BastionAuth vs Clerk
Both BastionAuth and Clerk aim to provide excellent developer experience for authentication. Here's how they compare.
TL;DR
Choose BastionAuth if you need data sovereignty, have compliance requirements (HIPAA, FedRAMP), or want to avoid per-user pricing at scale.
Choose Clerk if you want the fastest possible setup and don't need self-hosting.
Feature Comparison
| Feature | BastionAuth | Clerk |
|---|---|---|
| Deployment | ||
| Self-hosted | β Yes | β No |
| Managed cloud | π Coming | β Yes |
| Authentication | ||
| Email/password | β | β |
| OAuth providers | 5 | 20+ |
| Magic links | β | β |
| Passkeys | β‘ Partial | β |
| MFA (TOTP) | β | β |
| MFA (SMS) | β | β |
| Organizations | ||
| Multi-tenancy | β | β |
| RBAC | β | β |
| Invitations | β | β |
| Enterprise | ||
| SAML SSO | π | β |
| SCIM | π | β |
| SOC 2 | π | β |
| HIPAA | π | β |
| Developer Experience | ||
| React SDK quality | βββββ | βββββ |
| Next.js integration | β | β |
| Pre-built components | β | β |
Pricing Comparison
Clerk Pricing (as of 2024)
- Free: 10,000 MAU
- Pro: $25/month + $0.02/MAU after 10K
- Enterprise: Custom
BastionAuth Pricing
- Self-hosted: Free forever (open source)
- Pro: $299/month (includes SAML SSO)
- Business: $899/month (includes SCIM, SLA)
- Enterprise: Custom (includes compliance support)
Cost at Scale
| MAU | Clerk | BastionAuth (Managed) | BastionAuth (Self-hosted) |
|---|---|---|---|
| 10K | $25 | $199 | $0 |
| 50K | $825 | $599 | $0 |
| 100K | $1,825 | $999 | $0 |
| 500K | $9,825 | $4,500 | $0 |
| 1M | $19,825 | Custom | $0 |
Self-hosted costs are infrastructure only (database, Redis, compute)
Key Differences
1. Data Sovereignty
Clerk: Your authentication data is stored on Clerk's infrastructure. They're SOC 2 compliant, but you don't control where data resides.
BastionAuth: Self-hosted means your data stays in your infrastructure. Critical for HIPAA, FedRAMP, and data residency requirements.
2. Pricing Model
Clerk: Per-MAU pricing means costs scale linearly with users. Great for small apps, expensive at scale.
BastionAuth: Self-hosted is free. Managed/support tiers are flat-rate, not per-user. Predictable costs.
3. Vendor Lock-in
Clerk: Proprietary system. Migration requires rebuilding auth flows.
BastionAuth: Open-source core. Standard JWT tokens. Migration tools available.
4. OAuth Providers
Clerk: 20+ built-in providers with excellent setup experience.
BastionAuth: 5 major providers (Google, GitHub, Microsoft, Apple, LinkedIn). Custom OAuth support planned.
SDK Comparison
Both offer similar React/Next.js APIs:
Provider Setup
// Clerk
import { ClerkProvider } from '@clerk/nextjs';
<ClerkProvider>{children}</ClerkProvider>
// BastionAuth
import { BastionProvider } from '@bastionauth/react';
<BastionProvider publishableKey="...">{children}</BastionProvider>Authentication Hook
// Clerk
import { useAuth } from '@clerk/nextjs';
const { isSignedIn, userId, signOut } = useAuth();
// BastionAuth
import { useAuth } from '@bastionauth/react';
const { isSignedIn, userId, signOut } = useAuth();Middleware
// Clerk
import { authMiddleware } from '@clerk/nextjs';
export default authMiddleware({ publicRoutes: ['/'] });
// BastionAuth
import { authMiddleware } from '@bastionauth/nextjs';
export default authMiddleware({ publicRoutes: ['/'] });Migration from Clerk
BastionAuth provides migration tools:
# Export users from Clerk
npx @bastionauth/cli migrate clerk --export
# Import to BastionAuth
npx @bastionauth/cli migrate clerk --importUser passwords cannot be migrated (security). Users will need to reset passwords or use magic links.
When to Choose Clerk
- You want zero infrastructure management
- You need 20+ OAuth providers out of the box
- You're okay with per-MAU pricing
- You don't have data sovereignty requirements
- You want the absolute fastest setup
When to Choose BastionAuth
- You have HIPAA, FedRAMP, or data residency requirements
- You want to control where authentication data lives
- You're cost-sensitive at scale (100K+ users)
- You prefer open-source solutions
- You want to avoid vendor lock-in