Better Auth Example

Authentication is the gatekeeper of every application. This project demonstrates how to implement a robust, production-ready authentication system using modern tools — one that you can actually learn from and adapt to your own needs.

The goal was simple: build something that handles the complexity of real-world authentication without hiding the implementation details.

The Problem

Authentication seems simple at first — let users log in. But the reality involves email verification, password resets, OAuth providers, session management, and dozens of security considerations. Most tutorials scratch the surface; real implementations require depth.

Hosted solutions like Auth0 or Clerk abstract everything away. They work great until you need customization, hit their pricing tier, or face vendor lock-in. Self-hosted alternatives often feel incomplete or overly complex.

This project provides a complete, transparent implementation that you can study, extend, or use as a foundation.

How It Works

The authentication flow covers what production applications actually need:

• Email & Password — Traditional signup with email verification via Resend
• OAuth Integration — GitHub login with a single click
• Session Management — Secure cookies with proper expiration handling
• Protected Routes — Middleware-based access control
• User Profiles — Avatar upload, name editing, and account settings

Technical Decisions

Building on Next.js 16 with the App Router was a deliberate choice. Server components allow for secure session handling, and the new architecture provides a clean separation between server and client logic.

Better Auth handles the complexity of authentication without the lock-in of hosted solutions. It's flexible, well-documented, and designed for modern frameworks. The library manages sessions, OAuth flows, and email verification — but you own the code and data.

Prisma with PostgreSQL provides type-safe database access. The schema is minimal but complete:

• Users with authentication credentials
• Sessions for stateful login management
• Accounts for OAuth provider connections
• Verification tokens for email confirmation

Resend handles transactional emails — verification links, password resets, and notifications. The integration is straightforward and reliable.

Security Considerations

Security isn't an afterthought. The implementation follows current best practices:

• Passwords are hashed with bcrypt
• Sessions are server-side with secure, HTTP-only cookies
• CSRF protection is enabled by default
• Email verification prevents account enumeration

The code is organized to make security-critical paths easy to audit and understand.

What's Next

This is a living reference. Future additions may include two-factor authentication, additional OAuth providers, and account recovery flows. The foundation is solid — built to extend rather than replace.

Better Auth Example is a reference implementation for modern authentication. Clone it, study it, break it apart, and build something better.