Clerk vs SuperTokens vs Hanko (2026)
Authentication is a solved problem — don't build it yourself. But which provider? Here's how Clerk, SuperTokens, and Hanko compare.
Quick Comparison
| Feature | Clerk | SuperTokens | Hanko |
|---|---|---|---|
| Type | Managed | Self-host + managed | Self-host + cloud |
| Open Source | ❌ | ✅ Apache 2.0 | ✅ AGPL |
| Self-Hostable | ❌ | ✅ | ✅ |
| Passkeys | ✅ | ⚠️ Beta | ✅ Native |
| Social Login | ✅ 20+ providers | ✅ | ✅ |
| MFA | ✅ | ✅ | ✅ (passkeys) |
| Organizations | ✅ Excellent | ✅ Basic | ❌ |
| Pre-built UI | ✅ Beautiful | ✅ Good | ✅ Web Components |
| Pricing | Free (10K MAU) | Free (self-host) | Free (self-host) |
| Best For | Best DX, fast | Self-hosting, control | Passkey-first |
Clerk — Best Developer Experience
Best for: Teams that want the fastest setup and best UI components.
// That's it. Auth in your Next.js app.
import { ClerkProvider, SignIn, UserButton } from '@clerk/nextjs'
function App() {
return (
<ClerkProvider>
<SignIn />
<UserButton />
</ClerkProvider>
)
}
Key strengths:
- Pre-built UI components (SignIn, SignUp, UserButton, OrgSwitcher)
- Organizations with roles and permissions
- Webhooks for user events
- Session management
- Bot protection
Pricing: Free (10K MAU) → Pro: $25/mo + $0.02/MAU
Pros: Fastest setup, best UI, organizations, excellent docs. Cons: Not self-hostable, gets expensive at scale, vendor lock-in.
SuperTokens — The Self-Hosted Option
Best for: Teams that want open-source auth they can self-host.
import SuperTokens from 'supertokens-node'
import EmailPassword from 'supertokens-node/recipe/emailpassword'
import Session from 'supertokens-node/recipe/session'
SuperTokens.init({
appInfo: {
appName: 'MyApp',
apiDomain: 'http://localhost:3000',
websiteDomain: 'http://localhost:3000',
},
recipeList: [
EmailPassword.init(),
Session.init(),
],
})
Key strengths:
- Fully open source (Apache 2.0)
- Self-host on your infrastructure
- Pre-built UI for login flows
- Multi-tenancy support
- Override any behavior
Pricing: Free (self-host unlimited), Managed from $0.02/MAU
Pros: Self-hostable, open source, no MAU limits (self-host), customizable. Cons: More setup than Clerk, UI less polished, organizations less mature.
Hanko — The Passkey-First Option
Best for: Teams that want passwordless/passkey authentication.
<!-- Web Component approach -->
<hanko-auth api="https://your-hanko-api"></hanko-auth>
<hanko-profile api="https://your-hanko-api"></hanko-profile>
Key strengths:
- Passkey-first (WebAuthn native)
- Web Components (framework agnostic)
- Self-hostable
- GDPR-friendly (EU company)
- Minimal setup
Pricing: Free (self-host), Cloud from $0/mo
Pros: Best passkey support, framework agnostic, privacy-focused, EU hosted. Cons: No organizations, smaller ecosystem, newer platform.
Decision Guide
| Need | Choose |
|---|---|
| Fastest setup | Clerk |
| Self-hosting required | SuperTokens or Hanko |
| Organizations/teams | Clerk |
| Passkey-first | Hanko |
| Open source (Apache) | SuperTokens |
| Budget-sensitive (large scale) | SuperTokens (self-host) |
| Best UI out of box | Clerk |
| GDPR/privacy priority | Hanko |
Cost at Scale (100K MAU)
| Provider | Monthly Cost |
|---|---|
| Clerk | ~$2,000+ |
| SuperTokens (managed) | ~$2,000 |
| SuperTokens (self-host) | $0 (infra only) |
| Hanko (self-host) | $0 (infra only) |
Self-hosting saves significantly at scale.
FAQ
Should I build auth myself?
No. Auth has edge cases (token rotation, session management, CSRF) that are easy to get wrong. Use a provider.
Clerk vs NextAuth?
NextAuth (Auth.js) is a library, not a service. You manage the database and UI. Clerk is fully managed with pre-built UI. NextAuth for maximum control, Clerk for speed.
Can I migrate between auth providers?
Possible but painful. User passwords can't be exported (hashed). Plan for migration by abstracting your auth layer.
Bottom Line
Clerk for the best experience and fastest setup. SuperTokens for self-hosting and open source. Hanko for passkey-first authentication. Start with Clerk unless you need self-hosting or have budget constraints at scale.