better-auth
Originally fromjezweb/claude-skills
SKILL.md
Better Auth - Complete Authentication
TypeScript-first authentication library with 40+ OAuth providers and 20+ plugins.
Agent Workflow (MANDATORY)
Before ANY implementation, use TeamCreate to spawn 3 agents:
- fuse-ai-pilot:explore-codebase - Analyze existing auth setup and patterns
- fuse-ai-pilot:research-expert - Verify latest Better Auth docs via Context7/Exa
- mcp__context7__query-docs - Check providers/plugins availability
After implementation, run fuse-ai-pilot:sniper for validation.
Overview
When to Use
- Implementing authentication in TypeScript/JavaScript applications
- Need OAuth providers (Google, GitHub, Discord, Apple, Microsoft, etc.)
- Adding 2FA, magic links, passkeys, or phone authentication
- Enterprise SSO with SAML, SCIM provisioning, or organizations
- Integrating payments with Stripe or Polar subscriptions
- Web3 authentication with Sign-In with Ethereum (SIWE)
- Migrating from Auth.js, Clerk, Auth0, Supabase, or WorkOS
Why Better Auth
| Feature | Benefit |
|---|---|
| Framework agnostic | Next.js, SvelteKit, Nuxt, Remix, Astro, Expo, NestJS |
| Plugin architecture | Add only the features you need (20+ plugins) |
| Full TypeScript | End-to-end type safety, inference included |
| Self-hosted | Your data stays on your infrastructure |
| Database flexible | Prisma, Drizzle, MongoDB, PostgreSQL, MySQL, SQLite |
| Enterprise ready | SSO, SCIM, organizations, audit logs |
Coverage
OAuth Providers (40+)
Google, GitHub, Discord, Apple, Microsoft, Slack, Spotify, Twitter/X, Facebook, LinkedIn, GitLab, Bitbucket, Dropbox, Twitch, Reddit, TikTok, and 25+ more documented in providers/.
Plugins (20+)
| Plugin | Purpose |
|---|---|
| 2FA | TOTP authenticator, backup codes |
| Magic Link | Passwordless email login |
| Passkey | WebAuthn biometric authentication |
| Organization | Multi-tenant, roles, invitations |
| SSO | Enterprise SAML/OIDC single sign-on |
| SCIM | Directory sync, user provisioning |
| Stripe | Subscription billing integration |
| API Key | Machine-to-machine authentication |
| JWT/Bearer | Token-based API authentication |
Database Adapters
Prisma, Drizzle, MongoDB, raw SQL (PostgreSQL, MySQL, SQLite), and community adapters.
SOLID Architecture (Next.js 16)
Components organized in modules/auth/ following separation of concerns:
- Services:
betterAuthconfiguration and initialization - Hooks:
createAuthClientfor client-side auth state - API Route:
app/api/auth/[...all]/route.tshandler - Proxy:
proxy.tsfor route protection (replaces middleware)
Reference Guide
| Need | Reference |
|---|---|
| Initial setup | installation.md, server-config.md |
| Client usage | client.md, session.md |
| OAuth providers | providers/overview.md, individual provider docs |
| Add plugins | plugins/overview.md, individual plugin docs |
| Database setup | adapters/prisma.md, adapters/drizzle.md |
| Enterprise SSO | plugins/sso.md, guides/saml-okta.md |
| Payments | plugins/stripe.md, plugins/polar.md |
| Migration | guides/clerk-migration.md, other migration guides |
| Complete examples | examples/ for full implementations |
Best Practices
- Plugins on demand - Only add plugins you actually need
- Type-safe client - Use generated types from server config
- Session caching - Enable session caching for performance
- Rate limiting - Configure rate limits for auth endpoints
- Secure cookies - Use secure, httpOnly, sameSite cookies
- Database indexes - Add indexes on user lookup fields
Concepts
Core concepts explained in concepts/:
- Sessions - Token management, refresh, revocation
- Database - Schema design, migrations, adapters
- Plugins - Extension system, composition
- OAuth - Provider configuration, callbacks
- Security - CSRF, rate limiting, password hashing
- Cookies - Session storage, cross-domain
Weekly Installs
22
Repository
fusengine/agentsGitHub Stars
3
First Seen
Feb 1, 2026
Security Audits
Installed on
gemini-cli22
amp22
opencode21
codex21
cline20
github-copilot20