Launch HN: Better Auth (YC X25) – Authentication Framework for TypeScript

254 pointsby bekacru3 days ago

Hi HN! We’re Bereket and KinfeMichael of Better Auth (<a href="https://www.better-auth.com/">https://www.better-auth.com/</a>), a comprehensive authentication framework for TypeScript that lets you implement everything from simple auth flows to enterprise-grade systems directly on your own database, embedded in your backend.To be clear—we’re not building a 3rd party auth service. Our goal is to make rolling your own auth so ridiculously easy that you’ll never need one.Here are some YouTube videos explaining how it works (we did make our own video but weren’t happy with it and these videos do a great job):<a href="https://www.youtube.com/watch?v=hFtufpaMcLM" rel="nofollow">https://www.youtube.com/watch?v=hFtufpaMcLM</a> - a really good overview<a href="https://www.youtube.com/watch?v=QurjwJHCoHQ" rel="nofollow">https://www.youtube.com/watch?v=QurjwJHCoHQ</a> - also a good overview and dives a little deeper into the code<a href="https://www.youtube.com/watch?v=RKqHrE0KyeE" rel="nofollow">https://www.youtube.com/watch?v=RKqHrE0KyeE</a> - short and clear<a href="https://www.youtube.com/watch?v=Atev8Nxpw7c" rel="nofollow">https://www.youtube.com/watch?v=Atev8Nxpw7c</a> - with TanStack framework<a href="https://www.youtube.com/watch?v=n6rP9d3RWo8" rel="nofollow">https://www.youtube.com/watch?v=n6rP9d3RWo8</a> - a full-on 2 hour tutorialAuth has been a pain point for many developers in the TypeScript ecosystem for a while. Not because there aren’t options but because most fall into 2 buckets: (1) Third-party services like Auth0 which own your user data, lock you into a black-box solution and are often super expensive; or (2) open source libraries like NextAuth that cover the basics but leave you stitching your own solution together from there.For Better Auth. the kick off moment was building a web analytics platform and wanting to add an organization feature - things like workspaces, teams, members, and granular permissions. I assumed there’d be something out there I could plug in to NextAuth (the popular and kind of the only library), but there wasn’t. The only options were to build everything from scratch or switch to a 3rd party auth provider. I even tried hacking together a wrapper around NextAuth to support those features, but it was hacky. That’s when we decided to take a step back and build a proper auth library from the ground up with a plugin ecosystem that lets you start simple and scale as needed. That frustration turned into Better Auth.Better Auth lets you roll your own auth directly on your backend and database, with support for everything from simple auth flows to enterprise-grade systems without relying on 3rd party services.It comes with built-in features for common auth flows, and you can extend it as needed through a plugin ecosystem whether that’s 2FA, passkeys, organizations, multi-session, SSO, or even billing integration with Stripe.Unlike 3rd party auth providers, we’re just a library you install in your own project. It’s free forever, lives entirely in your codebase, and gives you full control. You get all the features you’d expect from something like Auth0 or Clerk plus even more through our plugin system, including things like billing integrations with Stripe or Polar. Most libraries stop at the basics but Better Auth is designed to scale with your needs while keeping things simple when you don’t need all the extras.We’re currently building an infrastructure layer that works alongside the framework to offer features that are hard to deliver as just a library—e.g. an admin dashboard with user analytics, bot/fraud/abuse detection, secondary session storage, and more. This will be our commercial offering. For this, there’s a waitlist at <a href="https://www.better-auth.build" rel="nofollow">https://www.better-auth.build</a>. However, this is only optional infrastructure for teams that need these capabilities. The library is free and open source and will remain so.We’d love your feedback!

50 comments

jamesjulich3 days ago

A few months ago, I found a security vulnerability for better-auth. Within 24 hours of reporting the vulnerability to the team, it was patched, a notice had been posted, and I had been credited with a CVE. THAT is how you do it, folks!This team is top notch. The community leadership, responsiveness, and development speed has been incredible. The project itself is also great--this library is so much more flexible than others and requires much less effort to wrap my brain around. I'm so happy that this library is getting the recognition it deserves.

nikcub2 days ago

Congrats on the launch! Better Auth has a level of universal love from developers that's really seen.Just one suggestion - remove the F-bombs from the testimonials on your homepage. There are various firewall intel providers that will put you on the bad lists because of this. You usually learn this the hard way :/

