dev-authlisted

# Modern Web Auth ## Choosing your auth stack | Solution | When to choose | Avoid when | |----------|--------------|----------------| | **better-auth** | Total control, TS-first, extensible (plugins), native 2FA/passkeys | Project < 1 week MVP | | **Lucia v3+** | Minimalist approach, source-available code, you control everything | No time for plumbing | | **NextAuth/Auth.js** | Next.js ecosystem, easy OAuth, lots of adapters | Need fine control over sessions | | **Clerk** | Fast MVP, pre-built UI, paid SaaS | Limited budget, sovereign data control | | **Supabase Auth** | Already on Supabase, RLS for authorization | Non-Postgres stack, complex custom auth | | **Auth0 / Okta** | Enterprise, SAML/SCIM compliance | Indie apps, high cost | IMPORTANT: **Never roll your own auth** (homemade JWT, custom password hashing). Use a maintained lib. ## better-auth (recommended 2026) Framework-agnostic (Next, Remix, SvelteKit, Nuxt, vanilla). TypeScript-first. ### Install ```bash npm install better-auth ``` ### Minimal setup (Next.js) ```ts // lib/auth.ts import { betterAuth } from "better-auth"; import { Pool } from "pg"; export const auth = betterAuth({ database: new Pool({ connectionString: process.env.DATABASE_URL }), emailAndPassword: { enabled: true }, socialProviders: { github: { clientId: process.env.GITHUB_CLIENT_ID!, clientSecret: process.env.GITHUB_CLIENT_SECRET!, }, }, }); ``` ```ts // app/api/auth/[...all]/route.ts import { auth } from "@/