Logto
The open-source Auth0 experience - hosted sign-in pages, social logins, organizations, MFA - on one managed Postgres.
One-click deploy, from $13/mo on a Miget plan.
What developers actually liked about Auth0 was the first hour: drop-in sign-in pages, a quickstart per framework, social logins in minutes. Logto rebuilds that experience as MPL-2.0 open source - pre-built auth flows, organizations, MFA, and SDKs for every stack - without the per-MAU cliff that follows.
One container serves two origins (the user-facing auth endpoint and your admin console), so the template gives each its own domain via thin proxies - the same pattern as Saleor. Database seeding is idempotent and runs on every boot; the managed Postgres is wired automatically.
This completes a four-IdP identity lane with honest positioning: Logto for the Auth0-style developer experience, Zitadel for B2B multi-tenancy, authentik for flow design, Keycloak for protocol depth.
Upstream project: Logto
#what you get
- Pre-built, themeable sign-in pages - auth UX without building it
- OIDC/OAuth, social providers, passwordless, MFA
- Organizations and RBAC for B2B apps
- Quickstart SDKs: React, Next, Vue, iOS, Android, and more
- Idempotent seeding; stateless on managed Postgres
- MPL-2.0 - no MAU meters anywhere
#topology
| Service | Role | Public |
|---|---|---|
| logto | auth endpoint (:3001) + admin console (:3002) | no |
| web-auth / web-admin | nginx :5000 proxies - two public domains | yes |
| db | Postgres - managed service on Miget, container locally | no |
#miget sizing
// this stack needs
2 GiB RAM · 5 GB disk · 4 services
1 GiB for the Node app suits real traffic; everything persistent is in the managed Postgres. Claim the admin console promptly - the first signup becomes admin.
Hobby - recommended fit
$13/mo
1 vCPU · 2 GiB · 50 GiB disk
Headroom for your own apps: 2 GiB at $19/mo
Professional - production
$22/mo
1 vCPU · 2 GiB · 10 GiB disk
Dedicated resources, production SLOs - plan details
One Miget plan is a fixed pool of compute - the whole stack (managed databases included) deploys inside it, and anything left over runs your other apps. No per-service or per-seat math.
#vs. the managed service
What the hosted equivalents charge, against the flat Miget plan this stack fits on. Prices as of June 2026, sources linked.
| Service | Plan | Monthly | What you get |
|---|---|---|---|
| Logto on Miget ★ | 2 GiB plan | $13 | this whole stack, flat - no usage meters, and room left for your own apps |
| Auth0 | Essentials (B2C) | ~$70 | at 1,000 MAU; Professional from $240/mo - the experience Logto cloned, minus the meter |
| Clerk | Pro | ~$25 | base + $0.02 per monthly retained user past 50k; SSO connections $75 each |
#vs. other PaaS
Estimated monthly cost of running this exact stack (2 GiB RAM, 5 GB disk, 4 containers) elsewhere, from published June 2026 rates.
| Platform | Est. monthly | Notes |
|---|---|---|
| Miget ★ | $13 flat | compose stacks first-class: one deploy, dedicated vCPU, managed Postgres/Valkey, volumes and TLS all included in the plan |
| Heroku | ~$100 | no volumes; nothing between 1 GB ($50) and 2.5 GB ($250) dynos - 2 GB containers cost far more than shown |
| Render | ~$29 | per-service instances (0.5 GB $7, 2 GB $25) - every container is its own paid service |
| DO App Platform | ~$29 | no persistent volumes - stateful containers need managed DBs/Spaces (base $5 Spaces included here) |
| Railway | ~$21 | usage-based ($10/GB RAM-mo); vCPU billed separately at $20/vCPU-mo on top |
| Fly.io | ~$13 | cheapest sticker price - but burstable shared CPUs (1/16 core; dedicated vCPUs cost ~2-3×), no compose deploys (one app per container, manual wiring), managed DBs billed extra |
Estimates assume RAM fully allocated at published on-demand rates - and sticker price isn't the whole comparison: the cheaper rows buy burstable shared CPUs, per-service wiring instead of a compose deploy, and managed databases billed separately. Heroku and DO App Platform have no persistent volumes at all - stateful stacks like this one need workarounds there.
#deploy it
On Miget
- Create a Compose Stack in app.miget.com pointing at the templates repository
- Set the stack path to
logto -
Set the required variable:
ENDPOINT / ADMIN_ENDPOINT, the two apps’ https domains after first deploy
- Deploy. Miget layers
compose.miget.yaml(RAM, privacy, volumes, managed services) automatically
Locally first?
Every template is portable, vanilla Docker Compose - the Miget overrides are ignored locally:
git clone https://github.com/deployable-sh/stacks
cd miget-compose-templates/logto
docker compose up -d Same files, same behavior. The template README covers connection strings and scaling notes.
#faq
How does Logto compare to Auth0 pricing?
Auth0’s free tier now covers 25k MAU, but paid starts at $35-70/month for the first thousand-MAU steps and climbs steeply. Logto here is $25/month with no user counting - and the developer experience (hosted pages, SDK quickstarts) is the part it cloned best.
Why does it need two domains?
Logto deliberately separates the user-facing auth origin from the admin console origin - good security hygiene. Each platform app exposes one public port, so two thin proxies give each origin its own domain; ENDPOINT and ADMIN_ENDPOINT tell Logto which is which.
Which IdP in this catalogue should I pick?
Logto if you want Auth0-style drop-in auth for a product fast. Zitadel for passkeys-first B2B multi-tenancy. authentik for visually-designed flows across many internal apps. Keycloak for maximum protocol surface. They are $13-25/month each - trying two is an afternoon.
Ship Logto today
One compose stack, 2 GiB of RAM, from $13/month flat, and it runs on your laptop with the same files.