Better Auth — Framework-Agnostic Authentication for TypeScript

Introduction

Better Auth is a TypeScript-first authentication library designed to work with any web framework and database. It ships with built-in support for email/password login, OAuth providers, two-factor authentication, and session management. A plugin architecture lets you add features like organization management, passkeys, or magic links without writing boilerplate.

What Better Auth Does

• Handles email/password registration, login, and password reset flows
• Integrates with 20+ OAuth providers including Google, GitHub, Discord, and Apple
• Manages sessions with secure cookies, token rotation, and configurable expiry
• Supports two-factor authentication via TOTP, SMS, and backup codes
• Provides a plugin system for organizations, roles, rate limiting, and custom flows

Architecture Overview

Better Auth exposes a server-side betterAuth() function that creates an auth handler mounting API routes for login, registration, OAuth callbacks, and session management. It uses a database adapter layer supporting Prisma, Drizzle, Kysely, MongoDB, and raw SQL. On the client side, a framework-specific SDK (React, Vue, Svelte, Solid) provides hooks and utilities for auth state. The plugin system uses middleware-style composition, where each plugin can add routes, database tables, and hooks into the auth lifecycle.

Self-Hosting & Configuration

• Install better-auth and a client package for your framework (e.g., @better-auth/react)
• Configure the betterAuth() instance with your database connection and desired providers
• Mount the auth handler in your framework's API routes (Next.js App Router, SvelteKit, Hono, Express)
• Set environment variables for OAuth client IDs, secrets, and callback URLs
• Enable plugins by passing them in the plugins array of the configuration

Key Features

• Single library covering email/password, OAuth, MFA, sessions, and role-based access
• Database-agnostic with adapters for Prisma, Drizzle, Kysely, MongoDB, and raw SQL
• Type-safe client SDKs for React, Vue, Svelte, Solid, and vanilla JS
• Plugin architecture for organizations, passkeys, magic links, and custom auth flows
• Automatic database migrations for auth-related tables

Comparison with Similar Tools

• Lucia — session-focused library without built-in OAuth or email/password; lighter but requires more manual setup
• NextAuth / Auth.js — popular Next.js auth solution; tightly integrated with Next.js but less framework-agnostic
• Clerk — managed authentication SaaS with pre-built UI; easiest to start but no self-hosting
• Supabase Auth — auth module within Supabase; simple but tied to the Supabase ecosystem
• Keycloak — enterprise-grade Java identity server; vastly more features but heavyweight for small projects

FAQ

Q: Which frameworks does Better Auth support? A: Better Auth works with any framework that can handle HTTP requests. Official client SDKs exist for React, Vue, Svelte, Solid, Nuxt, Next.js, Astro, and vanilla JavaScript.

Q: Does Better Auth manage its own database tables? A: Yes. Better Auth can automatically create and migrate the tables it needs for users, sessions, accounts, and verification tokens. You can also manage the schema manually.

Q: Can I add custom authentication methods? A: Yes. The plugin system allows you to define custom routes, hooks, and database tables. You can build a plugin for any authentication flow and share it as an npm package.

Q: How does Better Auth compare to managed solutions like Auth0? A: Better Auth is self-hosted, meaning you own the data and have no per-user pricing. Managed solutions like Auth0 offer a hosted dashboard and support but come with usage-based costs and vendor lock-in.

Sources

• https://github.com/better-auth/better-auth
• https://www.better-auth.com/