评论 #44037083 未加载

theogravity2 days ago

Does it handle:- Federated sign-in/out? In next-auth, it is a giant pain to implement: <a href="https://github.com/nextauthjs/next-auth/discussions/3938">https://github.com/nextauthjs/next-auth/discussions/3938</a>- Automated refreshing of JWT tokens on the client-side? I always end up having to implement my own logic around this. The big problem is if you have multiple API calls going out and they all require JWT auth, you need to check the JWT validity and block the calls until it is refreshed. In next-auth on the server-side, this is impossible to do since that side is generally stateless, and so you end up with multiple refresh calls happening for the same token.- The ability to have multiple auth sessions at once, like in a SaaS app where you might belong to multiple accounts / organizations (your intro paragraph sounds like it does)- Handle how multiple auth sessions are managed if the user happens to open up multiple tabs and swaps accounts in another tab- Account switching using a Google provider? This seems to be a hard ask for providers like FusionAuth and Cognito. You can't use the Google connector directly but instead use a generic OAuth2 connector where you can specify custom parameters when making the initial OAuth2 flow with Google. The use-case is when a user clicks on the Google sign-in button, it should go to the Google account switcher / selector instead of signing in the user immediately if they have an existing signed-in Google session.

评论 #44032673 未加载

评论 #44037746 未加载

macklemoreshair2 days ago

One of our devs evaluated you guys and loved it and I do too, but you guys don’t have SCIM support which makes it really hard for us to justify moving to. We moved to an arguably inferior product because telling our product team “you’ll get scim” as part of an auth overhaul is an easier conversation. If you want enterprise customers, I’d recommend nailing down your enterprise feature set~ but the good news is that our devs liked your model the most so it’s just a matter of work for you guys to expand your functionality!

评论 #44044724 未加载

primitivesuave3 days ago

Better Auth is awesome and I didn't even realize they hadn't publicly launched yet - I'm using it in production apps, and have seen it being used in all kinds of real-world use cases. IMO it's the best open-source option for a TypeScript developer who wants to implement authentication.About the dashboard - would this just be an interface to my existing Better Auth setup (e.g. if I had customized the underlying data storage) or are you hosting credentials yourself?You have my sincerest gratitude for building this incredibly useful library and documenting it so well.

评论 #44031018 未加载

catapart3 days ago

Sold!I've been waiting for something like this for the last year or so. There's so much that's SO CLOSE, but nothing quite as simple as "npm install -> add necessary config -> npm publish". That's what I've been waiting for and that's what it looks like you are offering here.Very excited to spin up a new Hostinger VPS and slap this on there to provide syncing for local-first apps. If it's as easy as your docs make it seem, this will save a ton of time and headaches!

twodave2 days ago

Is there support for dynamic sign in provider urls? One of the deal breakers (in addition to federated sign in/sign out being a pain) for us with next-auth was that we have certain customers whose security requirements include pointing subdomains that they own at our servers. So we would need to be able to use some logic to determine where the sign-in redirect should take a given user.

评论 #44037223 未加载

davedx3 days ago

Sounds great! I'm interested to hear, how does this solution compare with open source, self-hosted authn components like Keycloak and Ory Kratos? While it's a bit more leg work integrating those, I've found that it's useful that they're self-contained and run in their own environment/container; but I have also sometimes wished that the data was more tightly integrated with my own application, which I guess is what you're aiming for.

评论 #44030973 未加载

评论 #44031010 未加载

XavierPladevall2 days ago

Super happy users :) Agree w/ what everyone has said. For us an extra benefit is the ability to host our user data in our own DB so that we can then dig into it w/ Index. Clerk keeps the data locked in and their "analytics" page is very very limited.

评论 #44038215 未加载

timsuchanek2 days ago

Better auth is by far the best option out there. We've adopted it and couldn't be happier not having to manage 2 sources of truth.

akouri2 days ago

Have been a proud better auth user for the last 6 months! Loved it so far, especially the fact that it's FOSS. Now that it's a venture-funded YC company, I am worried about using it. Should I be?

评论 #44037242 未加载

hyuuu2 days ago

i have been your user since the early days, I want to say congrats you guys, I have been recommending your framework to everyone. I appreciate the responsive support you gave me on discord (though in the end, my questions are already on the docs lol)

admiralrohan1 day ago

The product looks polished. I have 3 questions:1. If I am using Supabase for DB, should I use Supabase auth or use Better auth which would anyways use Supabase DB for saving data.2. When using Supabase auth, they don't give access to the auth.users table and for saving additional user details like country we need a seprate profiles table. If I use Better-auth what should be the approach for saving additional details?3. How Better Auth Infrastructure is different than Clerk or Supabase auth?

