Choosing an authentication provider is one of the most consequential infrastructure decisions you’ll make. The wrong choice can quietly drain your budget as your user base grows — or force a painful migration when you outgrow a platform’s capabilities.
Amazon recently tripled the cost of Cognito for large user bases (60K+ MAU) and reduced the free-tier limits from 50K to 10K MAU for new user pools. Cognito had traditionally been the most affordable identity and access management service, so this price hike has many teams reevaluating their options.
In this guide, we break down the pricing, free tiers, and cost-at-scale for five of the most popular authentication providers: AWS Cognito, Auth0, Firebase Authentication, Supabase Auth, and Clerk.
Quick Pricing Comparison
Before diving into each provider, here’s a side-by-side view of what you can expect to pay at key usage milestones. All prices shown are monthly estimates for standard email/password and social login authentication.
| Service | Free Tier | 15K MAU | 50K MAU | 100K MAU |
|---|---|---|---|---|
| Cognito (Essentials) | 10K MAU | $75 | $600 | $1,350 |
| Auth0 (B2C Essentials) | 25K MAU | $0 | ~$1,750 | ~$5,250 |
| Supabase | 50K MAU | $0 | $0 | $25 |
| Firebase | 50K MAU | $0 | $0 | $275 |
| Clerk (Pro) | 10K MAU | $125 | $825 | $1,825 |
Note: Auth0 recently expanded its free tier to 25,000 MAU. Clerk’s free tier is 10,000 MAU with “First Day Free” counting (users aren’t counted until 24+ hours after signup). Prices are estimates — always verify with each provider.
If you’re a B2B SaaS startup, these prices are likely negligible compared to the average revenue per user. If you’re a scaling social media or B2C company however, these costs add up fast. There’s a huge variety in platforms, features, and pricing — here are the top Cognito alternatives by pricing and features.
Amazon Cognito
If you’re not familiar, Amazon Cognito provides an authentication server and an authorization service for OAuth 2.0 access tokens. In the context of API authentication, Cognito is often used as an alternative to IAM roles/policies and Lambda authorizers, with the former only applying to AWS users/services (i.e., internal APIs) and the latter having unpredictable costs and requiring custom code.
Cognito Pricing
The recent price increase likely has to do with additional features being added to Cognito to make it more competitive with SaaS offerings. These features include passwordless login (passkeys), email OTP, and SMS OTP.
Cognito now offers three pricing tiers — Lite, Essentials, and Plus — which replaced the old single-tier model. The Essentials tier (the default for new user pools) charges $0.015/MAU after the first 10,000 free users. The Plus tier adds advanced security features at $0.02/MAU with no free tier. The Lite tier is still available but no longer the default — it offers volume discounts down to $0.0025/MAU at scale, making it the most cost-effective option for high-volume applications already in the AWS ecosystem.
If you are using Amazon Cognito for authenticating your API calls and have more than 10,000 Monthly Active Users, you’ll want to evaluate whether the new pricing still makes sense for your use case. I found an auth price comparison tool you can use to compare plans and prices.
Auth0
Auth0 (now part of Okta) is a flexible identity management platform offering authentication and authorization as a service. It’s often used to provide Universal Login (authentication across platforms) and Multi-Factor Authentication. Auth0 is powerful — with extensibility around signup/login flows, detailed monitoring, mature OIDC support, and documentation for almost every use case.
Despite being one of the pioneers in the developer tooling space, Auth0 has not kept up with the ease of use that newer platforms offer, and is more focused on enterprise customers (reflected in the higher cost). If you’re using Auth0 for your enterprise API authentication, check out this guide.
Auth0 Pricing
Auth0 is the most expensive option on this list, but its mature feature set makes it the most suitable option for enterprise organizations. The free tier now covers up to 25,000 MAU (increased from 7,500 in September 2024). Paid plans start at $35/month (B2C Essentials) with roughly $0.07/MAU for additional users — that’s 5–10x more expensive per user than most competitors.
To put that in perspective: at 50,000 MAU, Auth0’s B2C Essentials plan costs roughly $1,750/month, while Supabase or Firebase would cost you $0. At 100,000 MAU, Auth0 runs around $5,250/month.
That said, not having Auth0’s features — enterprise SSO, OIDC federation, adaptive MFA, and compliance certifications — would likely cost you more in engineering time if you need them. Watch out for hidden costs though: machine-to-machine tokens, enterprise SSO connections (SAML/OIDC), and adaptive MFA are often paid add-ons.
Supabase Auth
Supabase is an open-source BaaS platform that includes an authentication service which can be easily integrated using the Supabase SDK. What makes Supabase great is that it supports almost every authentication method (email/password, magic link, phone OTP, etc.) and provider (GitHub, Google, etc.) with relatively little work. Documentation and community support are fantastic, which is why many developers use Supabase for building CRUD APIs and prototypes. If you’re interested in using Supabase for API authentication, we have a guide for that too.
Supabase Auth Pricing
The Supabase auth free tier is the most generous on this list alongside Firebase, offering 50,000 MAU at no cost. The Pro plan ($25/month) includes 100,000 MAU, and overage beyond that is just $0.00325/MAU — the lowest per-user rate among the five providers compared here.
