Better Auth
Comprehensive TypeScript authentication framework with email/password, OAuth, 2FA, multi-tenant support, and framework-agnostic design for modern apps.
A comprehensive authentication framework designed specifically for TypeScript developers who want to own their auth infrastructure without compromising on features or security.
Framework Agnostic Design - Works seamlessly with popular frameworks including React, Vue, Svelte, Astro, Solid, Next.js, Nuxt, TanStack Start, and Hono. Build once, deploy anywhere.
Complete Authentication Suite includes:
- Email & Password Authentication with built-in session and account management
- Social Sign-on supporting GitHub, Google, Discord, Twitter, and more OAuth providers
- Two-Factor Authentication for enhanced security with minimal code
- Multi-tenant Support with organizations, teams, members, and invitation systems
- Access Control features for enterprise-grade applications
Developer Experience First - Auto-generates Drizzle schemas for users and sessions, provides full type safety, and offers a dead simple API. The framework integrates directly with your database using a connection pool, giving you complete control over your data.
Plugin Ecosystem extends functionality with official and community plugins, allowing you to customize authentication flows to match your specific requirements. The modular architecture means you only include what you need.
Trusted by developers building production applications, with praise from industry leaders including the creators of Vercel, Nuxt, SST, and ElysiaJS. Roll your own auth with confidence in minutes rather than weeks.
Magic link and email OTP plugins allow passwordless sign-in using one-time links or codes
Supports multiple social providers through built-in OAuth and generic OAuth plugin for custom providers
The passkey plugin adds FIDO2 / WebAuthn support for passwordless, phishing‑resistant sign‑in
Session settings allow you to configure expiresIn and updateAge to create longer or shorter sessions
No official multi‑language or localization support, but a community plugin for localization exists
The OIDC provider plugin implements the client_credentials grant so your app can issue access tokens for machine‑to‑machine communication
You can issue and retrieve access tokens via the OIDC provider plugin and the OAuth social provider integration
Better Auth is headless and does not provide a hosted login page
Supports webhooks of third-party integrations like Stripe or Polar, but does not provide webhooks itself
Better Auth’s plugin ecosystem enables many integrations, such as Stripe, Polar and generic OAuth providers
A built‑in rate limiter with customizable rules protects sensitive endpoints like email sign‑in and 2FA verification
The CAPTCHA plugin integrates services like reCAPTCHA, Turnstile and hCaptcha to block bots during sign‑in and sign‑up
The “Have I Been Pwned” plugin blocks compromised passwords by checking them against a breach database
The two‑factor authentication plugin adds TOTP support, backup codes and trusted devices
The organizations plugin simplifies access control by allowing you to create organizations and assign roles to members
Users can link multiple social accounts using the linkAccount and linkSocial functions
Administrators can impersonate a user by creating a temporary session and later stop impersonating
There is no service level agreement because Better-Auth is self‑hosted and open source
An active open‑source community with Discord, GitHub and subreddit channels provides help and discussions