评论 #44047205 未加载

clgeoio2 days ago

Nice work! I took better-auth for a test a couple of months ago. I enjoyed the experience, but the DX was pretty poor when using edge frameworks (like Cloudflare Workers) as the CLI tools didn't work. For workers for example, environment variables are not known at build time, rather injected in the "fetch()" handler.Interested to see how the functionality progresses!

yard20103 days ago

This looks really exciting. I'm sold. I'm planning to migrate to BetterAuth from Firebase Auth in the next few months, how does the two compare? Personally I'm happy with Firebase (migrated from Workos which was so frustrating and lacking in many aspects, or in other words a huge mistake when picking), not so happy about the vendor lock and the vendor itself.

评论 #44031276 未加载

评论 #44031836 未加载

ymir_e2 days ago

Congratulations on the launch!Heavily evaluated better-auth when implementing auth at my current company. Ended up with keycloak because of SAML SSO.One thing I remember having some issues with was customising schemas with the drizzle adapter. Looks like you've cleared up the documentation more now. I think at the time I was confused as to wether custom schemas were specified in the drizzle adapter options, or inside the the organization plugin.Basically mixing up these two: <a href="https://www.better-auth.com/docs/plugins/organization#customizing-the-schema">https://www.better-auth.com/docs/plugins/organization#custom...</a> <a href="https://www.better-auth.com/docs/adapters/drizzle#additional-information">https://www.better-auth.com/docs/adapters/drizzle#additional...</a>Thanks for all your work, it is a really cool library!

评论 #44033504 未加载

maenbalja3 days ago

I'm very tempted to make the leap from Lucia to Better Auth for a greenfield project, but the thought of jumping yet again from one auth solution to another is making me hesitate. If there are any satisfied (or unsatisfied) devs who have attempted the Lucia -> Better Auth transition, I'd love to hear your thoughts on this!

评论 #44032061 未加载

评论 #44038284 未加载

Destiner2 days ago

I’ve just used BetterAuth for my project [0]I’ve never implemented auth before, and was always thinking that it will take me days to get it right.I’ve done the whole thing in maybe 3 hours.[0] <a href="https://dough.ink/" rel="nofollow">https://dough.ink/</a>

sberens2 days ago

My experience with auth solutions/libraries is you invariably want to customize some flow/data/functions, but it's impossible because the library isn't flexible enough.A better solution might be premade auth primitives (oauth providers, db adapters) that you copy paste into your codebase shadcn-style, and modify when necessary.I feel like "don't roll your own auth" is less true than it was 5-10 years ago as now there is an abundance of good references and core libraries.

stevelacy3 days ago

We have been using better-auth (open source) for a while, it was immediately a better experience compared to the existing (typescript) auth libraries. Plus no Nextjs lock-in, we migrated off Nextjs to Hono and only had to change the router.

vvoyer3 days ago

Nit pick: change homepage from:> git(main) x npm add better-authto> npm add better-auth"git(main) x" looks odd and like an error.

Erazal1 day ago

Been using it for the past 2 weeks, love it :)<a href="https://auth.meetingbaas.com" rel="nofollow">https://auth.meetingbaas.com</a>It's a shame I didn't add more providers there since then!

zackify2 days ago

I thought this was another vercel shill, and cheating up the hackernews ranks LOLBut I tried it today and it’s pretty nice. A few bugs with user creation and custom fields with the beta oauth2 plugin. But overall very solid abstraction that will save lots of time.Google sign in was a breeze too.The migrations do not pick up nullable being true for custom fields though, and I see someone else already reported this.Direct oauth registration works, most everything I need is here!

评论 #44035396 未加载

badmonster2 days ago

How does Better Auth handle multi-tenant authentication across different subdomains or apps within a monorepo setup?btw i read about your project in x a while ago, nice project!

ayushrodrigues3 days ago

Better-Auth has changed the game for authentication, developer experience and open source offerings as a whole. Huge fan of the framework agnostic approach. Congrats team!

zeroq2 days ago

I'm super happy that this is getting funding and won't become vaporeware at least for another season, because it's super important to have a stable foundation for homebrew solutions.However I'm not entierly sold on this being an actual alternative to auth0 and such - at least for now. For a drop-in solution lack of mail and dashboard can be a real deal breaker.

vivzkestrel2 days ago

I am building a production grade express API generator that lets people download a full production ready with all tooling setup express API with dependencies like ESLint, Prettier, Husky, Commitlint etc configured. One of the steps lets people choose an authentication provider and I intend to add your library

sreekanth850about 16 hours ago

Do you have plans to add support for .Net backend?

WorldMaker2 days ago

It feels wrong in 2025 that Passkey support isn't up-front and first class and is relegated to a plugin.

评论 #44032694 未加载

评论 #44038287 未加载

roes96273 days ago

might be dumb q, but does it work well with Supabase Auth?