At 100,000 MAU, Supabase costs just $25/month, and even at 500,000 MAU you’d only pay around $1,325/month. That makes Supabase by far the cheapest option at scale for standard authentication.
The trade-off? Supabase Auth is bundled with the full Supabase platform (database, storage, edge functions), so you can’t purchase it standalone. And because it’s a jack-of-all-trades BaaS, the level of auth-specific customization and reporting may not match a dedicated identity provider like Auth0.
Firebase Authentication
Firebase is another BaaS platform, featuring slightly more mature versions of Supabase’s auth features. Firebase is particularly well-suited for mobile applications that need authentication, and its infrastructure is robust thanks to the Google acquisition. If you’re building an API on Firebase, we have articles on creating an API, and adding API key authentication or JWT validation.
Firebase Authentication Pricing
Firebase matches Supabase with a 50,000 MAU free tier on both Spark and Blaze plans. Beyond that, standard authentication (email/password, social, anonymous) costs $0.0055/MAU — comparable to Cognito’s old pricing.
At 100,000 MAU, Firebase costs roughly $275/month. At 500,000 MAU, expect around $2,475/month. These prices are competitive, especially given the generous free tier.
One important caveat: phone/SMS authentication is never free, even within the 50K free tier. SMS verification costs range from $0.01 to $0.06+ per attempt depending on the country, and you’re charged for failed delivery attempts too. Also, enabling OIDC/SAML federation via Identity Platform changes the pricing model entirely to $0.015/MAU with only 50 MAU free — a massive jump if you need enterprise SSO.
Like Supabase, Firebase isn’t ideal for mid-size to enterprise companies — it’s restrictive in customization and locks you into Google’s ecosystem.
Clerk
Clerk combines the great developer experience and easy setup of Supabase with the dedication to user and access management of Auth0. It includes embeddable UI components to quickly get started, and APIs for more advanced use cases. If you’re a startup building with Next.js or React, Clerk is a very attractive option for getting to market. Many Zuplo customers have integrated Clerk for their API authentication.
Clerk Pricing
Although Clerk is a great option for getting to market, it gets expensive as you scale. The free tier covers 10,000 MAU, and the Pro plan ($25/month base) charges $0.02/MAU after that — linear and predictable, but approaching Auth0 territory at higher volumes.
At 50,000 MAU, Clerk costs $825/month. At 100,000 MAU, that jumps to $1,825/month. Compare that to Supabase at $25/month or Firebase at $275/month for the same user count.
To be fair, Clerk counts MAU slightly differently than other platforms — users are only counted as active when they return 24+ hours after signup. If you run a PLG/PLS SaaS or a B2C product with heavy ad traffic, that counting method can help offset some churn-driven costs. Clerk also charges separately for B2B organizations ($1.00/MAO beyond 100 included), so factor that in if you’re building multi-tenant applications.
Clerk isn’t as enterprise-ready as Auth0 yet — no HIPAA compliance or uptime SLA on the free or Pro plans — but its developer experience and pre-built components are hard to beat for early-stage teams.
What’s the Best Amazon Cognito Alternative?
Based on the features and pricing, here’s how we’d roughly recommend you choose based on your MAU and business model.
Or here’s a version with more nuance:
| Company Type | <50K MAU | 50–100K MAU | 100K+ MAU |
|---|---|---|---|
| B2B SaaS | Clerk | Clerk | Auth0 |
| B2C (e.g., social media) | Supabase | Supabase | Self-hosted |
Note that your projected MAU matters more than your current count — think about where your user base will be in 2–3 years when your company reaches maturity.
For B2B SaaS, Clerk is affordable relative to the average contract value of a paying user. Unless your average deal size is very low or your ratio of free to paid users is extremely high, a few cents per seat is worth the excellent developer experience. Clerk is especially compelling if you’re charging per-seat. Consider Auth0 if your company is already an enterprise with hundreds of thousands of users and needs compliance certifications or advanced identity federation.
For B2C products, Supabase gets you most of the way for small to medium applications thanks to its 50K free tier and incredibly low per-MAU rates. You may need additional services for analytics and monitoring. If you’re building a boom-or-bust B2C product (social media, gaming, media) where user counts could spike rapidly, consider an open-source self-hosted solution like SuperTokens to avoid per-MAU costs entirely.
Adding Authentication to Your APIs
Whichever identity provider you choose, you’ll still need to validate tokens at your API layer. At Zuplo, we’ve always advocated using API keys for API authentication, but we have built-in support for JWT validation from all five providers covered in this article:
- Auth0 JWT Auth Policy
- Clerk JWT Auth Policy
- Amazon Cognito JWT Auth Policy
- Firebase JWT Auth Policy
- Supabase JWT Auth Policy
With Zuplo, you can add
JWT authentication to your API in
minutes — no custom code required. Each policy validates the incoming token,
populates the request.user object with the authenticated identity, and lets
you layer on rate limiting,
authentication, and monitoring per
consumer.
If you’re comparing auth providers and want to see how they integrate with an API gateway, sign up for Zuplo and try it out — it takes less than a minute to add JWT validation to any route.