What frameworks does Better Auth support?

It's framework-agnostic and works with Next.js, Nuxt, SvelteKit, Remix, Astro, Hono, Express, and more.

Does it include 2FA and WebAuthn?

Yes. Better Auth supports two-factor authentication (TOTP, SMS) and passkeys/WebAuthn, plus an RBAC and 2FA-capable plugin system.

How do I set up the database schema?

Use the CLI to generate and migrate the schema: npx @better-auth/cli generate and npx @better-auth/cli migrate.

better-auth

Scanned

npx machina-cli add skill Microck/ordinary-claude-skills/better-auth --openclaw

Files (1)

SKILL.md

7.2 KB

Better Auth Skill

Better Auth is comprehensive, framework-agnostic authentication/authorization framework for TypeScript with built-in email/password, social OAuth, and powerful plugin ecosystem for advanced features.

When to Use

Implementing auth in TypeScript/JavaScript applications
Adding email/password or social OAuth authentication
Setting up 2FA, passkeys, magic links, advanced auth features
Building multi-tenant apps with organization support
Managing sessions and user lifecycle
Working with any framework (Next.js, Nuxt, SvelteKit, Remix, Astro, Hono, Express, etc.)

Quick Start

Installation

npm install better-auth
# or pnpm/yarn/bun add better-auth

Environment Setup

Create .env:

BETTER_AUTH_SECRET=<generated-secret-32-chars-min>
BETTER_AUTH_URL=http://localhost:3000

Basic Server Setup

Create auth.ts (root, lib/, utils/, or under src/app/server/):

import { betterAuth } from "better-auth";

export const auth = betterAuth({
  database: {
    // See references/database-integration.md
  },
  emailAndPassword: {
    enabled: true,
    autoSignIn: true
  },
  socialProviders: {
    github: {
      clientId: process.env.GITHUB_CLIENT_ID!,
      clientSecret: process.env.GITHUB_CLIENT_SECRET!,
    }
  }
});

Database Schema

npx @better-auth/cli generate  # Generate schema/migrations
npx @better-auth/cli migrate   # Apply migrations (Kysely only)

Mount API Handler

Next.js App Router:

// app/api/auth/[...all]/route.ts
import { auth } from "@/lib/auth";
import { toNextJsHandler } from "better-auth/next-js";

export const { POST, GET } = toNextJsHandler(auth);

Other frameworks: See references/email-password-auth.md#framework-setup

Client Setup

Create auth-client.ts:

import { createAuthClient } from "better-auth/client";

export const authClient = createAuthClient({
  baseURL: process.env.NEXT_PUBLIC_BETTER_AUTH_URL || "http://localhost:3000"
});

Basic Usage

// Sign up
await authClient.signUp.email({
  email: "user@example.com",
  password: "secure123",
  name: "John Doe"
});

// Sign in
await authClient.signIn.email({
  email: "user@example.com",
  password: "secure123"
});

// OAuth
await authClient.signIn.social({ provider: "github" });

// Session
const { data: session } = authClient.useSession(); // React/Vue/Svelte
const { data: session } = await authClient.getSession(); // Vanilla JS

Feature Selection Matrix

Feature	Plugin Required	Use Case	Reference
Email/Password	No (built-in)	Basic auth	email-password-auth.md
OAuth (GitHub, Google, etc.)	No (built-in)	Social login	oauth-providers.md
Email Verification	No (built-in)	Verify email addresses	email-password-auth.md
Password Reset	No (built-in)	Forgot password flow	email-password-auth.md
Two-Factor Auth (2FA/TOTP)	Yes (`twoFactor`)	Enhanced security	advanced-features.md
Passkeys/WebAuthn	Yes (`passkey`)	Passwordless auth	advanced-features.md
Magic Link	Yes (`magicLink`)	Email-based login	advanced-features.md
Username Auth	Yes (`username`)	Username login	email-password-auth.md
Organizations/Multi-tenant	Yes (`organization`)	Team/org features	advanced-features.md
Rate Limiting	No (built-in)	Prevent abuse	advanced-features.md
Session Management	No (built-in)	User sessions	advanced-features.md

Auth Method Selection Guide

Choose Email/Password when:

Building standard web app with traditional auth
Need full control over user credentials
Targeting users who prefer email-based accounts

Choose OAuth when:

Want quick signup with minimal friction
Users already have social accounts
Need access to social profile data

Choose Passkeys when:

Want passwordless experience
Targeting modern browsers/devices
Security is top priority

Choose Magic Link when:

Want passwordless without WebAuthn complexity
Targeting email-first users
Need temporary access links

Combine Multiple Methods when:

Want flexibility for different user preferences
Building enterprise apps with various auth requirements
Need progressive enhancement (start simple, add more options)

Core Architecture

Better Auth uses client-server architecture:

Server (better-auth): Handles auth logic, database ops, API routes
Client (better-auth/client): Provides hooks/methods for frontend
Plugins: Extend both server/client functionality

Implementation Checklist

Reference Documentation

Core Authentication

Email/Password Authentication - Email/password setup, verification, password reset, username auth
OAuth Providers - Social login setup, provider configuration, token management
Database Integration - Database adapters, schema setup, migrations

Advanced Features

Advanced Features - 2FA/MFA, passkeys, magic links, organizations, rate limiting, session management

Scripts

scripts/better_auth_init.py - Initialize Better Auth configuration with interactive setup

Resources

Docs: https://www.better-auth.com/docs
GitHub: https://github.com/better-auth/better-auth
Plugins: https://www.better-auth.com/docs/plugins
Examples: https://www.better-auth.com/docs/examples

Source

git clone https://github.com/Microck/ordinary-claude-skills/blob/main/skills_all/better-auth/SKILL.mdView on GitHub

Overview

Better Auth is a comprehensive, framework-agnostic authentication and authorization framework for TypeScript. It provides built-in email/password with verification, social OAuth providers, 2FA (TOTP, SMS), passkeys/WebAuthn, session management, RBAC, rate limiting, and database adapters. It enables adding secure authentication to any web app and coordinating authorization rules across frameworks.

How This Skill Works

Install better-auth and configure it with betterAuth({ database, emailAndPassword, socialProviders }). The library exposes server-side initialization, a client library, and adapters to plug into your chosen database; you generate migrations with the CLI. It provides framework-specific shims (e.g., Next.js route adapters) to mount the auth API and manage user sessions.

When to Use It

Adding authentication to a TypeScript/JavaScript web app (email/password or social login)
Implementing OAuth flows with providers like Google, GitHub, or Discord
Setting up 2FA/MFA, passkeys, or magic links for stronger security
Building multi-tenant apps with organization support and RBAC
Managing user sessions and defining authorization rules across frameworks

Quick Start

Step 1: Install: npm install better-auth
Step 2: Create .env with BETTER_AUTH_SECRET and BETTER_AUTH_URL
Step 3: Initialize server with betterAuth config and mount the API handler for your framework

Best Practices

Enable email verification and password reset workflows for user accounts
Store secrets in environment variables (e.g., BETTER_AUTH_SECRET) and rotate them regularly
Use the CLI to generate and migrate database schemas for reliability
Design RBAC roles carefully and enforce rules consistently in code
Test OAuth/login flows and 2FA across browsers and devices

Example Use Cases

Sign up and sign in using email/password with verification
OAuth login via GitHub or Google and link accounts
Admins protected by RBAC and 2FA enforcement
Passwordless login using Passkeys/WebAuthn
Cross-framework session management in Next.js, Nuxt, or Express apps

Frequently Asked Questions

Add this skill to your agents