playbooks

home / skills / andrelandgraf / fullstackrecipes / better-auth-setup

better-auth-setup skill

/.agents/skills/better-auth-setup

This skill helps you bootstrap secure authentication using Better Auth with Drizzle ORM and Neon Postgres for rapid fullstack apps.

npx playbooks add skill andrelandgraf/fullstackrecipes --skill better-auth-setup

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
507 B
---
name: better-auth-setup
description: Add user authentication using Better Auth with Drizzle ORM and Neon Postgres. Base setup with email/password authentication.
---

# Better Auth Setup

To set up Better Auth Setup, refer to the fullstackrecipes MCP server resource:

**Resource URI:** `recipe://fullstackrecipes.com/better-auth-setup`

If the MCP server is not configured, fetch the recipe directly:

```bash
curl -H "Accept: text/plain" https://fullstackrecipes.com/api/recipes/better-auth-setup
```

Overview

This skill adds user authentication to a TypeScript full-stack app using Better Auth with Drizzle ORM and Neon Postgres. It provides a base setup for email/password authentication, integration points for session management, and database models ready for production. The intent is a clear, repeatable pattern you can drop into existing Shadcn-style projects.

How this skill works

The skill scaffolds the Drizzle ORM schema and migrations for users, and wires Better Auth handlers to authenticate via email and password. It configures Neon Postgres connection settings and session storage, and exposes simple API routes for sign-up, sign-in, sign-out, and password management. The code is modular so you can extend it with OAuth providers, multi-factor auth, or custom fields.

When to use it

  • You need a production-ready email/password auth foundation for a TypeScript full-stack app.
  • You use Drizzle ORM for typed database access and Neon Postgres as your database provider.
  • You want a drop-in authentication flow compatible with Shadcn UI patterns and server routes.
  • You need a minimal, auditable auth setup that’s easy to extend with OAuth or MFA.
  • You’re preparing an app for deployment and need secure session and password handling.

Best practices

  • Store database and session secrets in environment variables; never commit credentials.
  • Run Drizzle migrations in CI/CD pipelines and test them against a staging Neon database.
  • Hash and salt passwords with a proven library; prefer bcrypt or argon2 and enforce strong policies.
  • Limit login attempts and add rate limiting on auth endpoints to protect against brute force.
  • Write integration tests for sign-up, sign-in, and password reset flows before deploying.

Example use cases

  • Add auth to a new Shadcn-based project to protect dashboard and user settings pages.
  • Migrate an app from a simple token-based system to a robust ORM-backed auth model.
  • Prototype email/password auth quickly while keeping the option to add OAuth later.
  • Standardize authentication across multiple services by reusing the Drizzle schema and handlers.
  • Deploy a secure MVP that supports user registration, login, and session persistence.

FAQ

Does this support OAuth providers out of the box?

The base setup focuses on email/password, but the modular handlers make it straightforward to add OAuth providers.

Can I use a different Postgres host than Neon?

Yes. The connection layer is configurable; swap Neon connection strings for any Postgres-compatible host.