Authentication is one of the most critical — and most commonly underestimated — components of any modern web application. While the TypeScript ecosystem offers numerous auth libraries, most fall short the moment your requirements go beyond basic email/password login. Better Auth is here to change that.

Better Auth is a framework-agnostic authentication and authorization framework for TypeScript. It ships with a comprehensive feature set out of the box: OAuth 2.0, OIDC, two-factor authentication, multi-tenant organization management, and more. What truly sets it apart is its plugin ecosystem — you can add advanced functionalities with minimal code, allowing you to focus on building your application instead of reinventing the wheel.

The project has grown rapidly since its launch in mid-2024, now standing at 28,000+ GitHub stars with nearly 2,500 forks and a vibrant community of contributors. Its MIT license makes it freely usable in both open-source and commercial projects.

• Framework-Agnostic Core — Better Auth is not tied to any specific framework (Next.js, Remix, SvelteKit, etc.). Its core library works anywhere TypeScript runs, with official adapters for popular frameworks. You bring your own stack; Better Auth handles the auth.
• Plugin Architecture — The plugin system is the heart of Better Auth's extensibility. Official plugins cover Two-Factor Authentication (TOTP), Organization/Multi-tenant management, OAuth providers (Google, GitHub, Discord, etc.), Payment integration (Stripe), and more. Community plugins are also supported.
• Database Adapter System — Out-of-the-box adapters for PostgreSQL, MySQL, SQLite, MongoDB, Drizzle ORM, and Prisma. The adapter system makes it straightforward to integrate Better Auth into existing databases without migrations or schema lock-in.

User @Dnori96 reported a security-relevant bug:

"When using cookieCache with the twoFactor plugin, the session_data cookie is not regenerated after it expires. The session_token cookie persists, but once session_data disappears, the 2FA verification state is lost and the user must re-authenticate entirely."

Core maintainer @Bekacru responded clarifying that there is actually no dependency between cookieCache and TOTP verification — the behavior described was unexpected. The issue sparked a broader discussion about how cookieCache interacts with session regeneration in edge cases, with community member @dosubot explaining the underlying mechanics: the session_data cookie is only refreshed when the server explicitly forwards the set-cookie header from getSession responses.

Insight for developers: When using cookieCache alongside twoFactor, ensure your server middleware properly propagates set-cookie headers — otherwise session state can silently expire even while the underlying session token is still valid.

---

User @benmccann opened a thoughtful feature request:

"Users should be able to submit a login form without JavaScript being required. A user might not have JavaScript loaded on the page. This is more common than users realize — CDN failures, corporate proxies blocking scripts, or users on metered/expensive connections. Progressive enhancement is a core web principle that auth libraries should support."

The Better Auth team acknowledged the request and stated they are "discussing adding secure server-side endpoints for traditional form submissions." Community member @lishaduck pushed back on marking the issue stale, noting that no new documentation on this topic has appeared. This remains an open feature request with growing community interest.

Insight for developers: If you're deploying Better Auth in a high-availability or low-bandwidth context, the current library is primarily JavaScript-first. The team is aware of the gap and working on it — but for now, you may need to implement server-side form handling manually.

---

User @dentroai proposed adding the European payment provider Mollie:

"The Stripe integration works great with Better Auth. Mollie is a European payment provider. Would be a great addition for companies that strive to use European solutions."

Maintainer @bytaesu responded diplomatically:

"We currently have multiple external payment plugins, and we officially maintain the Stripe plugin. If there's sustained demand from the community, we can consider it, but it's not on our roadmap for now."

Community member @ThimoDEV chimed in to express interest, signaling that there is indeed a demand. This is a good example of how Better Auth's community shapes its roadmap — if the interest grows, the team is open to it.

Insight for developers: Better Auth currently has first-class Stripe support for subscription management. For other European payment providers like Mollie, you may need a custom adapter or integration layer — but the plugin architecture makes this feasible.

Better Auth fills a real gap in the TypeScript ecosystem — providing production-grade authentication without the complexity tax of rolling your own or coupling to a specific framework. Its plugin system, database adapter layer, and active community (with nearly 700 open issues and regular contributions) make it a strong choice for any project that needs auth beyond the basics. The community discussions above reveal a framework that is actively maintained, transparent about its roadmap, and genuinely responsive to developer feedback.

If you're building a web application and authentication is on your critical path, Better Auth deserves a serious look. The project is MIT-licensed, actively developed, and backed by a growing ecosystem of plugins and community contributions.

🔗 Project Link: @better-auth/better-auth