Using better auth in Next.js
In the Next.js ecosystem, NextAuth.js is a popular authentication solution. However, if you need stronger TypeScript support or greater flexibility, Better Auth offers a compelling alternative.
What is Better Auth?
Better Auth is a TypeScript-first authentication library that focuses on developer experience and type safety. It provides:
- Type-safe APIs - Full TypeScript support with excellent IntelliSense
- Multiple authentication methods - Email/password, social providers, magic links
- Database agnostic - Works with popular ORMs like Drizzle, Prisma, and more
- Framework integration - Built-in Next.js support with middleware and API routes
- Session management - Secure session handling with cookies
- Extensible plugins - Add features like rate limiting, email verification, etc.
How to use Better Auth in Next.js?
Let's explore how to implement Better Auth in Next.js. We'll create a simple project using minimal libraries to demonstrate the basics.
- Drizzle ORM - For database integration
- PostgreSQL - For database
- Next.js - For framework
- Shadcn UI - For the ready to use component
1. Install Dependencies
npm install better-auth
For database integration with Drizzle ORM and PostgreSQL:
npm install drizzle-orm pg @types/pg
2. Database Schema
Create your database schema with the required tables. Better Auth needs specific tables for users, sessions, accounts, and verification:
// db/schema.ts
import { boolean, pgTable, text, timestamp } from "drizzle-orm/pg-core";
export const user = pgTable("user", {
id: text('id').primaryKey(),
name: text('name').notNull(),
email: text('email').notNull().unique(),
emailVerified: boolean('email_verified').$defaultFn(() => false).notNull(),
image: text('image'),
createdAt: timestamp('created_at').$defaultFn(() => new Date()).notNull(),
updatedAt: timestamp('updated_at').$defaultFn(() => new Date()).notNull()
});
export const session = pgTable("session", {
id: text('id').primaryKey(),
expiresAt: timestamp('expires_at').notNull(),
token: text('token').notNull().unique(),
createdAt: timestamp('created_at').notNull(),
updatedAt: timestamp('updated_at').notNull(),
ipAddress: text('ip_address'),
userAgent: text('user_agent'),
userId: text('user_id').notNull().references(() => user.id, { onDelete: 'cascade' })
});
export const account = pgTable("account", {
id: text('id').primaryKey(),
accountId: text('account_id').notNull(),
providerId: text('provider_id').notNull(),
userId: text('user_id').notNull().references(() => user.id, { onDelete: 'cascade' }),
accessToken: text('access_token'),
refreshToken: text('refresh_token'),
idToken: text('id_token'),
accessTokenExpiresAt: timestamp('access_token_expires_at'),
refreshTokenExpiresAt: timestamp('refresh_token_expires_at'),
scope: text('scope'),
password: text('password'),
createdAt: timestamp('created_at').notNull(),
updatedAt: timestamp('updated_at').notNull()
});
export const verification = pgTable("verification", {
id: text('id').primaryKey(),
identifier: text('identifier').notNull(),
value: text('value').notNull(),
expiresAt: timestamp('expires_at').notNull(),
createdAt: timestamp('created_at').$defaultFn(() => new Date()),
updatedAt: timestamp('updated_at').$defaultFn(() => new Date())
});
export const schema = { user, session, account, verification };
3. Database Configuration
Set up your database connection:
// db/drizzle.ts
import { config } from "dotenv";
import { drizzle } from 'drizzle-orm/node-postgres';
import { Pool } from 'pg';
config({ path: ".env" });
const pool = new Pool({
connectionString: process.env.DATABASE_URL!,
});
export const db = drizzle(pool);
4. Environment Variables
Create your .env file:
# Auth
BETTER_AUTH_SECRET="your-better-auth-secret"
BETTER_AUTH_URL="http://localhost:3000"
# Database
DATABASE_URL="postgresql://username:password@localhost:5432/your_database"
# Google OAuth (optional)
GOOGLE_CLIENT_ID="your-google-client-id"
GOOGLE_CLIENT_SECRET="your-google-client-secret"
Better Auth Configuration
Server-side Auth Configuration
Create the main auth configuration:
// lib/auth.ts
import { db } from "@/db/drizzle";
import { schema } from "@/db/schema";
import { betterAuth } from "better-auth";
import { drizzleAdapter } from "better-auth/adapters/drizzle";
import { nextCookies } from "better-auth/next-js";
export const auth = betterAuth({
socialProviders: {
google: {
clientId: process.env.GOOGLE_CLIENT_ID as string,
clientSecret: process.env.GOOGLE_CLIENT_SECRET as string,
},
},
emailAndPassword: {
enabled: true
},
database: drizzleAdapter(db, {
provider: "pg",
schema,
}),
plugins: [nextCookies()]
});
Client-side Auth Configuration
Create the client-side auth instance:
// lib/auth-client.ts
import { createAuthClient } from "better-auth/react";
