Auth.js vs BetterAuth: The Ultimate Comparison Guide for Next.js

Auth.js vs BetterAuth: Which Authentication Library Is Best for Next.js in 2025?
Authentication can make or break your web app’s onboarding experience. Choosing the wrong auth solution can lead to frustrating bugs, security holes, or wasted weeks of refactoring.
In this guide, we’ll compare Auth.js and BetterAuth — two of the most popular libraries for adding authentication to your Next.js app.
TL;DR
Feature | Auth.js | BetterAuth |
---|---|---|
Setup Time | ⏱️ Medium | ⚡ Fast |
Documentation | 📖 Complex but thorough | 🧼 Clear & minimal |
Flexibility | 🧩 Very high | 🔒 Opinionated |
MFA Support | 🔌 Optional | ✅ Built-in |
Session Strategy | 🔄 JWT/Database | 🔐 JWT only |
Suitable for Teams? | ✅ Yes | 🤔 Limited |
TypeScript DX | 😵💫 Inconsistent | 🧠 Strong inference |
When to Use Each
✅ Use Auth.js if:
- You need maximum flexibility (e.g. custom flows, adapters)
- You’re using multiple OAuth providers
- You’re comfortable digging into internals
✅ Use BetterAuth if:
- You want a fast and secure default config
- You prefer simple patterns over flexibility
- You want MFA out of the box
Setup Experience
🔧 Auth.js
Auth.js requires defining multiple layers of config. Here’s a basic setup:
// app/api/auth/[...nextauth]/route.ts
import NextAuth from "next-auth";
import GitHub from "next-auth/providers/github";
const handler = NextAuth({
providers: [GitHub],
callbacks: {
session: ({ session, token }) => {
session.user.id = token.sub;
return session;
},
},
});
export { handler as GET, handler as POST };
Expect to write more boilerplate for TypeScript types, server/client sync, and session management.
⚡ BetterAuth
BetterAuth ships with sensible defaults and a simplified API:
// app/api/auth/route.ts
import { authHandler } from "betterauth/server";
import GitHub from "betterauth/providers/github";
export const { GET, POST } = authHandler({
providers: [GitHub()],
features: { mfa: true },
});
Cleaner syntax, no extra adapter config, and MFA support enabled by default.
Developer Experience
Auth.js has a steeper learning curve. Docs are comprehensive, but overwhelming. You’ll often end up in Discord or GitHub issues.
BetterAuth’s DX is beginner-friendly. It uses generics and zod under the hood, so type safety “just works.”
💡 Pro tip: BetterAuth auto-inflects types from your session and provider setup — no need for a next-auth.d.ts
dance.
Implementation Comparison
Let's look at how both solutions handle common authentication scenarios.
Setting Up Auth.js
First, install the necessary packages:
npm install next-auth
# or
yarn add next-auth
Create an API route for authentication:
// pages/api/auth/[...nextauth].ts
import NextAuth from "next-auth"
import CredentialsProvider from "next-auth/providers/credentials"
export default NextAuth({
providers: [
CredentialsProvider({
name: "Credentials",
credentials: {
username: { label: "Username", type: "text" },
password: { label: "Password", type: "password" }
},
async authorize(credentials, req) {
// Add your authentication logic here
const user = await authenticateUser(credentials)
if (user) {
return user
}
return null
}
})
],
session: {
strategy: "jwt"
},
callbacks: {
async session({ session, token }) {
// Add custom session handling
return session
}
}
})
Set up the provider in your app:
// pages/_app.tsx
import { SessionProvider } from "next-auth/react"
function MyApp({ Component, pageProps: { session, ...pageProps } }) {
return (
<SessionProvider session={session}>
<Component {...pageProps} />
</SessionProvider>
)
}
export default MyApp
Setting Up BetterAuth
Install BetterAuth:
npm install better-auth
# or
yarn add better-auth
Create your auth configuration:
// lib/auth.ts
import { createAuth } from "better-auth"
export const auth = createAuth({
secret: process.env.AUTH_SECRET,
database: {
type: "postgres",
url: process.env.DATABASE_URL
},
session: {
strategy: "jwt"
}
})
Set up the API route:
// pages/api/auth/[...auth].ts
import { auth } from "@/lib/auth"
import { createHandler } from "better-auth/next"
export default createHandler(auth)
Real-World Implementation Examples
Let's explore some common authentication scenarios and how they're handled in both libraries.
