What Logto Does
Logto handles the entire authentication and authorization lifecycle:
- Sign-in Experience: Customizable login pages with email/password, phone OTP, social login (Google, GitHub, Apple, etc.), and passwordless options
- Multi-tenancy: Organizations with member management, invitation flows, and per-org settings
- Single Sign-On (SSO): Enterprise SSO with SAML and OIDC federation for connecting corporate identity providers
- Access Control: Role-based access control (RBAC) with API resource permissions and organization-level roles
- Multi-factor Authentication: TOTP authenticator apps, WebAuthn/passkeys, and backup codes
Architecture
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Your App │────▶│ Logto Core │────▶│ PostgreSQL │
│ (SDK) │ │ (OIDC/OAuth)│ │ (Users/Orgs)│
└──────────────┘ └──────┬───────┘ └──────────────┘
│
┌──────┴───────┐
│ Admin Console│
│ (React SPA) │
└──────────────┘Integration Example (Next.js)
npm install @logto/next// app/api/logto/[action]/route.ts
import { handleSignIn, handleSignOut, handleCallback } from '@logto/next/server-actions';
import { logtoConfig } from './config';
export { handleSignIn, handleSignOut, handleCallback };
// logto.config.ts
export const logtoConfig = {
endpoint: 'http://localhost:3001',
appId: 'your-app-id',
appSecret: 'your-app-secret',
baseUrl: 'http://localhost:3000',
cookieSecret: 'your-cookie-secret',
cookieSecure: process.env.NODE_ENV === 'production',
};// app/page.tsx
import { getLogtoContext } from '@logto/next/server-actions';
export default async function Home() {
const { isAuthenticated, claims } = await getLogtoContext(logtoConfig);
return isAuthenticated ? (
<div>Welcome, {claims?.name}</div>
) : (
<a href="/api/logto/sign-in">Sign In</a>
);
}SDKs Available
Logto provides official SDKs for all major platforms:
| Platform | Package |
|---|---|
| React | @logto/react |
| Next.js | @logto/next |
| Vue | @logto/vue |
| Express | @logto/express |
| Python (Flask/Django) | logto |
| Go | github.com/logto-io/go |
| iOS/Android | Native SDKs |
Self-Hosting
Docker Compose
services:
logto:
image: ghcr.io/logto-io/logto:latest
ports:
- "3001:3001" # Core API
- "3002:3002" # Admin Console
environment:
DB_URL: postgres://logto:logto@postgres:5432/logto
ENDPOINT: http://localhost:3001
ADMIN_ENDPOINT: http://localhost:3002
depends_on:
- postgres
postgres:
image: postgres:16
environment:
POSTGRES_USER: logto
POSTGRES_PASSWORD: logto
POSTGRES_DB: logto
volumes:
- pg-data:/var/lib/postgresql/data
volumes:
pg-data:Logto vs Alternatives
| Feature | Logto | Auth0 | Clerk | Firebase Auth |
|---|---|---|---|---|
| Open Source | Yes (MPL-2.0) | No | No | No |
| Self-hosted | Yes | No | No | No |
| Multi-tenancy | Built-in | Enterprise | No | No |
| SSO (SAML/OIDC) | Yes | Enterprise | Enterprise | No |
| MFA | TOTP + Passkeys | Yes | Yes | Phone only |
| Pricing | Free (self-host) | Free tier + paid | Per MAU | Free tier + paid |
常见问题
Q: Logto 能处理多大规模的用户? A: 自托管 Logto 基于 PostgreSQL,轻松处理百万级用户。Cloud 版本使用分布式架构支持更大规模。
Q: 已经用了 Auth0,迁移到 Logto 难吗? A: Logto 遵循 OIDC 标准,提供用户导入 API 和兼容的 SDK 接口。大多数应用只需更换 SDK 和配置即可迁移。
Q: 支持 Machine-to-Machine (M2M) 认证吗? A: 支持。Logto 提供 client_credentials grant 用于服务间认证,适合微服务和 API 网关场景。
来源与致谢
- GitHub: logto-io/logto — 11.9K+ ⭐ | MPL-2.0
- 官网: logto.io