export const authClient = createAuthClient({
baseURL: "http://localhost:3000",
});
API Route Handler
Create the API route to handle authentication requests:
// app/api/auth/[...all]/route.ts
import { auth } from "@/lib/auth";
import { toNextJsHandler } from "better-auth/next-js";
export const { POST, GET } = toNextJsHandler(auth);
Authentication Implementation
1. Login Form Component
// components/login-form.tsx
"use client";
import { authClient } from "@/lib/auth-client";
import { signIn } from "@/server/users";
export function LoginForm() {
// Email/Password login
const handleEmailLogin = async (email: string, password: string) => {
const { success, message } = await signIn(email, password);
if (success) {
router.push("/dashboard");
} else {
toast.error(message);
}
};
// Social login
const signInWithGoogle = async () => {
await authClient.signIn.social({
provider: "google",
callbackURL: "/dashboard",
});
};
return (
<div>
{/* Email/Password form */}
<form onSubmit={handleEmailLogin}>
<input type="email" placeholder="Email" />
<input type="password" placeholder="Password" />
<button type="submit">Login</button>
</form>
{/* Social login */}
<button onClick={signInWithGoogle}>
Login with Google
</button>
</div>
);
}
Here's full page example with shadcn ui:
"use client";
import { zodResolver } from "@hookform/resolvers/zod";
import { useForm } from "react-hook-form";
import { cn } from "@/lib/utils";
import { Button } from "@/components/ui/button";
import {
Card,
CardContent,
CardDescription,
CardHeader,
CardTitle,
} from "@/components/ui/card";
import { Input } from "@/components/ui/input";
import {
Form,
FormControl,
FormField,
FormItem,
FormLabel,
FormMessage,
} from "@/components/ui/form";
import { signIn } from "@/server/users";
import { z } from "zod";
import { toast } from "sonner";
import { useRouter } from "next/navigation";
import { useState } from "react";
import { Loader2 } from "lucide-react";
import { authClient } from "@/lib/auth-client";
import Link from "next/link";
const formSchema = z.object({
email: z.string().email(),
password: z.string().min(8),
});
export function LoginForm({
className,
...props
}: React.ComponentProps<"div">) {
const [isLoading, setIsLoading] = useState(false);
const router = useRouter();
const form = useForm<z.infer<typeof formSchema>>({
resolver: zodResolver(formSchema),
defaultValues: {
email: "",
password: "",
},
});
const signInWithGoogle = async () => {
await authClient.signIn.social({
provider: "google",
callbackURL: "/dashboard",
});
};
async function onSubmit(values: z.infer<typeof formSchema>) {
setIsLoading(true);
const { success, message } = await signIn(values.email, values.password);
if (success) {
toast.success(message as string);
router.push("/dashboard");
} else {
toast.error(message as string);
}
setIsLoading(false);
}
return (
<div className={cn("flex flex-col gap-6", className)} {...props}>
<Card>
<CardHeader className="text-center">
<CardTitle className="text-xl">Welcome back</CardTitle>
<CardDescription>Login with your Google account</CardDescription>
</CardHeader>
<CardContent>
<Form {...form}>
<form onSubmit={form.handleSubmit(onSubmit)} className="space-y-8">
<div className="grid gap-6">
<div className="flex flex-col gap-4">
<Button
variant="outline"
className="w-full"
type="button"
onClick={signInWithGoogle}
>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
<path
d="M12.48 10.92v3.28h7.84c-.24 1.84-.853 3.187-1.787 4.133-1.147 1.147-2.933 2.4-6.053 2.4-4.827 0-8.6-3.893-8.6-8.72s3.773-8.72 8.6-8.72c2.6 0 4.507 1.027 5.907 2.347l2.307-2.307C18.747 1.44 16.133 0 12.48 0 5.867 0 .307 5.387.307 12s5.56 12 12.173 12c3.573 0 6.267-1.173 8.373-3.36 2.16-2.16 2.84-5.213 2.84-7.667 0-.76-.053-1.467-.173-2.053H12.48z"
fill="currentColor"
/>
</svg>
Login with Google
</Button>
</div>
<div className="after:border-border relative text-center text-sm after:absolute after:inset-0 after:top-1/2 after:z-0 after:flex after:items-center after:border-t">
<span className="bg-card text-muted-foreground relative z-10 px-2">
Or continue with
</span>
</div>
<div className="grid gap-6">
<div className="grid gap-3">
<FormField
control={form.control}
name="email"
render={({ field }) => (
<FormItem>
<FormLabel>Email</FormLabel>
<FormControl>
<Input placeholder="m@example.com" {...field} />
</FormControl>
<FormMessage />
</FormItem>
)}
/>
</div>
<div className="grid gap-3">
<div className="flex flex-col gap-2">
<FormField
control={form.control}
name="password"
render={({ field }) => (
<FormItem>
<FormLabel>Password</FormLabel>
<FormControl>
<Input
placeholder="********"
{...field}
type="password"
/>
</FormControl>
<FormMessage />
</FormItem>
)}
/>
<Link
href="#"
className="ml-auto text-sm underline-offset-4 hover:underline"
>
Forgot your password?
