Better Auth

What Is Better Auth?

Better Auth is a comprehensive, framework-agnostic authentication and authorization framework designed for TypeScript applications. It provides a robust set of features aimed at securing web applications with minimal friction, covering both basic and advanced authentication needs. Whether you are building a single-page app, a server-rendered website, or a multi-tenant SaaS platform, Better Auth offers a modular, extensible solution for handling user authentication, session management, and fine-grained authorization.

Better Auth is compatible with virtually any Node.js-based web framework, including Next.js, Nuxt, SvelteKit, Remix, Astro, Hono, and Express. Its architecture emphasizes flexibility and extensibility, making it suitable for projects of any scale or complexity.

Why Use Better Auth?

Implementing authentication and authorization correctly is one of the most critical aspects of any web application. Poorly implemented auth can lead to security vulnerabilities, frustrated users, and compliance risks. Better Auth mitigates these issues by providing:

• Framework Agnosticism: No vendor lock-in; use Better Auth with any web framework or custom server setup.
• Rich Feature Set: Support for email/password authentication, social OAuth providers, two-factor authentication (TOTP, SMS), passkeys/WebAuthn, and more.
• Security by Design: Includes protections such as rate limiting, role-based access control (RBAC), and session management out of the box.
• Extensibility: A plugin ecosystem allows for easy expansion and custom workflows.
• Production-Ready: Built for real-world deployments, supporting multi-tenancy, organization management, and a variety of database backends.

By leveraging Better Auth, developers save time, reduce boilerplate, and avoid common security pitfalls, all while delivering a seamless user experience.

How to Get Started

Getting started with Better Auth is straightforward. The library is distributed via npm and can be integrated with any TypeScript project.

Installation

Install Better Auth using your package manager of choice:

npm install better-auth
## or
yarn add better-auth
## or
pnpm add better-auth

Environment Setup

Create a .env file in your project’s root directory to store sensitive configuration:

BETTER_AUTH_SECRET=<generated-secret-32-chars-min>
BETTER_AUTH_URL=http://localhost:3000

Replace <generated-secret-32-chars-min> with a secure, randomly generated secret.

Basic Usage Example

Here’s a simple example of setting up email/password authentication in an Express app:

import express from 'express';
import { BetterAuth } from 'better-auth';

const app = express();
const auth = new BetterAuth({
  // Configure providers, database adapter, etc.
  providers: [
    {
      type: 'email',
      sendVerificationRequest: async ({ email, url }) => {
        // Implement your email sending logic here
      },
    },
  ],
  secret: process.env.BETTER_AUTH_SECRET,
  url: process.env.BETTER_AUTH_URL,
});

app.use('/auth', auth.router());

// Your application routes here
app.listen(3000, () => {
  console.log('Server running on http://localhost:3000');
});

This pattern can be adapted to other frameworks with minimal changes.

Key Features

Better Auth provides a rich set of features designed for modern applications:

• Email/Password Authentication: Support for secure registration and login flows, including email verification.
• OAuth Providers: Out-of-the-box support for popular providers such as Google, GitHub, Discord, and others.
• Two-Factor Authentication: Enable TOTP (authenticator apps) or SMS-based two-factor authentication for enhanced security.
• Passkeys/WebAuthn Support: Integrate passwordless authentication using modern standards like WebAuthn.
• Session Management: Secure, configurable session handling with support for JWTs and cookies.
• Role-Based Access Control (RBAC): Define granular authorization rules and manage user roles/permissions.
• Rate Limiting: Protect endpoints and user actions with built-in rate limiting.
• Database Adapters: Flexible adapters for PostgreSQL, MongoDB, MySQL, SQLite, and more.
• Plugin Ecosystem: Extend and customize authentication workflows with a robust plugin API.

Best Practices

When integrating Better Auth, consider the following best practices:

• Use Secure Secrets: Always generate strong, random secrets for BETTER_AUTH_SECRET and never commit them to source control.
• Enforce HTTPS: Deploy your application behind HTTPS to protect authentication tokens and credentials in transit.
• Limit Scopes and Permissions: Grant users only the permissions they need by leveraging RBAC.
• Implement 2FA Where Possible: Require or encourage two-factor authentication for sensitive operations or administrative accounts.
• Monitor Auth Events: Log authentication events and configure alerts for suspicious activity.
• Regularly Update Dependencies: Keep Better Auth and related dependencies up to date to benefit from the latest security patches.

Important Notes

• Framework Integration: While Better Auth works with any framework, some advanced features (like SSR integration) may require additional configuration.
• Plugin Compatibility: Always test plugins and custom adapters in a staging environment before deploying to production.
• Email/SMS Providers: For email verification and SMS-based 2FA, you must integrate with external services (such as SendGrid, Twilio, etc.).
• Session Security: Configure session expiration and renewal policies according to your application's security requirements.
• Documentation: Refer to the official repository for up-to-date guides, advanced configuration, and troubleshooting tips.

By adopting Better Auth, you equip your TypeScript applications with a modern, secure, and extensible authentication system suitable for today’s demanding web environments.