Does every app using an adapter for Better Auth need to implement every plugin’s many thousands of operations, even if they’re only using basic functionality and a handful of operations?
Auth.js differed in that you could let them handle it if you’re doing your low impact side product, but once you did care you can opt out. You’re telling me that Better Auth knows better what you need than you do, and so giving you the option to opt out would just be too onerous for you to decide if you want to do it or not.
Why couldn’t Better Auth plugins individually declare what they need and let you implement those functions as you need them?
For what it’s worth my company also makes money in a sensitive industry, Auth.js did everything we need regarding authentication (and we just use other things entirely for billing/etc, which arguably is much more modular), and we only had to implement like 8 functions that took a day and has worked since we started a few years ago. Probably would take me an hour or two today thanks to AI.
Honestly I’m fine with Better Auth taking its stance, but basically saying “you should use Better Auth unless you have this one random fad technical issue, why would you need any alternative like Auth.js??” while saying that there will only be security patches; and no real probable alternative I can think of; and that stance is basically a non starter for what I believe to be a large set of use cases, rubbed me wrong.
I’ll take patches over nothing, but that doesn’t invalidate my feeling that auth in JS is in a sorry state and this isn’t making it better as far as my concerns go. Anyway who am I to talk, I’m not going to make an alternative regardless.
No, and actually if you really really wanna override the core database calls, we have a way to do so. You just need to write a hook or custom plugin to override the `internalAdapter`.
> Auth.js did everything we need regarding authentication
I don’t think this is true. Any sufficiently complex project has had to add a lot of customization and logic on top of NextAuth to make it even somewhat complete. I was one of those people, which is exactly why I started Better Auth.
> auth in JS is in a sorry state
That’s been the case long before we started Better Auth, it’s the reason we built it in the first place. I hope we’ll be able to change that narrative. But I think what we already have is something other ecosystems can only wish for. Some references:
- https://www.youtube.com/watch?v=dNY4FKXwTsM - https://www.reddit.com/r/golang/comments/1le9q65/is_there_a_...
We started Better Auth with the vision of making high-quality auth (with simple abstractions, great docs, extensive set of features...) and make it accessible to everyone . It didn’t start as a commercial venture, at first it was a purely oss project I created. The reason it evolved into a commercial venture is that we saw new ways to make owning your auth even more accessible and scalable for companies.
The reason we’re bringing Auth.js under Better Auth is that the Auth.js team is moving on, and we don’t want the project to be abandoned, that would hurt trust in open-source auth as a whole. We’ve already seen that happen at smaller scaller with Lucia. If that weren’t the case, we’d actually benefit from Auth.js being deprecated, since we’re effectively the next most people would go for and we wouldn't have to take this risk and responsibilities.