</Link>
</div>
</div>
<Button type="submit" className="w-full" disabled={isLoading}>
{isLoading ? (
<Loader2 className="size-4 animate-spin" />
) : (
"Login"
)}
</Button>
</div>
<div className="text-center text-sm">
Don't have an account?{" "}
<Link href="/signup" className="underline underline-offset-4">
Sign up
</Link>
</div>
</div>
</form>
</Form>
</CardContent>
</Card>
<div className="text-muted-foreground *:[a]:hover:text-primary text-center text-xs text-balance *:[a]:underline *:[a]:underline-offset-4">
By clicking continue, you agree to our{" "}
<Link href="#">Terms of Service</Link> and{" "}
<Link href="#">Privacy Policy</Link>.
</div>
</div>
);
}
2. Server Actions
Create server actions for authentication:
// server/users.ts
"use server";
import { auth } from "@/lib/auth";
export const signIn = async (email: string, password: string) => {
try {
await auth.api.signInEmail({
body: {
email,
password,
}
});
return {
success: true,
message: "Signed in successfully."
};
} catch (error) {
const e = error as Error;
return {
success: false,
message: e.message || "An unknown error occurred."
};
}
};
export const signUp = async (email: string, password: string, username: string) => {
try {
await auth.api.signUpEmail({
body: {
email,
password,
name: username
}
});
return {
success: true,
message: "Signed up successfully."
};
} catch (error) {
const e = error as Error;
return {
success: false,
message: e.message || "An unknown error occurred."
};
}
};
3. Logout Component
// components/logout.tsx
"use client";
import { authClient } from "@/lib/auth-client";
import { useRouter } from "next/navigation";
export function Logout() {
const router = useRouter();
const handleLogout = async () => {
await authClient.signOut();
router.push("/");
};
return (
<button onClick={handleLogout}>
Logout
</button>
);
}
Route Protection with Middleware
Protect your routes using Next.js middleware:
// middleware.ts
import { getSessionCookie } from "better-auth/cookies";
import { NextRequest, NextResponse } from "next/server";
export async function middleware(request: NextRequest) {
const sessionCookie = getSessionCookie(request);
if (!sessionCookie) {
return NextResponse.redirect(new URL("/", request.url));
}
return NextResponse.next();
}
export const config = {
matcher: ["/dashboard"],
};
Advanced Features
Session Management
Better Auth automatically handles session creation, validation, and cleanup. Sessions are stored as secure HTTP-only cookies and can be customized:
export const auth = betterAuth({
session: {
expiresIn: 60 * 60 * 24 * 7, // 7 days
updateAge: 60 * 60 * 24, // 1 day
},
// ... other config
});
Getting User Session
Access the current user session in your components or API routes:
// In a React component
import { authClient } from "@/lib/auth-client";
export function UserProfile() {
const { data: session } = authClient.useSession();
if (!session) {
return <div>Not logged in</div>;
}
return <div>Welcome, {session.user.name}!</div>;
}
Email Verification
Enable email verification by adding the email verification plugin:
import { emailVerification } from "better-auth/plugins";
export const auth = betterAuth({
plugins: [
emailVerification({
sendOnSignUp: true,
autoSignInAfterVerification: true,
}),
nextCookies()
],
// ... other config
});
Conclusion
Better Auth provides a robust, type-safe authentication solution for Next.js applications. Its flexible architecture allows you to start simple with email/password authentication and expand to include social providers, email verification, and advanced security features as your application grows.
The combination of type safety, flexible configuration, and excellent Next.js integration makes Better Auth an excellent choice for modern web applications that need reliable authentication.
For more advanced features and configuration options, check out the Better Auth documentation.