Every "which auth provider" comparison you've read argues about login screens and SDK ergonomics. Those are the least important variables. The thing that actually decides this — the one you'll still be living with at 50,000 users — is the billing unit. Get that right and the rest is preference.

Three products, three answers to "what do we charge for":

That single line reframes the whole decision as own vs rent.

Own it: Better Auth#

Better Auth is an MIT-licensed, framework-agnostic TypeScript library (~29k GitHub stars) that you install into your own app. It runs in your process, against your Postgres, MySQL, or SQLite, and the user table is yours. It ships the parts you'd otherwise rent — email/password, social and OAuth login, two-factor, passkeys/WebAuthn with browser autofill, and an organizations plugin for multi-tenant teams — as composable plugins. (We walk through wiring it up in about ten minutes in the tool highlight, and cover adding passwordless passkey login separately.)

A library has no per-user price. At 50,000 users, Better Auth costs you exactly what 50,000 database rows cost — which is approximately nothing.

The bill you don't get is the whole pitch. The bill you do get is responsibility: session handling, rate-limiting, patching, and the security surface are now yours. For most SaaS shapes that's a fair trade. For a regulated enterprise deal, it's the part you'll feel.

Rent it, fast: Clerk#

Clerk is the shortest path from empty repo to a hosted, good-looking login. Drop-in React components, managed sessions, and a free tier that Clerk raised to 50,000 users on 2026-02-05. Above that, Pro is $25/mo plus $0.02 per user, linear, no tier-shock.

The quiet detail that matters: Clerk now meters Monthly Retained Users — a user only counts if they return 24+ hours after signing up. Tire-kickers who sign up once and leave are free. That's not a cosmetic change; it's Clerk repricing the entire category in response to zero-marginal-cost libraries breathing down its neck. It makes hosted auth dramatically cheaper for consumer apps with long sign-up tails.

Pick Clerk when time-to-first-login beats cost-at-scale — an afternoon to a polished, secure login is worth real money early.

Rent it, for the enterprise: Auth0#

Auth0 (now Okta) is the incumbent, and it wins on exactly one axis that the other two don't fully answer: enterprise procurement. Managed SAML and directory integrations, the deepest compliance apparatus, the vendor-side reports a security review will ask for.

You pay for it. Auth0 bills classic Monthly Active Users — anyone active counts — and the self-serve B2C tiers climb fast: roughly $70 at 1,000 MAU, $700 at 10,000, and $3,500 at 50,000, which is the self-serve ceiling before you're talking to sales. If your buyers hand you a checklist with "SAML SSO" and a compliance artifact on it, that price is the cost of clearing the review, and it's often worth it.

The one-line decision#

Ask what breaks your deal:

Notice which direction is easy to reverse. Renting later is trivial — you can always bolt on a hosted provider. Un-renting is the hard migration: exporting users you may only hold as unrehashable hashes, re-verifying emails, rewiring sessions. If you're cost-sensitive and unsure, the move that preserves every option is to keep the identity data in your own database from day one — which is the one thing only owning gets you.