评论 #44031948 未加载

ml9143 days ago

Different space, but sounds like a similar launch approach to how Triplit works as a sync engine - open-sourced, can use for free, or can upgrade to pay for hosting and the console/dashboard view. Appreciate companies like this taking a developer-first approach

评论 #44031285 未加载

评论 #44031114 未加载

raghu_19832 days ago

Curious to know why the default approach taken for auth is to use cookie sessions and not JWT, although it is available as plugin, its documentation is not clear.

sebnun1 day ago

Surprised none mentioned OpenAuth yet, how does this compares?<a href="https://openauth.js.org/" rel="nofollow">https://openauth.js.org/</a>

portaouflop3 days ago

If I use the commercial option what is the difference to a 3rd party solution ? It seems to me you would still have a 3rd party to offload Auth to?

评论 #44031061 未加载

abhisek2 days ago

The closest I can think of is Devise for Ruby on Rails ecosystem. While these solution provides great developer experience to get started, IMHO there are solid reasons to have separate identity providers like Auth0 or if you like to self-host, stuff like Keycloak, Dex and more. Consider your business logic backend need multi-region deployments, where will you keep the auth DB?Personally, if I want my app to be future proof, I would probably keep auth as a separate service while speaking standard protocols like OAuth2 so that I can maintain single source of truth for my user identity and be able to build multiple applications based on it.

评论 #44050530 未加载

blackhaj72 days ago

I have been using Better Auth for a while now and it is awesome. Nicest auth DX I have come acrossCongrats on getting into YC!

mooreds3 days ago

Welcome to the auth party! (Full disclosure, I work for FusionAuth, one of those third party auth providers.)I feel like every ecosystem should have a great auth library, and am glad to see you taking on this challenge. I come from the ruby and java worlds where devise and spring auth are great choices, and have watched as several options have risen and fallen in the JS world (passport.js, nextauth). I've heard good things about your project from colleagues, so hopefully you'll win :).Sounds like you plan to support this via infrastructure and higher level features. Any plans to offer paid support as well?Anyway, congrats on your launch!

评论 #44031438 未加载

joseferben3 days ago

congrats on the launch! better-auth is a joy to use. great dx with the type-safe plugin system.

评论 #44030928 未加载

benmccann2 days ago

NextAuth certainly needs some competition. However, I wish better-auth didn't have so many dependencies. I feel like it shouldn't be necessary to depend on things like kysley and Typescript.

rvz3 days ago

Are there any tests for this?How do I know if this actually works in the long term?

评论 #44050540 未加载

评论 #44038322 未加载

Vinnl2 days ago

Sorry to hijack this post, but since people who know are likely to look here... Anyone know what's up with Next-Auth/Auth.js? The main author had a post up [1] stating that they would stop their involvement, but that post appears to have been removed.[1] <a href="https://web.archive.org/web/20250419022421/https://balazsorban.com/blog/what-s-up-with-authjs" rel="nofollow">https://web.archive.org/web/20250419022421/https://balazsorb...</a>

评论 #44050381 未加载

dexterleng2 days ago

Do you have any plans on launching a Swift framework?

soneca2 days ago

Tangentially related, but have you thought about a go to market strategy related to AI?I started a new side project with Cursor to see how it goes, and it suggests a lot of packages for a lot of things (often not even suggests, assume you want it and ask you to install already).I imagine there will be a “AIO” AI optimization field soon. Have you considered at all?I mean. If I explicitly ask Cursor models to use Better Auth for authentication, will any of them be able to use it?A possible thing for you to work on could be to prepare a prompt with links to your documentation that I can copy and paste in Cursor (or whatever) and will successfully implement it in my project.EDIT: If you want to give it a try at one now and post as a reply here, I’ll gladly try it. It should say to substitute Auth0, as I am already using it, in a NextJS 15 web app that uses Neon serverless Postgres as DB. But I can tweak those myself later too

评论 #44037986 未加载

评论 #44032166 未加载

dzonga2 days ago

in rails there's authentication-zero.I haven't found the equivalent in the jvm space.nice work -- maybe I will do a port to jvm

asdffdasy2 days ago

how does the nextjs middleware works since it's impossible to open a db connection from it?

realbrad2 days ago

This is great!

dhruv30062 days ago

godspeed dudes.

ffo2 days ago

Congrats on the launch of Better Auth! It's great to see a new framework aiming to make rolling your own auth in TypeScript easier. More well-thought-out options for developers in the authentication and authorization landscape are always welcome.Best of luck with it!(Disclosure: I'm a co-founder of Zitadel, also building solutions in this space.)

paradox4602 days ago

Do people still use X25 these days? I thought everything would have moved to TCP/IP

评论 #44037964 未加载

jillyboel32 days ago

[flagged]

评论 #44043193 未加载