively little work.
Documentation and support is fantastic, which is why I use Supabase for building
most CRUD APIs and prototypes
these days. If you're interested in using Supabase for API authentication, we
have a guide for that too.
Supabase Auth Pricing
The Supabase auth free tier is very generous, with 100K MAU on Supabase costing
the same as 15K MAU on Cognito. The downside with Supabase (and most BaaS
platforms) is that they are a jack-of-all-trades, but master of none. The level
of customization and reporting provided by Supabase may be insufficient for your
company.
Firebase Authentication
Firebase is another BaaS platform, featuring slightly more mature versions of
all of Supabase's auth features. You
could argue Firebase is more well-suited for mobile applications that need
authentication. Additionally, their infrastructure and feature-set is pretty
advanced thanks to their acquisition by Google. If you're building an API on
Firebase, we have articles on
creating an API, and
adding API key authentication
or JWT validation.
Firebase Authentication Pricing
Overall, Firebase authentication pricing is pretty fair - with a generous free
tier and a price matching Cognito's old pricing past 100K MAU. Just like
Supabase, I wouldn't recommend choosing Firebase for a mid-size to enterprise
company - its far too restrictive, and you're locked into Google's ecosystem.
Clerk
Clerk is like if Supabase and Auth0 had a baby. It
combines the great developer experience and easy setup of Supabase with the
dedication to user and access management of Auth0. It includes a quite of
embeddable UIs to quickly get started, and APIs for more advanced use-cases. If
you're a startup, Clerk is a very attractive option for getting to market. Many
Zuplo customers have
integrated Clerk
for their API authentication.
Clerk Pricing
Although Clerk is a great option for getting to market I don't necessarily
thing its a great option once you start scaling. To start - the free tier ends
at 10K MAU, and pricing from there onwards is getting close to Auth0 territory.
To be fair, Clerk doesn't count MAU exactly the same as other platforms - users
are only counted as active when they return 24+ hours after signup. If you run a
PLG/PLS SaaS (like us) or a B2C product and run Google ads to your home page -
you know how much of an issue fraudulent and churn-y signups are. It still isn't
fair to say Clerk is as enteprise-ready as enterprise-ready as Auth0 is, but
they might be one day soon.
What's The Best Amazon Cognito Alternative?
Based on the features and pricing, I would roughly recommend you use the
following services based on your MAU.
Or here's a version with more nuance:
Company-type
<50K MAU
50-100K MAU
100K+ MAU
B2B SaaS
Clerk
Clerk
Auth0
B2C (ex social media)
Supabase
Supabase
Self-hosted
Note that I don't care too much about your current MAU - more-so your projected
MAU X years in the future, with X being how long it would take for your company
to reach "maturity".
For B2B SaaS, Clerk is seems pretty affordable relative to the average value of
a MAU might be. Unless your average contract value is really low, or ratio of
free users to paid users is extremely high - a few cents a seat is worth the
great developer experience. Clerk is a really good option if you're charging
per-seat. You should consider Auth0 if your company is already an enterprise
with a hundreds of thousands of users.
For B2C, Supabase will get you most of the way for small to medium MAU
applications. You might need additional services for analytics and monitoring.
If you are building a boom-or-bust B2C company (ex. social media platform, video
game, media publication) you should consider using an open-source self-hosted
solution like SuperTokens.
Adding Authorization and Authentication to Your APIs
