Better Auth

Better Auth is a comprehensive, framework-agnostic authentication framework for TypeScript. It provides built-in support for email/password authentication, social OAuth providers (Google, GitHub, Apple, Discord, and more), and a plugin ecosystem for adding features like 2FA, organization management, and passkey authentication without reinventing the wheel.

Quick References

File	Purpose
packages/better-auth/src/index.ts	Main export entry point
packages/better-auth/src/auth/full.ts	betterAuth() function (full mode with Kysely)
packages/better-auth/src/auth/minimal.ts	betterAuth() function (minimal mode with adapters)
README.md	Project overview

Packages

Package	npm name	Description
packages/better-auth	better-auth	Main library with server and client libraries
packages/cli	@better-auth/cli	CLI for generating database schemas and migrations
packages/core	@better-auth/core	Core utilities and types

When to Use

• Building TypeScript web applications requiring user authentication
• Implementing OAuth social login (Google, GitHub, Apple, etc.)
• Adding advanced auth features like 2FA, organization management, or passkeys
• Needing framework-agnostic solution for React, Vue, Svelte, Solid, vanilla JS
• Building apps with complex auth scenarios (multi-tenant, SCIM, admin panels)

Installation

npm install better-auth
pnpm install better-auth

For specific framework clients:

npm install better-auth  # React client included
# Framework-specific clients:
npm install better-auth/react
npm install better-auth/vue
npm install better-auth/svelte

Best Practices

1. Set environment variables first - Configure BETTER_AUTH_SECRET (32+ chars) and BETTER_AUTH_URL before creating auth instance
2. Use adapter for your ORM - Choose Drizzle, Prisma, or adapter for better type safety
3. Enable email verification - Require email verification to reduce spam accounts
4. Configure rate limiting - Protect endpoints from abuse in production
5. Use framework-specific integrations - Next.js, SvelteKit, etc. have helper functions for cookie handling
6. Run database migrations after installing plugins - Use CLI to add plugin schemas
7. Keep secret secure - Never commit BETTER_AUTH_SECRET to version control

Common Patterns

Basic server setup:

import { betterAuth } from "better-auth";

export const auth = betterAuth({
    emailAndPassword: { enabled: true },
    socialProviders: {
        github: {
            clientId: process.env.GITHUB_CLIENT_ID!,
            clientSecret: process.env.GITHUB_CLIENT_SECRET!,
        },
    },
});

Database adapter pattern:

import { betterAuth } from "better-auth";
import { prismaAdapter } from "better-auth/adapters/prisma";
import { PrismaClient } from "@/generated/prisma/client";

const prisma = new PrismaClient();
export const auth = betterAuth({
    database: prismaAdapter(prisma, { provider: "postgresql" }),
});

Plugin configuration:

import { betterAuth } from "better-auth";
import { twoFactor } from "better-auth/plugins";

export const auth = betterAuth({
    plugins: [twoFactor()],
});

Client initialization (React):

import { createAuthClient } from "better-auth/react";

export const authClient = createAuthClient({
    baseURL: "http://localhost:3000",
});

Email sign-up:

const { data, error } = await authClient.signUp.email({
    email: "user@example.com",
    password: "securepassword123",
    name: "John Doe",
    callbackURL: "/dashboard",
});

Social sign-in:

await authClient.signIn.social({
    provider: "github",
    callbackURL: "/dashboard",
});

Accessing session (React):

const { data: session, isPending } = authClient.useSession();

Server-side session check:

import { auth } from "./auth";
import { headers } from "next/headers";

const session = await auth.api.getSession({
    headers: await headers(),
});

Mounting handler (Next.js):

import { auth } from "@/lib/auth";
import { toNextJsHandler } from "better-auth/next-js";

export const { GET, POST } = toNextJsHandler(auth);

API Quick Reference

Export	Type	Description
betterAuth()	function	Initialize server-side auth instance with Kysely
createAuthClient()	function	Initialize client-side auth instance
toNextJsHandler()	function	Convert auth handler for Next.js
toNodeHandler()	function	Convert auth handler for Node.js/Express
svelteKitHandler()	function	Convert auth handler for SvelteKit
toSolidStartHandler()	function	Convert auth handler for SolidStart
prismaAdapter()	function	Database adapter for Prisma
drizzleAdapter()	function	Database adapter for Drizzle ORM
mongodbAdapter()	function	Database adapter for MongoDB
twoFactor()	function	Plugin for two-factor authentication
magicLink()	function	Plugin for magic link authentication
organization()	function	Plugin for organization/team management
username()	function	Plugin for username authentication
Client Methods	Various	signIn.email(), signUp.email(), signOut(), getSession()

Client Methods

• signIn.email() - Sign in with email/password
• signUp.email() - Sign up with email/password
• signIn.social() - Sign in with OAuth provider
• signOut() - Sign out current session
• getSession() - Get session data
• useSession() - Hook for reactive session access

Server API Methods

• auth.api.getSession() - Get session from request
• auth.api.signInEmail() - Sign in user (server)
• auth.api.signUpEmail() - Sign up user (server)
• Plus plugin-specific methods