# Auth provider

**Source:** https://promtable.com/glossary/auth-provider

> An auth provider is the managed service handling user identity — sign-up, sign-in, password reset, OAuth, MFA — so app code doesn't reinvent the security-critical user flow. Supabase Auth, Clerk, Auth0, WorkOS are 2026 leaders.

---
An auth provider is the managed service handling user identity — sign-up, sign-in, password reset, OAuth, MFA — so app code doesn't reinvent the security-critical user flow. Supabase Auth, Clerk, Auth0, WorkOS are 2026 leaders.

Building auth from scratch is a known footgun: timing attacks, password hashing, session expiry, OAuth state validation, MFA flows, refresh tokens, account-takeover paths. Auth providers handle the entire surface as a managed service. 2026 categories: BaaS-bundled (Supabase Auth, Firebase Auth, Appwrite Auth) integrated with the same vendor's database; standalone consumer (Clerk, Auth0, Stytch) with polished UI components; standalone enterprise (WorkOS, Frontegg) with SSO, SCIM, RBAC; self-host (Keycloak, Authentik, Ory). Choosing: BaaS-bundled if you're already using the BaaS; Clerk if Next.js + great DX; WorkOS if SSO / SCIM are the requirement; Keycloak if EU residency + open source.

## When to use

- Any production app — don't roll your own auth.

## Common mistakes

- Rolling your own auth — known footgun.
- Skipping MFA on admin accounts.

## Related terms

- [row-level-security](https://promtable.com/glossary/row-level-security)

*Last updated: 2026-06-01*
---

Original page: https://promtable.com/glossary/auth-provider
Maintained by Promtable (https://promtable.com). Content: CC BY 4.0. Cite as "Promtable — https://promtable.com/glossary/auth-provider".
Contact: info@vibecodingturkey.com.