home / skills / bobmatnyc / claude-mpm-skills / better-auth-core

better-auth-core skill

safe

/toolchains/platforms/auth/better-auth/better-auth-core

This skill helps you configure a Better Auth core instance for TypeScript apps, wire servers and clients, and manage sessions securely.

npx playbooks add skill bobmatnyc/claude-mpm-skills --skill better-auth-core

Review the files below or copy the command above to add this skill to your agents.

Files (5)

SKILL.md

3.0 KB

---
name: better-auth-core
description: Better Auth core setup for TypeScript apps. Use when configuring the Better Auth instance, wiring server handlers and client instances, working with sessions, or calling server-side auth APIs.
progressive_disclosure:
  entry_point:
    summary: "Better Auth core setup for TypeScript apps. Use when configuring the Better Auth instance, wiring server handlers and client instances, working with sessions, or calling server-side auth APIs."
    when_to_use: "When implementing authentication, authorization, or security."
    quick_start: "1. Review the core concepts below. 2. Apply patterns to your use case. 3. Follow best practices for implementation."
  references:
    - client-server.md
    - setup-database.md
    - typescript.md
---
# Better Auth Core (TypeScript)

## Goals
- Set up a Better Auth instance with environment variables and data layer wiring.
- Wire server handlers and a client instance.
- Use sessions and server-side API methods safely.
- Keep data-layer choices pluggable (drivers or adapters).

## Quick start
1. Install `better-auth`.
2. Set `BETTER_AUTH_SECRET` (32+ chars) and `BETTER_AUTH_URL`.
3. Create `auth.ts` and export `auth`.
4. Provide `database` (driver or adapter) or omit for stateless sessions.
5. Mount a handler (`auth.handler` or a framework helper).
6. Create a client with `createAuthClient`.

```ts
import { betterAuth } from "better-auth";

export const auth = betterAuth({
  database: myDatabaseOrAdapter, // driver or adapter; omit for stateless mode
  emailAndPassword: { enabled: true },
  socialProviders: {
    github: {
      clientId: process.env.GITHUB_CLIENT_ID as string,
      clientSecret: process.env.GITHUB_CLIENT_SECRET as string,
    },
  },
});
```

## Core setup checklist
- Export the instance as `auth` (or default export) so helpers find it.
- Keep `BETTER_AUTH_URL` in sync with the public base URL.
- Pass the full base URL to the client if you change the `/api/auth` base path.
- Add database migrations before enabling plugins that require tables.

## Server API usage
- Call server endpoints via `auth.api.*` with `{ body, headers, query }`.
- Use `asResponse: true` if you need a `Response` object.
- Use `returnHeaders: true` to access `Set-Cookie` headers.

```ts
import { auth } from "./auth";

const session = await auth.api.getSession({
  headers: request.headers,
});

const response = await auth.api.signInEmail({
  body: { email, password },
  asResponse: true,
});
```

## Session access
- Client: `authClient.useSession()` or `authClient.getSession()`.
- Server: `auth.api.getSession({ headers })`.

## TypeScript tips
- Infer types with `auth.$Infer` and `authClient.$Infer`.
- Use `inferAdditionalFields` on the client when you extend the user schema.

## References
- `toolchains/platforms/auth/better-auth/better-auth-core/references/setup-database.md`
- `toolchains/platforms/auth/better-auth/better-auth-core/references/client-server.md`
- `toolchains/platforms/auth/better-auth/better-auth-core/references/typescript.md`

Overview

This skill provides a core setup for Better Auth in TypeScript applications. It guides creating and exporting a configured Better Auth instance, wiring database drivers or adapters, and creating client and server integrations. The goal is to make sessions, server-side auth APIs, and provider wiring safe and pluggable.

How this skill works

You create and export a configured auth instance (commonly named auth) with options for database, email/password, and social providers. The skill shows how to mount the server handler, call server APIs via auth.api.*, and create client instances with createAuthClient. It also explains session access patterns for client and server, and TypeScript helpers for inferring schemas and additional fields.

When to use it

Setting up authentication for a new TypeScript web app.
Wiring database drivers or adapters for stateful sessions.
Mounting auth handlers in server frameworks or custom routes.
Calling server-side auth APIs (sign-in, sign-out, getSession) from server code.
Creating a client-side auth instance and accessing sessions from the UI.

Best practices

Export the auth instance as auth (or default) so helpers and framework adapters can discover it.
Keep BETTER_AUTH_URL set to the public base URL and match any deployed base path changes.
Use a 32+ character BETTER_AUTH_SECRET and manage it via environment variables.
Provide database migrations before enabling plugins that require tables; leave database undefined for stateless sessions.
Use auth.api.* with asResponse or returnHeaders when you need Response objects or Set-Cookie headers.

Example use cases

Create auth.ts exporting auth configured with email/password and GitHub social provider.
Mount auth.handler (or framework helper) at /api/auth to serve all auth endpoints.
Server-side session retrieval: const session = await auth.api.getSession({ headers }).
Client-side flow: createAuthClient({ url: process.env.BETTER_AUTH_URL }) and call authClient.useSession().
Call auth.api.signInEmail with { body, asResponse:true } to return the framework Response object for direct proxying.

FAQ

Do I always need a database configured?

No. You can omit the database for stateless sessions, but provide a driver or adapter when you need persistent sessions or user records.

How do I access cookies or response headers from server API calls?

Use auth.api.* with returnHeaders:true to read Set-Cookie headers, or asResponse:true to get a Response object you can return directly from your route.