Which will invariably lead to that open source project to become less and less useful if implemented separately from the SaaS platform. I’ve seen this game plan often enough.
I don’t know the story, but I’m not surprised. I led an effort to switch my company to Auth0 recently and they’re… bad. They have very poor support for anything even barely outside of normal, and when things are working correctly they not very good.
But when you have a requirement to move to a third party SaaS service, I suppose Auth0 is maybe the best of a bad bunch.
I interviewed for an SRE position at Auth0 years ago. My interviewer told me it was all held together by duct tape and prayers. I'm glad I didn't end up taking that position.
Same, I felt like I was writing my own auth. They don’t seem to understand that we’re trying to get away from the complexity of auth. I’ve talked with their sales people but may as well be talking to a wall.
This framework has made auth such a non-issue for me. The setup is easy and the usage is consistent framework to framework. So glad to see that they’re continuing to do well.
It’s not that auth is unsolved in other languages/frameworks, but it’s often way too complex or configuration-heavy. If adding passkey support to my app is going to take 2 hours, that’s two hours I’m spending away from building my core product. For smaller projects, that’s not time that I could afford.
For example, if I want to add passkeys to my .NET CORE app, this is the guide Microsoft provides:
For some projects, the flexibility of other solutions might be needed. But for ease-of-use and development speed, better-auth has been a clear winner for me.
Same. I've personally never had issues with any auth packages, granted I've never used auth0. Personally, they all seem quite similar, especially in the react world.
Anything that can help me utilize oauth standards is fine to me.
Better Auth has raised $5M. I don’t think it’s great to see a truly free project get absorbed into a commercial venture.
while i agree, in this case at least it looks like the money raised is for a future SaaS auth solution built on top of the open-source project
Which will invariably lead to that open source project to become less and less useful if implemented separately from the SaaS platform. I’ve seen this game plan often enough.
Good for them, bad for the rest of us.
> I’ve seen this game plan often enough.
I probably haven't been around as long as you. Could you provide an example of one that comes to mind?
We all know how this ends. The open source project ends up being crippled to the point it's no longer useful.
> Chances are, if you’ve used ChatGPT, Google Labs, Cal.com or a million other websites, you’ve already interacted with Auth.js.
I missed OpenAI migrating away from auth0. They must have been one of their largest customers - anybody know the story?
I don’t know the story, but I’m not surprised. I led an effort to switch my company to Auth0 recently and they’re… bad. They have very poor support for anything even barely outside of normal, and when things are working correctly they not very good.
But when you have a requirement to move to a third party SaaS service, I suppose Auth0 is maybe the best of a bad bunch.
I interviewed for an SRE position at Auth0 years ago. My interviewer told me it was all held together by duct tape and prayers. I'm glad I didn't end up taking that position.
Same, I felt like I was writing my own auth. They don’t seem to understand that we’re trying to get away from the complexity of auth. I’ve talked with their sales people but may as well be talking to a wall.
You can probably infer some from their Ory case study: https://www.ory.sh/case-studies/openai
They migrated SSO/SAML to WorkOS, and consumer auth to forked open source.
Ory also claims they are used by openai, so I guess they built their solution on Ory services + better-auth?
"anybody know the story?"
what story??? chance are if you are planet scale enterprise, you are big enough to maintain or create or fork popular custom OSS auth themselves
I mean can you imagine the cost ??? also the effect of third party that hold your entire user data
This framework has made auth such a non-issue for me. The setup is easy and the usage is consistent framework to framework. So glad to see that they’re continuing to do well.
This is funny to me because when someone asked re: Better Auth "better than what?" my off-the-cuff response was "better than Auth.js" and here we are.
Used and loved both products. Great to see they are joining forces.
Great news for dev simplicity, Better Auth is just... better.
I really wish there was such an easy off-the shelf auth solution for Go
Wow this is such a natural fit! Used both products, better auth is a clear successor. What a great path forward
Please add support for Swift!
only in javascript where auth is such a big issue.
in rails you can use the rails 8 auth or a better alternative authentication-zero. before it was devise.
java - spring security, shiro etc. but just complex things.
alternatively - use services like fusionAuth
It’s not that auth is unsolved in other languages/frameworks, but it’s often way too complex or configuration-heavy. If adding passkey support to my app is going to take 2 hours, that’s two hours I’m spending away from building my core product. For smaller projects, that’s not time that I could afford.
For example, if I want to add passkeys to my .NET CORE app, this is the guide Microsoft provides:
https://learn.microsoft.com/en-us/aspnet/core/security/authe...
Contrast that to better-auth (which is 7 lines of code total in server changes, and virtually no change to client API usage):
https://www.better-auth.com/docs/plugins/passkey
For some projects, the flexibility of other solutions might be needed. But for ease-of-use and development speed, better-auth has been a clear winner for me.
It’s Microsoft. Did you expect less than 30 pages of useless techno-babble?
Why is auth "such a big issue" in JS? I've used a number of solutions but haven't had big issues with them.
Same. I've personally never had issues with any auth packages, granted I've never used auth0. Personally, they all seem quite similar, especially in the react world.
Anything that can help me utilize oauth standards is fine to me.
In case if you don't know, Auth.js is not a frontend-only framework. It uses a backend server to make it secure.
So it basically has no difference from the alternatives you mentioned.