better-authSelf-hosted auth for TypeScript/Cloudflare Workers with social auth, 2FA, passkeys, organizations, RBAC, and 15+ plugins. Requires Drizzle ORM or Kysely for D1 (no direct adapter). Self-hosted alternative to Clerk/Auth.js. Use when: self-hosting auth on D1, building OAuth provider, multi-tenant SaaS, or troubleshooting D1 adapter errors, session caching, rate limits, Expo crashes, additionalFields bugs.
Install via ClawdBot CLI:
clawdbot install Veeramanikandanr48/better-authGrade Good — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Generated Mar 1, 2026
A B2B software company building a cloud-based service with separate organizations for each customer. They need self-hosted authentication with role-based access control (RBAC) and organization management to securely isolate tenant data and user permissions. The D1 adapter with Drizzle ORM enables scalable, serverless auth on Cloudflare Workers.
A tech startup creating an API or developer platform that requires its own OAuth provider for third-party integrations. They leverage the OAuth 2.1 Provider plugin to build a custom authentication flow, supporting social logins and secure token management while self-hosting on D1 for cost control and compliance.
A large corporation migrating internal tools to a modern web stack, requiring single sign-on (SSO) via SAML 2.0 for employee access. They use the @better-auth/sso package to integrate with existing identity providers, ensuring secure, centralized authentication across multiple applications with stateless session management.
An online retail business building a secure customer portal with email/password login and two-factor authentication (2FA). They implement better-auth on Cloudflare Workers to handle user sessions, passkey support for frictionless logins, and Stripe integration for subscription management, all while troubleshooting D1 adapter errors for reliability.
A mobile app development team using Expo for cross-platform apps, needing a robust auth backend to prevent crashes and handle social sign-ins like Patreon and Kick. They deploy better-auth on D1 with the Kysely adapter pattern, ensuring proper cookie handling and session caching for mobile users.
Offer the core better-auth package as free, open-source software for self-hosting, while monetizing through premium plugins like advanced SSO, SCIM provisioning, or enterprise support. Revenue is generated via subscription fees for these add-ons, targeting businesses needing enhanced features.
Provide paid consulting services to help companies integrate better-auth into their projects, especially for complex scenarios like multi-tenant setups or troubleshooting D1 adapter issues. Revenue comes from hourly rates or project-based contracts, leveraging expertise in TypeScript and Cloudflare Workers.
Launch a managed, hosted version of better-auth as a service, similar to Clerk or Auth.js, but built on the same self-hostable codebase. Charge based on usage metrics like monthly active users or authentication requests, appealing to teams wanting convenience without infrastructure management.
💬 Integration Tip
Always use a factory function pattern in Cloudflare Workers to initialize better-auth inside the request handler, as D1 database bindings are only available there; for TanStack Start, ensure the reactStartCookies plugin is the last one to handle cookies correctly.
Scored Apr 15, 2026
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
gws CLI: Shared patterns for authentication, global flags, and output formatting.
Set up Gmail API access via gog CLI with manual OAuth flow. Use when setting up Gmail integration, renewing expired OAuth tokens, or troubleshooting Gmail authentication on headless servers.
Automate OAuth login flows with user confirmation via Telegram. Supports 7 providers: Google, Apple, Microsoft, GitHub, Discord, WeChat, QQ. Features: - Auto-detect available OAuth options on login pages - Ask user to choose via Telegram when multiple options exist - Confirm before authorizing - Handle account selection and consent pages automatically
Build secure authentication with sessions, JWT, OAuth, passwordless, MFA, and SSO for web and mobile apps.
Zoho People API integration with managed OAuth. Manage employees, departments, designations, attendance, and leave. Use this skill when users want to read, create, update, or query HR data like employees, departments, designations, and forms in Zoho People. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway). Requires network access and valid Maton API key.