Better Auth, by a self-taught Ethiopian dev, raises $5M from Peak XV, YC

Posted by bundie 5 days ago

Better Auth, by a self-taught Ethiopian dev, raises $5M from Peak XV, YC(techcrunch.com)

282 points | 177 comments

chrisldgk 5 days ago|

At our company we use better auth for every product that has any kind of user account logic. It’s great since it’s drop-in, the plugins give so much functionality that you’d have to roll on your own in so little time and the integrations with ORMs like drizzle and prisma mean that your schemas stay the SSOT that they should be, even for auth. It’s extensible where it needs to be and brings defaults that are more than sane. Also the RPC-like TypeScript client that you also get for free is so good I don’t know how I could live without that.

Glazing over, I just wanted to give props and say that whatever good happens to better-auth, it deserves it.

dang 5 days ago||

Launch HN: Better Auth (YC X25) – Authentication Framework for TypeScript - https://news.ycombinator.com/item?id=44030492 - May 2025 (106 comments)

Better Auth – Authentication library for TypeScript - https://news.ycombinator.com/item?id=42272707 - Nov 2024 (32 comments)

Show HN: Comprehensive authentication library for TypeScript - https://news.ycombinator.com/item?id=41678652 - Sept 2024 (44 comments)

savrajsingh 5 days ago|

clickpass, YC s07

b0a04gl 5 days ago||

supertokens did the same thing from bengaluru. didn’t start loud. just showed up with clean abstractions that didn’t leak. you could tell someone had wrestled with real auth mess before touching a single line. it worked, across teams, stacks, workflows

better auth gives off the same shape. that gets well adopted because it survives scaling without needing a rewrite

same pattern and diff origin place. someone holding the whole stack in their head long enough to ship something

lukeh 5 days ago||

I like that last sentence!

5Qn8mNbc2FNCiVV 3 days ago||

Too bad that the Supertokens docs became an absolute dumpster fire with their "recipes" and reading the source made me lose confidence in the product's quality to rely on.

Not saying better-auth is strictly better, but at least you can read the docs and know what you're getting into yourself instead of 12 variations of the same thing

blackhaj7 5 days ago||

So pumped for Bereket. Better Auth is awesome.

I am also interested on how they plan to monetise it. I love the library and the success story but hope that the weight of this VC money doesn’t impact its awesomeness

m3kw9 5 days ago||

Gonna use n8n model, have these one click deploys with cloud db and everything or self host for free with many cut off features.

burgerzzz 5 days ago|||

I think they’re rolling out their own managed auth service, may have already done so actually.

TimReynolds 5 days ago|||

They launched this a few months ago

gus_massa 5 days ago|||

What is the plan if Amazon decides to launch it as a service?

vlucas 5 days ago||

Amazon already has Cognito. It's garbage. https://aws.amazon.com/cognito/

infecto 4 days ago|||

Not great but also far from garage for something that is extremely low cost.

mooreds 4 days ago|||

I mean, it depends on your use case (and I say this as a cognito competitor).

There are times when Cognito makes a ton of sense (I wrote about some of them here[0]). There are other times when it doesn't.

What I keep wondering and asking is "why doesn't AWS invest more in Cognito?"[1]

0: https://fusionauth.io/blog/how-to-migrate-from-cognito#when-...

1: https://ciamweekly.substack.com/p/trends-in-ciam

shafyy 5 days ago||

> I love the library and the success story but hope that the weight of this VC money doesn’t impact its awesomeness

It most certainly will at some point.

koakuma-chan 5 days ago||

Why does a JavaScript auth library have to raise five million?

joshdavham 5 days ago||

Because the author of this library is an ambitious startup founder and would like to grow his tool into a business.

cies 5 days ago|||

And many have done this before (selling auth). 0auth, Clerk, Supabase, etc.

Any more I'm missing?

mikepurvis 4 days ago|||

Auth is hard to get right, fiddly at the best of times, and is no one's core competency.

It's almost always part of the box not the chocolates, and so is an excellent candidate for outsourcing. I can see why companies attack this space.

morley 4 days ago||||

Privy just got purchased by Stripe: https://privy.io/blog/announcing-our-acquisition-by-stripe

input_sh 5 days ago|||

That this is not an oauth backend but a frontend library that you hook into something.

hliyan 5 days ago||

That doesn't sound right. The initialisation code has a database connection string argument. YOu wouldn't do that from a frontend.

koakuma-chan 5 days ago|||

> The initialisation code has a database connection string argument. YOu wouldn't do that from a frontend.

Definitely /s

koakuma-chan 5 days ago|||

This library just hashes passwords and handles oauth2 callbacks. But it also requires a database to "store user data", which is really out of scope of an auth library. But I would like to hear how one goes from a country I've never heard about before to raising 5 mil as a JavaScript library "startup".

devjab 5 days ago||

> from a country I've never heard about before

How is your lack of geographical knowledge relevant to any of this?

koakuma-chan 5 days ago||

> How is your lack of geographical knowledge relevant to any of this?

It doesn't matter where the country is located on the map. If you happen to be a citizen of a developing country, your opportunities are extremely limited, and that is why I'm curious how he managed to get into the US and make a startup out of something that doesn't make sense to be one.

notpushkin 5 days ago||

Did he get into the US before or after getting into YC?

prmoustache 5 days ago||

How is all of this relevant or even interesting?

