Better Auth: the future of Auth.js

At Premier Octet, we're constantly exploring new tools to simplify and secure our development workflows. For a long time, NextAuth.js (now Auth.js) was our go-to solution for authentication in Next.js projects.

Recently, a major shift happened: Auth.js joined Better Auth.

Better Auth is now the official successor of Auth.js, bringing a broader vision and a more modern approach to authentication.

In this article, we share our experience: setup, migration from Supabase, and an overview of its plugin ecosystem.

Sessions: a new philosophy

Historically, Auth.js offered two session strategies:

1. Stateless sessions using JWTs — no database required, lightweight and fast, but tricky to invalidate when session data changes (roles, permissions, etc.). This is the default approach.
2. Stateful sessions stored in a database (Prisma, Mongo, etc.), verified on each request. They allow real-time permission updates, instant logout, and multi-device handling — at the cost of slightly higher server load.

Better Auth embraces a stateful-first model by default, while still offering a Bearer Token Authentication plugin for stateless API-style sessions.

Installation and database setup

While Auth.js required manual schema integration, Better Auth ships with a CLI that generates the necessary tables for you — fast, standardized, and less error-prone.

Here's the setup with Prisma after installing the library:

npx @better-auth/cli generate
npx prisma migrate dev

import { betterAuth } from "better-auth";
import { prismaAdapter } from "better-auth/adapters/prisma";
import { PrismaClient } from "@prisma/client";

const prisma = new PrismaClient();

export const auth = betterAuth({
  secret: process.env.BETTER_AUTH_SECRET,
  database: prismaAdapter(prisma, {
    provider: "postgresql",
  }),
});

import { createAuthClient } from "better-auth/react";

const authClient = createAuthClient();

export const {
  useSession,
  getSession,
  signIn,
  signOut,
  changeEmail,
  changePassword,
  updateUser,
} = authClient;

import { auth } from "@/auth";
import { toNextJsHandler } from "better-auth/next-js";

export const { GET, POST } = toNextJsHandler(auth.handler);

And that’s it. ✨ Sign-up, login, session management, email update, and password reset — everything works and is accessible through the auth.api on the server side and authClient on the client side.

Better Auth doesn’t ship with a prebuilt UI, but after a quick configuration, its methods make it effortless to integrate login via credentials or social providers like Google, Apple, GitHub, and more.

Migrating from Supabase

We also tested the migration from Supabase on one of our apps. Once again, the process is extremely simple:

1. Retrieve your Supabase database URL.
2. Generate the Better Auth tables using the CLI.
3. Run the official migration script.

⚠️ Current limitation: Supabase uses bcrypt, while Better Auth relies on scrypt. Users will therefore need to reset their passwords after migration. In production, make sure to communicate this clearly (via email, banner, etc.).

Plugins: going further

Unlike Auth.js, which focused on authentication providers (Google, GitHub, Credentials…), Better Auth introduces plugins designed for real-world business needs: organizations, roles, 2FA, magic links, and more.

Example: The Organization plugin simplifies managing teams or companies within your app. It automatically creates the necessary tables and provides ready-to-use methods to:

• create organizations,
• invite members,
• assign and update roles,
• manage access rights.

In practice, it lets you build a complete multi-user system without reinventing the wheel.

import { betterAuth } from "better-auth"
import { organization } from "better-auth/plugins"

export const auth = betterAuth({
    plugins: [organization()]
})

import { createAuthClient } from "better-auth/client"
import { organizationClient } from "better-auth/client/plugins"

export const authClient = createAuthClient({
    plugins: [organizationClient()]
})

In just a few lines, plugins unlock powerful features like 2FA for better security, magic links for simpler logins, or admin tools (including user impersonation), and more.

Conclusion

Throughout this article, the word simple kept coming up — and that’s no coincidence. Better Auth was designed with Developer Experience in mind, and it shows from the first install: everything feels smooth and intuitive.

Beyond ease of use, Better Auth is now the official successor of Auth.js. It’s a solid solution combining security, extensibility, and speed of integration.

At Premier Octet, Better Auth has become our go-to authentication solution for client projects. Its simplicity and flexibility make it a natural fit for modern applications.

👉 If you’re currently using Auth.js, Better Auth is absolutely worth migrating to.