Which auth provider should I choose — Clerk, Auth0, or Cognito?
Select an auth vendor for a SaaS app given recent pricing shifts, MAU economics, B2B org support, passkey support, webhook reliability, and compliance requirements.
Clerk — best migration path. Auth0 if you need enterprise SSO. Avoid Cognito if exit matters.
Blockers
- CSV dashboard export + GetUserList API — All plans; API rate-limited 100 req/10s (dev), 1000 req/10s (prod) — Rating: full
- Support ticket for password hash export — Not available on Free tier; no guaranteed timeline — Rating: partial
- ListUsers API — 30 RPS cap; password hashes IMPOSSIBLE to export; TOTP seeds not exportable — Rating: none
- Actions extensibility is proprietary; Rules/Hooks EOL November 18, 2026; Actions logic not portable
- Password hashes permanently locked; TOTP seeds not exportable; Lambda triggers are AWS-native; custom sender triggers require API/CLI config
- User export via support ticket + Cognito CSV import — Password hashes require support ticket from Auth0 side; Cognito CSV import does not import passwords; users must reset passwords or use Lambda migration proxy — Pain: high
- UserMigration_Authentication Lambda trigger (gradual migration proxy) — Requires USER_PASSWORD_AUTH flow; passwords sent in plaintext to Lambda; only path that preserves passwords — Pain: high
Who this is for
- cost-sensitive
- low-ops
- enterprise
- compliance
- serverless
- small-team
- high-scale
Source-linked facts
Facts updated: 2026-03-14
Published: 2026-03-27
Try with PocketLantern
$ npm install -g pocketlantern # Then ask: $ pocketlantern "Clerk vs Auth0 vs Cognito Under Current Pricing and Feature Changes"
Missing something? Request coverage