Self-host Pocket ID
SSO & Identitydeployed & timed by usprices checked · Jul 2026
A simple, self-hostable OIDC provider that lets users sign in to your apps with passkeys only — no passwords, built for small self-hosted setups that just need lightweight SSO.
Key facts
CategorySSO & Identity
LicenseBSD-2-Clause
StackGo, SvelteKit
Min RAM256 MB
Dockeryes
Difficulty
Our recommendation
Pick Pocket ID when you want dead-simple passkey login for your own services and nothing more — it's a small, focused OIDC provider built around passkeys, not a full identity suite. If you need passwords, user federation, or enterprise protocols, it's the wrong tool and authentik or Keycloak are right.
What you need
- Any VPS with at least 256 MB of RAM
- A domain you control — most self-hosted setups need HTTPS in front of them
- Under an hour if you've used Docker before
Install with Docker Compose
Save this as compose.yml and run docker compose up -d:
# Pocket ID — official compose + env template
curl -o docker-compose.yml https://raw.githubusercontent.com/pocket-id/pocket-id/main/docker-compose.yml
curl -o .env https://raw.githubusercontent.com/pocket-id/pocket-id/main/.env.example
docker compose up -d # → http://SERVER_IP:3055/setupWhat you take on
Pocket ID is deliberately minimal, so adopt it for what it is, not what it isn't:
non-negotiableIt's passkey-only by design. There are no passwords — every user needs a passkey-capable device, which is the point but also a hard constraint to plan around.
non-negotiableIt's a small, young project. Effectively single-maintainer and narrow in scope — fine for personal services, riskier as the login for anything you can't afford to have stall.
non-negotiableIt's OIDC-only. It speaks OpenID Connect and little else — apps that need SAML or LDAP won't work with it.
More in SSO & Identity
SSO & IdentityAuthelia
Go
moderateRead guide →
SSO & Identityauthentik
PythonGoTypeScript
moderateRead guide →
SSO & IdentityKeycloak
JavaQuarkus
hardRead guide →
SSO & IdentityZitadel
Go
hardRead guide →