better-authlisted

# Better Auth Skill ## When to activate - Setting up authentication in a Next.js or TypeScript project from scratch - Adding OAuth providers (Google, GitHub, etc.) to an existing app - Implementing 2FA, TOTP, or magic link authentication - Setting up role-based access control (RBAC) or organization/team auth - Migrating away from Clerk, Auth0, or NextAuth due to cost or lock-in - Integrating auth with Drizzle ORM or Prisma ## When NOT to use - Projects already on NextAuth v5/Auth.js with working auth — migration cost is high - When you only need a simple JWT token and nothing else — overkill - Non-TypeScript projects — Better Auth is TypeScript-first ## Why Better Auth for AI generation Auth is the #1 area where LLMs hallucinate dangerously — incorrect cookie settings, missing CSRF headers, broken OAuth redirect flows. Better Auth's modular plugin system means Claude can inject pre-tested configuration blocks for 2FA, RBAC, and OAuth without generating cryptographic logic from scratch. The research confirms: "a single logic flaw results in catastrophic data breaches." ## Instructions ### Installation ```bash npm install better-auth ``` ### Database setup (Drizzle) ```typescript // db/auth-schema.ts — generated by Better Auth CLI // Run: npx better-auth generate (auto-generates this) import { pgTable, text, timestamp, boolean } from 'drizzle-orm/pg-core' export const user = pgTable('user', { id: text('id').primaryKey(), name: text('name').not