HN

Comments (140)

• jakubriedl
  I've recently switched from Clerk to BetterAuth as well and it's really good and definitely would recommend to anyone. It supports more things I need, it's more reliable, and much cheaper.The reason why it work for me is that it's finally a open-source solution that is on par or better with commercial. When I've selected Clerk originally the reason was that there wasn't open-source alternative, and I won't roll my own auth, I'm not suicidal. But now? I really don't see a single reason why I would pick Clerk, Auth0, Kinde, ...
• Menu

  tornikeo
  Can someone more intelligent then me tell me why should I offload my postgres users table to some 3rd party provider? Like what is so hard about keeping that table in my VM on hetzner that I have to give it off to someone else? It's not payments, it's just a few fields of data
• Menu

  bekacru
  Hey, Bereket from Better Auth here. I started Better Auth to solve this exact issue for myself, and it later turned into a company. It always give me joy to just see others getting the same value from it :) There is a lot to work on, would love to know what we can improve
• Menu

  JSR_FDED
  So let me be the one to invite ridicule and scorn by admitting I wrote my own auth code. It was fiddly and boring at the same time. It also wasn’t rocket science, and it works well. I’ll be the first to admit that there are cases where this is a bad idea, I’m just responding to the chants of never roll your own auth.Knowing every single line of code involved allowed me to add some location-based functionality for one client, provide tailored logging to meet the needs of another client, and my favorite was winning a deal against much bigger competitors by being able to integrate with an absolutely ancient legacy system.Just like “Goto considered harmful”, DRY, YAGNI, etc - they’re great at making you slow down and think. But they’re not inviolable.
• wxw
  I enjoyed the Supabase migration article from a while ago (https://blog.val.town/blog/migrating-from-supabase) as well. There's a shortage of good, honest writing on long-term engineering decisions, please keep up the blog!
• veltas
  > A hard lesson you learn building a complex system is that its reliability is the minimum of the combined reliability of its critical parts.More like "its failures are the total of its critical components' failures" when you've got two nines on your least reliable component so most likely any critical component failure will be exclusive.
• Menu

  BoppreH
  > A hard lesson you learn building a complex system is that its reliability is the minimum of the combined reliability of its critical parts.It's worse than that, the combined availability is the product of all components in the critical path. If your software, the authentication layer, and the cloud provider each have 99% availability, and any one of them can bring your service down, then your final availability is just 97%. With eleven components like that you have zero nines of availability.That's why reducing components and going for reliable solutions is so important. I'm happy that the team took this path.
• Menu

  swyx
  > There is no val associated with this domain
• Menu

  snide
  This is why I'm so thankful I went with Lucia early. They sort of sunset their library and replaced it with documentation (and some small utilities) for how to manage and host authentication for yourself. It's always presented as some big, scary thing you can't manage yourself, but I found that taking the week to learn how security and basic salting works, I was able to feel more confident about how everything worked.
• Menu

  _heimdall
  I'm surprised to see so many top comments here promoting building your own auth. For years I've only heard "never roll your own auth."
• MrDarcy
  Recently went with a vendor of an agentic observability and evaluation product built on Supabase and Clerk. The number of vulnerabilities and CVE’s and outright… I don’t even know the words, coming from this stack is staggering.Be very very wary of any vendor selling something built on this Supabase + Clerk stack. That alone is a very strong indicator they do not understand basic security or data protection.
• WilcoKruijer
  You could almost call the comparison between Clerk and Better Auth unfair. One is a service and one is a library, apples to oranges. Any third-party service integrated into a stack is a liability, libraries as well, but to a lesser degree. It’s about time for more services to be replaced by libraries. Better Auth really shows how to do that imo, it’s a library that integrates on the frontend, backend, and database. This is why it’s so good.
• Menu

  elAhmo
  Using Clerk, quite unhappy with it. No proper RBAC (roles are tied to organizations, not stored on user itself, so you cannot have a concept of global admin or something like that, unless you use metadata for storing arbitrary key value paris), and more than once in the past weeks/months it had a downtime causing the whole app to fail.Would think twice before using it in the future.
• Menu

  wg0
  Never outsource your auth no matter what unless you're vibe coding and it doesn't matter. If that's the case, don't put auth in at all because it's just you anyway or just use vibe coded password lookups from database at that point.Lastly - here's the law of mother nature:Software funded by VCs will milk you and will milk you dry. Not now, not tomorrow maybe decade or two later when the hot potato being passed around reaches to the last party holding the bag that now needs its money back with all that others had their 10x returns already taken from them by soldng them at an inflated price to the last party holding the bag.Clerk's pricing should be evidence enough.
• Menu

