Launch HN: Better Auth (YC X25) – Authentication Framework for TypeScript

Hacker News Discussion ↗

Positioning vs Existing Auth Solutions

  • Framed as a modern, TypeScript-first alternative to NextAuth, Firebase Auth, Supabase Auth, Clerk, and enterprise providers (Auth0/Okta/FusionAuth/WorkOS/Keycloak).
  • Key differentiator: a library tightly integrated into your app and DB, but still self-hosted, rather than a separate “black box” auth service.
  • Users like having user data in their own Postgres schema instead of remote user stores with rigid extension models.

Developer Experience

  • Multiple commenters report using Better Auth in production and side projects with very positive DX: “npm install → minimal config → it works.”
  • Type-safe plugin system, framework-agnostic design, and good docs are repeatedly praised.
  • Migration from Lucia is described as straightforward, with more “magic” but less boilerplate for email verification, password resets, and rate limiting.

Architecture & Features

  • Defaults to cookie-based sessions; JWT is an optional plugin. Some want JWT as the default for stateless APIs; others approve of cookies as simpler and safer for many apps.
  • Supports email/password (in contrast to NextAuth’s reluctance to bless it), OAuth providers, multi-session / multi-organization, SSO plugin, and a JWT plugin.
  • Passkeys are supported via plugin. Some think passkeys should be first-class and more visible in marketing; others note low real-world user adoption.
  • Does not yet cover everything: SCIM is missing and a deal-breaker for some enterprise-leaning teams; SAML SSO led others to pick Keycloak.

Integrations & Migrations

  • Firebase: feature parity claimed except no Firestore adapter yet; lock-in and vendor concerns motivate migration interest.
  • Supabase: Better Auth recommended if you don’t heavily depend on RLS; migration guide exists, but RLS integration is still evolving.
  • Next.js and edge runtimes: some issues with CLI and env handling for workers were reported.

Commercial Offering & Business Concerns

  • Paid product is a dashboard layered on top of the self-hosted library: user management, analytics, bot/fraud protection. Base dashboard likely free.
  • Not positioned as a hosted “3rd-party auth” in the Auth0 sense; infra is optional add-on.
  • Some worry about venture funding changing incentives; others see it as assurance of continued maintenance and non-vaporware.

Security, Reliability, and Ecosystem

  • There are automated tests; at least one security vulnerability was quickly patched and assigned a CVE, which impressed users.
  • Broader discussion around “library vs dedicated identity service” tradeoffs, and the likelihood of AI-driven “auth package SEO” influencing adoption.