Stack Auth

What do they actually do

Stack Auth is an open-source authentication and user-management platform you can run yourself or use as a managed service. It ships prebuilt sign-in/sign-up UI for Next.js or a headless REST API if you want to build your own, plus a hosted dashboard you can sign up for. The codebase is public and has notable developer interest (around 6.6k GitHub stars) GitHub repo · homepage/docs.

Today you get: an admin dashboard to view/edit users, manage orgs/teams, impersonate users for debugging, send transactional emails, and configure webhooks; auth flows like email/password, OAuth/social, magic links, passkeys, and session/JWT handling; and authorization with RBAC and multi-tenant orgs docs README.

You can deploy via the hosted service or self-host with Docker. The docs note that self-hosting requires routine upkeep (patching, infra, reliability), so most users are steered to the hosted option self-host docs pricing. The product focuses on Next.js integrations today, with broader framework support and enterprise features like SSO/SAML and SCIM called out in the roadmap/paid tiers blog pricing.

Who are their target customer(s)

• Next.js app developers who need a working login fast: They want drop-in components and minimal setup to ship auth without building flows and state management from scratch.
• Small teams or indie startups that prefer to self-host for control: They need an open-source service they can run themselves with clear guidance on operations and patching, without recreating auth in-house.
• Teams migrating off closed vendors (Auth0/Clerk) to avoid lock-in: They face rising vendor costs and limited visibility/customization and want inspectable code and the option to modify behavior.
• B2B SaaS and mid-market companies needing orgs/RBAC and enterprise SSO/SCIM: They must support multi-tenant orgs, fine-grained roles, and reliable SAML/SCIM to satisfy customer requirements and onboarding workflows.
• Security/compliance-focused teams requiring code auditability and data control: They need to audit the auth code, ensure data resides on their infra, and meet internal/regulatory constraints by self-hosting if necessary.

How would they acquire their first 10, 50, and 100 customers

• First 10: Personally recruit from the GitHub community (stargazers/forkers), offer free migration help and short-term managed credits, and run live onboarding/debug sessions to ensure successful first installs GitHub repo self-host docs.
• First 50: Publish polished Next.js starters and a clear “migrate from Auth0/Clerk” guide, promote them in Next.js communities, HN, and developer newsletters, and list templates in marketplaces to drive signups blog HN thread.
• First 100: Target teams already paying closed vendors with migration workshops and short, SLAed hosted pilots; publish early case studies and build a few agency/consultancy partnerships to get recommended on new SaaS builds pricing.

What is the rough total addressable market

Top-down context:

Stack Auth sits within the customer identity (CIAM) and broader IAM markets, which are multi‑billion dollar categories; for example, CIAM was estimated at ~$8.1B in 2023 and projected to ~$26.7B by 2030 Grand View Research. Okta’s $6.5B acquisition of Auth0 underscores the commercial scale of developer-focused identity platforms TechCrunch.

Bottom-up calculation:

Using a developer-first lens: start from ~27.4M JavaScript developers, convert to ~3.7M teams (3 devs/team), assume 5% buy managed CIAM, and $2,000 ARPC → ≈$370M annual SAM for a hosted, developer-focused auth product SlashData.

Assumptions:

• Fraction of JavaScript developers building customer-facing apps (e.g., 40%).
• Adoption of managed CIAM among those teams (e.g., 5%).
• Average revenue per customer (e.g., $2,000/year) and 3 developers per team.

Who are some of their notable competitors

• Auth0: A mature, closed-source managed identity provider with broad enterprise coverage (SSO/SAML/SCIM, many login methods); a reference point for the enterprise features Stack Auth is building toward Auth0 docs.
• Clerk: A developer-focused, proprietary hosted service with polished React/Next.js components and SDKs for fast integration; emphasizes frontend DX over self-hosting Clerk Next.js.
• Supabase Auth: Open-source auth integrated into the Supabase stack; attractive if you want auth tightly coupled to Postgres and Supabase tooling, but more opinionated around that ecosystem Supabase docs.
• Keycloak: A long-standing open-source identity server for self-hosted SSO/SAML/OIDC with deep enterprise coverage; powerful but heavier to operate and customize Keycloak docs.
• Ory (Kratos + Hydra): A modular, open-source identity stack (Kratos for identity; Hydra for OAuth/OIDC) offering headless, self-host flexibility; more low-level and composable, requiring assembly and ops Ory Kratos.