Is wasp auth really a better alternative when compared with supabase or clerk auth ?
I am finally setting up auth and everyone is either using clerk or supabase for auth. Is there an advantage to using those platforms for auth or wasp auth is just good enough secure enough and stable enough ?
2 Replies
Hi @Sam. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Wasp’s built-in authentication is designed to be secure, stable, and easy to use for most web application needs. It provides out-of-the-box support for common auth methods like username & password, email, Google, and GitHub, with more providers planned for the future. Wasp handles both the backend and frontend integration, session management, and provides UI components, making it a seamless experience for developers building full-stack apps with React, Node.js, and Prisma. Security best practices are maintained and updated as Wasp evolves, so you don’t have to worry about keeping up with the latest standards yourself Docs: Auth Overview Docs: Introduction.
Compared to third-party solutions like Supabase or Clerk, Wasp’s auth is tightly integrated into the Wasp framework, which means less configuration and boilerplate for Wasp projects. However, platforms like Supabase and Clerk may offer more advanced features, broader provider support, or standalone usage outside of the Wasp ecosystem.
A community member noted that while you could use Clerk or Auth0 with Wasp, the built-in auth “takes care of everything for you,” and currently supports Google, GitHub, and email-verified auth, with more providers coming soon Discord: Auth Providers.
In summary:
- Wasp Auth is secure, stable, and well-integrated for Wasp apps.
- Supabase/Clerk may offer more features or flexibility, especially for non-Wasp projects.
- If you’re building with Wasp, its built-in auth is generally “good enough” and keeps up with security best practices.
If you have very specific auth needs or want features not yet available in Wasp (like certain social providers or advanced user management), you might consider integrating a third-party service. Otherwise, Wasp’s auth should be sufficient for most use cases within the Wasp ecosystem.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sam, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?
Wasp's auth is the best supported solution for Wasp since it's 1st party auth. It supports email, username and a number of OAuth providers e.g. Google, Github, Discord, Slack, Keycloak. It has various hooks that enable you to extend the auth behaviour and it also has it own Auth UI components which you can customise. Let's say it's enough for 99% of use cases. But not for all, as we are not still done with building it 🙂
It lacks stuff like 2FA which we are looking to add at some point, it's missing account merging (logging in with multiple different providers in the same account) etc. I'd say, give it a go with Wasp - see if you hit any limits and let us know - maybe we can figure something out together 🙂