BetterAuth
Open SourceThe most comprehensive authentication framework for TypeScript
Scores
About
BetterAuth is a comprehensive authentication and authorization framework for TypeScript. Rather than relying on a third-party cloud service, BetterAuth runs entirely within your application — you own the sessions, the user data, and the logic.
The library covers the full authentication surface: email and password with session management and account recovery, social OAuth providers (Google, GitHub, Apple, Discord, and many more), passkeys (WebAuthn), magic links, email OTP, phone number verification, two-factor authentication (TOTP), and API key management. An organization plugin provides multi-tenancy out of the box — teams, roles, invitations, and access control — making it practical for SaaS applications from the start.
For enterprise requirements, a separate SSO plugin adds SAML 2.0 and OpenID Connect support with per-organization provider configuration, enabling scenarios where each tenant authenticates through its own identity provider. Domain-based provider trust is also supported in recent releases.
BetterAuth is designed around a plugin system: start with the features you need and add capabilities incrementally without rewriting your auth layer. Database support is adapter-based — PostgreSQL, MySQL, SQLite, and MongoDB are all supported. Framework integration adapters exist for Next.js, Nuxt, SvelteKit, Astro, Hono, Express, Fastify, Remix, and others.
The Auth.js / NextAuth team merged into the BetterAuth project in September 2025, making BetterAuth the official successor to the most widely used Node.js auth library. It is backed by Y Combinator (W25 batch).
Because BetterAuth runs inside your application, session validation involves no external HTTP call and there is no per-MAU pricing. Teams host it on their own infrastructure alongside their existing database.
Key Features
- Email/password auth with session management, verification, and password reset
- Social OAuth (Google, GitHub, Apple, Discord, and 20+ providers)
- Passkeys (WebAuthn), magic links, email OTP, and phone number auth
- Two-factor authentication (TOTP)
- Organization plugin: multi-tenancy with teams, roles, and invitations
- Enterprise SSO plugin: SAML 2.0 and OIDC with per-tenant provider config
- Plugin ecosystem — compose only the features you need
- Database adapters for PostgreSQL, MySQL, SQLite, MongoDB
Pros
- No per-MAU pricing — self-hosted on your own infrastructure
- TypeScript-first with full type inference and autocomplete across the full auth surface
- Plugin architecture keeps the bundle lean; add features without a full rewrite
- Framework-agnostic within the JS/TS ecosystem — Next.js, Nuxt, SvelteKit, Express, and more
- Official successor to NextAuth/Auth.js — active development and community momentum
- Runs inside your app — no external network call for session validation
Cons
- JavaScript / TypeScript only — no support for Python, Java, PHP, Go, or Ruby backends
- Requires database setup and management; no managed hosting option for the core library
- No pre-built UI components — you provide your own login forms and flows
- Enterprise SSO (SAML 2.0) requires a separate plugin and additional configuration
- Newer project relative to Auth0 and Clerk — less battle-tested at very large scale
Pricing
Open SourcePossible Stacks
Next.js + BetterAuth
ProjectA TypeScript full-stack with self-hosted authentication. Next.js handles the frontend and API routes; BetterAuth manages sessions, OAuth providers, and user accounts inside your application — no third-party auth service and no per-MAU pricing.
Backend
Programming
Databases
Hosting
Authentication
BetterAuth Self-Hosted
InfrastructureThe infrastructure layer for a BetterAuth-powered application. BetterAuth stores sessions and user accounts in PostgreSQL alongside your existing application data; Docker keeps the deployment reproducible across any VPS or cloud provider.
Related Tools
Integrates with (7)
Alternative to (4)
Learning Resources
No resources yet — check back soon.