Better Auth is a comprehensive, framework-agnostic authentication and authorization framework designed for TypeScript. It allows developers to implement secure, scalable, and customizable authentication systems directly within their application codebase. By providing a composable, plugin-based architecture, it supports a wide variety of authentication methods out of the box, including email/password, social sign-on (OAuth), passkeys, and multi-tenancy. Built to scale from individual weekend projects to large enterprise environments, it emphasizes developer experience and type safety, ensuring that auth logic remains version-controlled and reviewable.

Better Auth functions as a universal authentication library that manages user identities, sessions, and permissions. It automates common security tasks like database management, password hashing, rate limiting, and multi-factor authentication handling. Developers define their auth instance declaratively in code, keeping authentication logic tightly integrated with their application while maintaining the flexibility to swap databases or add advanced features through a modular plugin system.

Some of the key features are:

• Framework Agnostic: Works with Next.js, Nuxt, SvelteKit, Astro, Hono, and over 20 other web frameworks.
• Built-in Credential Auth: Includes sessions, email verification, and secure password reset workflows.
• Social Sign-on: Supports numerous social identity providers including Google, GitHub, Apple, and Discord.
• Multi-tenancy: Features built-in support for teams, organizational roles, invitations, and access control.
• Enterprise Features: Provides enterprise-ready functionality such as SSO, SAML 2.0, SCIM, and directory synchronization.
• Advanced Auth Methods: Supports over 50 methods including passkeys, magic links, API keys, JWTs, and bot detection.
• AI Agent Support: Integrates with AI workflows via MCP auth, token exchange, and agent delegation.
• Security & Observability: Includes real-time threat detection, IP blocking, and automated audit logging.

To use Better Auth, developers install the package and create an auth.ts instance in their project root or designated lib folder. The library is configured by providing database credentials, specifying authentication methods, and registering necessary plugins. API requests are handled by mounting a handler on the server (e.g., /api/auth/*), while the client-side authClient provides helper functions for frontend interactions. The system automates schema creation and database migrations, enabling a quick setup process while maintaining full control over the underlying data infrastructure.

Some common use cases include:

• Enterprise SaaS: Managing multi-tenant organizations with complex RBAC and SSO requirements for large corporate customers.
• Developer Portals: Securing API-first applications with custom API key management and audit logging.
• AI-Driven Applications: Implementing secure authentication protocols for AI agents and automated workflows.
• Consumer Apps: Providing seamless sign-in experiences with social providers, passkeys, and magic links to increase user conversion.
• Scalable Web Platforms: Centralizing user identity and session management across multiple micro-frameworks and serverless environments.