better-auth-best-practices_skill

This skill helps you implement best-practice Better Auth integration in your TypeScript apps, simplifying secure authentication setup and plugin usage.
  • TypeScript

4.2k

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill epicenterhq/epicenter --skill better-auth-best-practices

  • SKILL.md7.5 KB

Overview

This skill integrates Better Auth — a TypeScript-first, framework-agnostic authentication framework — into your app. It provides configuration guidance, environment requirements, adapter and plugin wiring, and native-app recommendations for Svelte, SvelteKit, Tauri, and other TypeScript stacks. Use it to set up email/password, OAuth, passkeys, magic links, and bearer-based native auth flows quickly and securely.

How this skill works

The skill inspects project structure for an auth.ts entrypoint, validates required environment variables (BETTER_AUTH_SECRET, BETTER_AUTH_URL) and suggests where to place config when env vars are absent. It verifies adapter and database settings, recommends session and cookie-cache strategies, and ensures plugins are imported from tree-shakeable paths. For native apps it recommends the bearer() plugin and shows how to extract and use tokens in Tauri/Electron/Expo.

When to use it

  • You need a TypeScript-first auth system for Svelte, SvelteKit, or other frontends.
  • You must support multiple flows: email/password, OAuth, magic links, passkeys, or 2FA.
  • You want native-desktop or mobile support where cookies are unreliable (Tauri/Electron/Expo).
  • You need clear adapter wiring for Prisma/Drizzle/MongoDB or direct DB pools.
  • You want to add plugins (two-factor, organization, apiKey, bearer) with correct imports.

Best practices

  • Always set BETTER_AUTH_SECRET (min 32 chars) and BETTER_AUTH_URL in environment for production.
  • Keep auth.ts in ./src, ./lib, ./utils, or project root; use --config for custom locations.
  • Use a secondaryStorage (Redis/KV) for session storage and rate limiting to avoid DB load.
  • Import plugins from their direct paths (e.g. better-auth/plugins/two-factor) to enable tree-shaking.
  • Use bearer() for native apps and store opaque tokens client-side; do not confuse this with JWT-based flows.
  • After changing plugins or models, re-run the CLI migrate/generate commands to update schemas.

Example use cases

  • SvelteKit web app with Prisma adapter, email/password sign-up, and social OAuth providers.
  • Tauri desktop app using bearer() to persist opaque HMAC session tokens instead of relying on cookies.
  • Mobile app where sign-in returns set-auth-token header; client stores token and sends Authorization: Bearer <token>.
  • Multi-tenant org feature using the organization plugin and database hooks for automatic defaults.
  • Serverless deployment using cookieCache compact mode for stateless sessions and short session expiry.

FAQ

No. Prefer BETTER_AUTH_SECRET and BETTER_AUTH_URL in environment variables; only set secret/baseURL in config if env vars are not available.

How do I support native apps where cookies fail?

Install and enable the bearer() plugin. Extract the session token from the response body or set-auth-token header and send it as Authorization: Bearer on subsequent requests; bearer() converts it to the expected cookie server-side.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
better-auth-best-practices skill by epicenterhq/epicenter | VeilStrat