README

Better Auth is an authentication and authorization framework. It provides a comprehensive set of features out of the box and includes a Plugin ecosystem that simplifies adding advanced functionalities and infrastructure to help own your auth at scale.

npx auth init

Trusted By

OpenAI

databricks

strapi

OpenAI

databricks

strapi

Features

01Framework Agnostic

Works with your stack.

First-class support for Next.js, Nuxt, SvelteKit, Astro, Hono, Express, and 20+ more.

+14

02Email & Password

Built-in credential auth.

Session management, email verification, and password reset out of the box.

user@email.com

••••••••

03Social Sign-on

40+ social providers.

Google, GitHub, Apple, Discord, Microsoft, and more — each a few lines of config.

+34

04Organizations

Multi-tenancy built in.

Teams, roles, invitations, and member management with fine-grained access control.

owneradminmember

05Enterprise

SSO, SAML & SCIM.

Enterprise SSO, SAML 2.0, SCIM provisioning, and directory sync for B2B products.

06Plugins

50+ and growing.

Passkeys, magic links, anonymous auth, API keys, JWTs, and a community ecosystem.

passkeys2famagic-linkjwtapi-keysanonymousoidcotpbearermulti-session

07Agent Auth

Auth for AI agents.

MCP server auth, async auth flows, token exchange, and agent-to-agent delegation.

$agent.auth()→sk-••••✓

08Infrastructuremanaged

Security & observability.

Bot detection, real-time behavior analysis, IP blocking, email validation, and more.

Manage users, sessions, and organizations. Track sign-ups, active users, and growth.

10:50 AMJohncreated a session

10:48 AMSarahupdated profile

10:45 AMAlexjoined organization

10:42 AMEmmarevoked token

10:38 AMMikeenabled 2FA

10:50 AMJohncreated a session

10:48 AMSarahupdated profile

10:45 AMAlexjoined organization

10:42 AMEmmarevoked token

10:38 AMMikeenabled 2FA

++++

Declarative Config

import { betterAuth } from "better-auth"

export const auth = betterAuth({
  emailAndPassword: {
    enabled: true,
  },
  socialProviders: {
    google: {
      clientId: process.env.GOOGLE_CLIENT_ID!,
      clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
    },
    github: {
      clientId: process.env.GITHUB_CLIENT_ID!,
      clientSecret: process.env.GITHUB_CLIENT_SECRET!,
    },
  },
  plugins: [
    twoFactor(),
    passkey(),
    organization(),
  ],
})

import { betterAuth } from "better-auth"export const auth = betterAuth({  emailAndPassword: {    enabled: true,  },  socialProviders: {    google: {      clientId: process.env.GOOGLE_CLIENT_ID!,      clientSecret: process.env.GOOGLE_CLIENT_SECRET!,    },    github: {      clientId: process.env.GITHUB_CLIENT_ID!,      clientSecret: process.env.GITHUB_CLIENT_SECRET!,    },  },  plugins: [    twoFactor(),    passkey(),    organization(),  ],})

Bring Your Own Database

Use any database you want. Connect directly with a connection string, or use your favorite ORM adapter. Your data stays in your database.

import { betterAuth } from "better-auth"
import { Pool } from "pg"

export const auth = betterAuth({
  database: new Pool({
    connectionString: process.env.DATABASE_URL,
  }),
})

import { betterAuth } from "better-auth"import { Pool } from "pg"export const auth = betterAuth({  database: new Pool({    connectionString: process.env.DATABASE_URL,  }),})

Direct Drivers

ORM Adapters

Community

Supabase

Neon

Turso

PlanetScale

AI Native

Your auth lives in your codebase — so AI can configure it. Ships with MCP server, Claude Code skills, and Cursor rules.

›

Cursor

npx @better-auth/cli mcp --cursor

Claude Code

claude mcp add better-auth

Open Code

npx @better-auth/cli mcp --open-code

OAuth Providers

35+

social providers

GoogleGitHubAppleMicrosoftDiscord

SlackTwitterFacebookLinkedInGitLab

TwitchSpotifyFigmaNotionAtlassian

SalesforceHuggingFaceRobloxRedditTikTok

PayPalDropboxZoomVercelLinear

KickKakaoLineVKNaver

Plugin Ecosystem33 official

browse all →

Two FactorAuthenticationPasskeyAuthenticationMagic LinkAuthenticationEmail OTPAuthenticationUsernameAuthenticationOne TapAuthenticationPhone NumberAuthenticationAnonymousAuthenticationBearerAuthenticationGeneric OAuthAuthenticationOne Time TokenAuthenticationSIWEAuthenticationOrganizationOrganizationAdminOrganizationMulti SessionOrganizationAPI KeyOrganizationSSOEnterpriseTwo FactorAuthenticationPasskeyAuthenticationMagic LinkAuthenticationEmail OTPAuthenticationUsernameAuthenticationOne TapAuthenticationPhone NumberAuthenticationAnonymousAuthenticationBearerAuthenticationGeneric OAuthAuthenticationOne Time TokenAuthenticationSIWEAuthenticationOrganizationOrganizationAdminOrganizationMulti SessionOrganizationAPI KeyOrganizationSSOEnterprise

OIDC ProviderEnterpriseSCIMEnterpriseOAuth ProxyEnterpriseJWTSecurityHIBPSecurityCaptchaSecurityStripeIntegrationPolarIntegrationOpen APIIntegrationDubIntegrationAutumnIntegrationDodo PaymentsIntegrationCreemIntegrationMCPAIDevice AuthAuthenticationLast LoginAuthenticationOIDC ProviderEnterpriseSCIMEnterpriseOAuth ProxyEnterpriseJWTSecurityHIBPSecurityCaptchaSecurityStripeIntegrationPolarIntegrationOpen APIIntegrationDubIntegrationAutumnIntegrationDodo PaymentsIntegrationCreemIntegrationMCPAIDevice AuthAuthenticationLast LoginAuthentication

We also offer managed infrastructure

Monitoring & Agentic Dashboard

The best user management and monitoring platform.

Monitor sign-ups, manage users, track sessions, and surface security insights — with an agentic Cmd+K to do it all in natural language.

┌┐

better-auth.com/dashboard/the-next-big-thing

OverviewUsersOrgsEvents

User Management

CRUD, sessions, bans

Live Events

Real-time auth feed

Agent Dashboard

Cmd+K agentic UI

Security Insights

Actionable alerts

Sentinel

Security infrastructure for your app.

Bot detection, brute force protection, disposable email blocking, geo restrictions, and more — all working in real time before threats reach your users.

┌┐

SentinelMonitor and analyze security events

Blocked847Challenged124Allowed12.4k

ActionIdentifierReasonLocationPathTime

Blocked

akash.prish@dropmeon.com::1

Disposable EmailUnknown/sign-up/email2 min ago

Blocked

kamef69609@cucadas.comUnknown IP

Disposable EmailUnknown/sign-up/email4 min ago

Challenged

195.142.xx.xx

Suspicious IPMoscow, RU/sign-in7 min ago

Blocked

bot-crawler-7x52.14.xx.xx

Bot DetectedUS-East/api/auth12 min ago

Blocked

admin@tempmail.ninja::1

Breached PasswordUnknown/sign-up/email18 min ago

Bot DetectionBrute ForceBreached PasswordsImpossible TravelRate LimitingGeo BlockingSuspicious IPsDisposable EmailsEmail AbuseFree Trial AbuseStale Users

Contributors

Built by a community of 746+ contributors.