User Login with Auth.js
// components/LoginForm.tsx
import { signIn } from "next-auth/react"
import { useState } from "react"
export default function LoginForm() {
const [credentials, setCredentials] = useState({
email: "",
password: ""
})
const handleSubmit = async (e) => {
e.preventDefault()
try {
const result = await signIn("credentials", {
redirect: false,
email: credentials.email,
password: credentials.password
})
if (result?.error) {
// Handle error
console.error(result.error)
}
} catch (error) {
console.error("Login failed:", error)
}
}
return (
<form onSubmit={handleSubmit}>
<input
type="email"
value={credentials.email}
onChange={(e) => setCredentials({
...credentials,
email: e.target.value
})}
/>
<input
type="password"
value={credentials.password}
onChange={(e) => setCredentials({
...credentials,
password: e.target.value
})}
/>
<button type="submit">Login</button>
</form>
)
}
User Login with BetterAuth
// components/LoginForm.tsx
import { useAuth } from "better-auth/react"
import { useState } from "react"
export default function LoginForm() {
const { login } = useAuth()
const [credentials, setCredentials] = useState({
email: "",
password: ""
})
const handleSubmit = async (e) => {
e.preventDefault()
try {
await login({
email: credentials.email,
password: credentials.password
})
// Successful login will automatically update auth state
} catch (error) {
console.error("Login failed:", error)
}
}
return (
<form onSubmit={handleSubmit}>
<input
type="email"
value={credentials.email}
onChange={(e) => setCredentials({
...credentials,
email: e.target.value
})}
/>
<input
type="password"
value={credentials.password}
onChange={(e) => setCredentials({
...credentials,
password: e.target.value
})}
/>
<button type="submit">Login</button>
</form>
)
}
Protected Routes and Session Management
Auth.js Protected Routes
// middleware.ts
export { default } from "next-auth/middleware"
export const config = {
matcher: ["/protected/:path*"]
}
// pages/protected/dashboard.tsx
import { useSession } from "next-auth/react"
import { useRouter } from "next/router"
export default function Dashboard() {
const { data: session, status } = useSession()
const router = useRouter()
if (status === "loading") {
return <div>Loading...</div>
}
if (!session) {
router.push("/login")
return null
}
return (
<div>
<h1>Welcome {session.user.name}</h1>
{/* Dashboard content */}
</div>
)
}
BetterAuth Protected Routes
// middleware.ts
import { createMiddleware } from "better-auth/next"
import { auth } from "@/lib/auth"
export default createMiddleware(auth)
export const config = {
matcher: ["/protected/:path*"]
}
// pages/protected/dashboard.tsx
import { useAuth } from "better-auth/react"
export default function Dashboard() {
const { user, isLoading } = useAuth()
if (isLoading) {
return <div>Loading...</div>
}
return (
<div>
<h1>Welcome {user.name}</h1>
{/* Dashboard content */}
</div>
)
}
Performance and Security Considerations
Auth.js Security Features
JWT Handling:
// pages/api/auth/[...nextauth].ts
export default NextAuth({
jwt: {
secret: process.env.JWT_SECRET,
maxAge: 60 * 60 * 24 * 30, // 30 days
encryption: true
},
security: {
csrf: true,
cookieSecure: process.env.NODE_ENV === "production"
}
})
Custom Authorization Logic:
// lib/auth-checks.ts
export const checkUserPermissions = async (session) => {
if (!session) return false
// Add your custom authorization logic
const userRoles = await fetchUserRoles(session.user.id)
return userRoles.includes("admin")
}
BetterAuth Security Features
Built-in Rate Limiting:
// lib/auth.ts
import { createAuth } from "better-auth"
export const auth = createAuth({
rateLimit: {
enabled: true,
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100 // limit each IP to 100 requests per windowMs
},
security: {
passwordPolicy: {
minLength: 8,
requireNumbers: true,
requireSpecialChars: true
}
}
})
MFA Implementation:
// pages/api/auth/enable-mfa.ts
import { auth } from "@/lib/auth"
export default async function handler(req, res) {
const { user } = await auth.getUserSession(req)
if (!user) {
return res.status(401).json({ error: "Unauthorized" })
}
const secret = await auth.mfa.generateSecret()
const qrCode = await auth.mfa.generateQRCode(secret)
return res.json({ secret, qrCode })
}
Migration Considerations
If you're considering migrating from Auth.js to BetterAuth, here's a step-by-step approach:
- Backup Your Data
# Export your users and sessions
pg_dump -t users -t sessions > auth_backup.sql
- Update Dependencies
npm remove next-auth
npm install better-auth
- Update Configuration
// Before (Auth.js)
export default NextAuth({
providers: [...],
callbacks: {...},
session: {...}
})
// After (BetterAuth)
export const auth = createAuth({
providers: {...},
session: {...},
callbacks: {...}
})
- Update Components
// Before (Auth.js)
import { useSession } from "next-auth/react"
// After (BetterAuth)
import { useAuth } from "better-auth/react"
Real-World Migration Example
Let's say you're moving from Auth.js to BetterAuth.
- Replace API route: Change the handler in
app/api/auth/[...nextauth]
toapp/api/auth/route.ts
- Update client hooks: Replace
useSession
fromnext-auth/react
withuseBetterSession()
- Remove adapters & JWT callbacks — BetterAuth handles this internally.
- Add MFA (optional) via config flag
// hooks/useSession.ts
import { useSession } from "betterauth/client";
export function useUser() {
const { data } = useSession();
return data?.user;
}
Migration usually takes 1–2 hours for a typical project.
FAQs
❓ Is BetterAuth production-ready?
Yes. It's used in multiple SaaS products and audited by third-party security firms.
❓ Can I use BetterAuth with Next.js App Router?
Absolutely — it was designed with App Router in mind.
❓ Does Auth.js support MFA?
Not out of the box. You'll need to implement your own flow or use a plugin.
Verdict
Go with BetterAuth if you want speed, simplicity, and strong security out of the box.
Stick with Auth.js if you need advanced customizations or already have a large app using it.
No matter your choice, both tools can serve you well in 2025 — it just depends on your project's complexity and your team's preferences.
Related Resources
- Auth.js Documentation
- BetterAuth Documentation
- Securing Your Next.js App with Headers & CSP
- Zod vs Yup: Choosing the Best Schema Validator
Got questions or want a migration walkthrough? Contact us or drop a comment below!