  oncensher
  Had a similar journey recently. Started with Stack Auth, found it unusable in production due to extremely hard rate limits and bad performance even when not rate limited. Switched to WorkOS AuthKit, which works much better and supports useful enterprise features. But inclined to BetterAuth for new projects.- Syncing external auth provider state with your user state is a bug center. It helps to keep as little state as possible in the auth provider, but there is still some. - Refreshing JWT access tokens every few minutes is another bug center and honestly there is no need to do this if you control your own auth. - WorkOS does not have a complete API. It is built on the assumption that you have one product per billing account and a fixed number of environments (staging, production, and they can give you another one if you ask support). You have to whitelist redirect and other URLs in the dashboard, and there doesn't seem to be an easy way for agents to do it.Outsourcing auth does not make much sense IMO. The less you can split your state over multiple services the fewer problems you will have. Sometimes it is inevitable, like for payments, or if you need specialized databases for performance reasons. But for auth there is really no good reason if good libraries are available. To people who say that using a service will help you get started faster, none of the problems I hit with auth services had to do with having high scale -- most of them hit before I even launched.
• Menu

  rbbydotdev
  Tom's articles are always a good read.Anyone remember Auth0 and passportjs?The churn of auth services is never ending, but I suppose so are the standards.
• ryanhiebert
  My biggest question, that I didn’t see answered, is how the transition comes to an end. If creds aren’t in your system, how well do they transfer? Does it require user involvement? What if they don’t fast enough? What about complex integrations like SSO, SCIM, and passkeys (which are domain scoped)?
• smnscu
  I've been through the exact same migration path and I'm so incredibly happy with Better Auth. Good reminder that I should contribute: https://better-auth.com/docs/reference/contributing
• supermdguy
  Better auth is great! I love how it's way more hackable than using a something like Clerk. We were able to add a plugin to allow auth via iframe postMessage (embedded in a CRM) and everything worked seamlessly.
• kandros
  Does Better Auth still have the weird design to be everything “request header based”? I remember running admin scripts and tests to be very hacky due to it cause if you skipped that plugins wouldn’t run
• Menu

  melonpan7
  If anything I feel like Clerk adoption is becoming the norm in recent years. I started using it about a year ago and found it to have troublesome reliability.
• Menu

  zuzululu
  what do you get from Better Auth btw? When I used it last year, I still found it lacking and it seemed to be run by one guy.
• Menu

  cyberax
  > Some important context is that Clerk is a major success. They just raised 50 million dollars and they have lots of satisfied users.And even more users who are looking to escape. Clerk is just a mess. They are trying to cram EVERYTHING into their libraries: Web3 crap, Stripe, etc. Clerk's JS blob is now triggering the browser inspectors for being slow to load.Every time when we upgraded React, Clerk libraries were the biggest pain with their transitive dependencies. We had issues with Stripe libraries with conflicting versions, etc.And forget about debugging it. The libraries are obfuscated, and the TS code is impenetrable mess of abstractions to support "isomorphic" code that can run transparently on the frontend and backend.And their platform itself is lacking important functionality, like freaking audit logs and versioning. Somebody (probably) accidentally changed a setting in their console, and we couldn't trace back when it happened or who did it.Edit: oh yeah, and don't forget their unreliability. I had to wake up on Sunday to deal with Clerk failing the API calls for token refreshes last week.
• notbekacru
  When is the Better Auth to WorkOS to Vanilla Auth post coming
• Menu

  dzonga
  in rails I just authentication-zero.no need for 3rd party provider.
• Menu

  manishsharan
  Has anyone used Keycloak for actual production? I have often thought about it but I stick to Auth0 just because I don't know if Keycloak has a good track record?
• Menu

  cpursley
  If you're in Elixir-land, I've put together a few packages to help migrating from Supabase (or other stacks):- https://github.com/agoodway/introspex (generate Ecto Schemas from postgres tables)- https://github.com/agoodway/pgrest (Supabase/PostgREST compatible query engine)I also found this helpful in the migration: https://github.com/supabase-community/supabase-exNothing for auth, I basically did a one-off script for that. Phoenix auth stuff that comes out of the box is great.
• moomoo11
  I've just stuck with Auth0 for years now.Easy to use and high reliability. Some of these other providers are not the best at reliability.
• Menu

  dakolli
  The homepage of val.town says "Zapier for know-code engineers".. Is KNOW-code engineer a term?
• anon
  undefined
• pururvaagarwal
  [flagged]
• anon
  undefined
• anishksrini
  [dead]
• huflungdung
  [dead]