Clerk

While Clerk handles basic session management, it doesn't fully mitigate advanced threats like stolen token replay attacks, token hijacking, or session anomaly detection. These security gaps require additional defensive measures.

Enterprise SSO connectors cost $125/month per connection as a fixed base fee, making them unaffordable for small SaaS products with 20-30 customers even as the company grows, requiring evaluation of building custom authentication instead.

Clerk requires paid tiers to enable multi-factor authentication, passkeys, and impersonation features that competitors offer free or include by default, forcing developers to pay for baseline security functionality.

Clerk is tightly coupled to Next.js with pre-built UI components optimized for that framework. Integration with other frameworks or backend authentication scenarios is difficult and less well-supported.

Clerk's pricing model based on monthly active users (MAU) creates confusion about forecast costs, with features like user banning incorrectly placed on paid tiers rather than free tier, and minimum costs that don't match typical app usage patterns.

Clerk's commercial model creates high vendor lock-in with limited customization options available, making it difficult for developers who need full control over authentication flows or plan to self-host.

Users have reported performance issues with Clerk in production environments, which can impact application responsiveness and user experience at scale.

Clerk's RBAC capabilities are shallow and insufficient for complex application-level permission requirements. Developers need more granular control over roles and permissions beyond the basic 10 custom roles, especially for domain-specific business logic.

Clerk's billing integration with payment providers exists but remains immature and underdeveloped. The integration adds a markup (0.7%) on top of Stripe charges for minimal value, representing a "shitty feature" that could be coded in seconds.

Clerk SDKs are primarily available for SPA frameworks, with limited or unclear support for backend languages like Python and Django, as well as limited integration with platforms like Slack.

Integrating Clerk with other services like Supabase requires careful session management coordination. Developers must ensure Clerk's session is available before initializing dependent services, adding implementation complexity.

Clerk injects 'Powered by Clerk' branding on login pages unless users pay for removal, functioning as forced advertising within the application—similar to injecting ads into an app like Heroku or Vercel would.

Clerk has a smaller ecosystem and fewer available integrations than established authentication providers, limiting extensibility and integration options for larger or more complex applications.

Pre-built authentication components offer styling options but limited flow modification. Achieving deep design integration and bespoke user experiences requires substantial additional work or switching to headless components with increased complexity.