21 comments

[ 3.3 ms ] story [ 53.1 ms ] thread
Wow this is such a natural fit! Used both products, better auth is a clear successor. What a great path forward
Great news for dev simplicity, Better Auth is just... better.
Used and loved both products. Great to see they are joining forces.
They're not. Better Auth is only 'maintaining' Auth.js to push people towards Better Auth.
only in javascript where auth is such a big issue.

in rails you can use the rails 8 auth or a better alternative authentication-zero. before it was devise.

java - spring security, shiro etc. but just complex things.

alternatively - use services like fusionAuth

This framework has made auth such a non-issue for me. The setup is easy and the usage is consistent framework to framework. So glad to see that they’re continuing to do well.
Please add support for Swift!
I really wish there was such an easy off-the shelf auth solution for Go
> Chances are, if you’ve used ChatGPT, Google Labs, Cal.com or a million other websites, you’ve already interacted with Auth.js.

I missed OpenAI migrating away from auth0. They must have been one of their largest customers - anybody know the story?

Better Auth has raised $5M. I don’t think it’s great to see a truly free project get absorbed into a commercial venture.
[dead]
This is funny to me because when someone asked re: Better Auth "better than what?" my off-the-cuff response was "better than Auth.js" and here we are.
I am bummed by this, basically sounds like they’re sunsetting future development into Auth.js.

I tried Better Auth and it was not usable for what I wanted to do - I manage my own database schema and expose it through a permissioned GraphQL API. With Auth.js I just needed to implement a documented set of functions with specified input and output types, like creating users, storing tokens, etc. - however I wanted to - and then it all just worked with my own custom GraphQL API as the backend.

But with Better Auth it’s all insanely general, where the data types are “whatever a particular plugin wants” meaning the any type in TypeScript; and the only thing you can do is delegate responsibility for design of database schemas and execution of data migrations to whatever plugin developers decide you need for the particular authentication methods you support.

Way beyond the pale for an auth library in my opinion, I thought I was dumb and just didn’t understand the library but when I asked the community about it, they told me that’s by design - plugins determine their own data model. This isn’t a matter of me having a weird use case with the whole GraphQL thing, I can’t imagine anyone who takes their data modeling/security seriously would be fine with delegating that kind of control to plugin developers.

(Yes I know you can make your own adapters, but the interface for that is literally “implement a general purpose SQL-like query executor” where the models that you’re querying/mutating are arbitrary strings - so basically no control over your schema. It literally just takes in a code: string value for eval’ing your migrations! Insane! [1])

When I saw the announcements before about Better Auth, emphasizing not that it was innovative nor technically good in any way, but instead focusing on the fact that its developer was self-taught and has only been coding for a few years [2], I tried to restrain myself from assuming anything about how it might be designed, especially since it seems everyone was hyping it up… but I’m not so confident my prejudices were totally wrong.

I guess this is marginally better than the status quo where Auth.js was basically unmaintained and not being developed further at all. Which is to say, the state of open source auth libraries in JS is surprisingly poor.

[1] https://github.com/better-auth/better-auth/blob/f6cbdcc84ee5...

[2] https://techcrunch.com/2025/06/25/this-self-taught-ethiopian...

Labuba driven development
I've been using Clerk and it seems fine. I'm sure there's some drama, because everything comes with drama, but I just want to get on with building stuff.
With Auth.js, I assume they control the database layer? I.e. can i supply my own functions for reading and writing to the DB, or I have to use their Kysely stuff?
[dead]
(comment deleted)
[dead]