Do people in the US still think that people living abroad are playing with rocks and sticks all day when they are not hunting for food?

koakuma-chan 4 days ago|||

> How is all of this relevant or even interesting?

Is YC not super competitive and in order to get in you and your co-founder would have to have graduated from some super prestigious university ala MIT?

notpushkin 5 days ago|||

It isn’t – I was trying to make the same point basically. (I’m not in the US, though I haven’t started a $5M company yet, either.)

pinoy420 5 days ago|||

[dead]

BerlinKebab 4 days ago||

[dead]

arend321 5 days ago||

Will this be monetized with the classic SSO enterprise subscription play? Would be nice if they are transparent on how they plan to make money.

The DX is quite nice, even though not well suited for existing projects as it is hard to migrate existing users. There is no easy way to keep existing sessions or do a legacy login, then migrate a user to the new better-auth supplied hashing function.

arnavsahu336 4 days ago||

This is Arnav Sahu from PeakXV. I used to work at YC. Really excited for them and Bereket, the founder. He is an outlier founder.

HPMOR 4 days ago|

What is your personal framework for determining if a founder is an outlier or not? Given how many people you've seen go through YC, and chatting with most of the batch, what stands out to you?

nickzelei 5 days ago||

For folks that are using better-auth: are you using anything to build your frontend with? Or just writing it from scratch? I was interested in trying this out but was kinda surprised to find this is just an sdk with no components.

I found this https://better-auth-ui.com/

Imustaskforhelp 5 days ago||

I remember how basically better auth got a huge lead because lucia was shutdown by its dev for their own reasons which I admittedly have forgotten but they made sense and the community had accepted it.

But those who hadn't started using better auth more. And now I guess its crazy how I felt as if this would be just a small project like lucia in the sense of its just created for the passion and the art, but now it has raised 5 mill$ , I wonder if the community wanted this to be an artisanal like project like lucia before its end or what the community thinks of this move. Since VC and open source have some inherent compromises with each other and I guess I just wanted to write this to hear more about people who are using better auth in prod and what they think of what this VC funding.

snide 5 days ago||

This is why I love Lucia. They took the "teach a man to fish" route when they converted to a docs only approach. Now I've got my own auth system and understand a lot more about security.

arend321 5 days ago||

And you don't get surprise updates that trigger a cascading dependency hell.

Jnr 4 days ago|||

I wonder how many users of Better Auth are individuals using it for their hobby projects and how many are companies/freelancers making money. Everyone is expecting great software but almost no one is contributing back in any way. If people were supporting such projects, there would be no need for vc money, right?

chrisldgk 5 days ago||

As an indie hacker using better auth, I’m somewhat skeptical of there now being VC money in the mix (enshittifcation is a process that starts with VC money). But from my time working for enterprise, they often prefer OSS products that are well-funded for their stacks so they can rely on them for a longer amount of time. So I’d suppose this would help in that regard. Also having a cloak-like SaaS solution might be nice for those who don’t want to host their own infra, though I‘d advise against relying on third parties for auth.

Imustaskforhelp 5 days ago||

Thanks for your comment! You really nailed as to what sort of discussion I wanted I guess.

I agree so much with the enshittifcation but like, I never understand why atleast open source projects need VC funding/ if they really want to earn money, might as well bootstrap it and try to get some Business customers for support etc.

But if you are saying that to get business customers, I need vc funding, then I guess it forces some enshittifcation.

I am okay with having a SaaS solution but what I truly don't understand is why we need vc funding.

I truly love developers wanting to earn money with open source. I appreciate them because they are essentially giving us gifts and being altruistic and I want to live in a world where people who can, do support them. But I am not okay with is some corporation now deciding the direction to go for open source (and that corporation doesn't care about the craft or the community, they want money.. they want returns since its just a number to them really) and that force of direction really alienates communities and just forks appear and just tbh it becomes messy.

I am more than curious as to why enterprises want VC funded OSS products. Yes you rely on them for a longer amount of time, but it also increases the chances of rugpull quite significantly imo. I don't think that one should just get VC funding just because entreprises like it. Should they?

Maybe I am so alienated with startup culture but I just want anything I build to not burn piles of cash that I need to rely on someone else, and I'd rather be profitable from (day one?) with my own bootstraped company / basically being a indie hacker like you I suppose. I get why some companies need VC funding and they become startups but I don't think that literally everything should be startup I am not sure.

arend321 5 days ago|||

I like this vibe. As a bootstrapped company making money using open source software, I have no issue paying individual devs, I sponsor multiple projects on GitHub. VC funding, however, changes the game: now a project needs to deliver 100x returns just to survive.

alemanek 4 days ago|||

I am going to give a guess on this one. I work for a large enterprise and have been involved with evaluating different OSS solutions.

One of the things that tends to come up is support. Now a small OSS startup with no funding and maybe even no way to pay them gets an automatic no in most cases.

My guess is that it is less about VC money and more about “I know I will have someone to call as long as I am willing to pay” kind of thing. VC money tells the company someone else is confident enough about this so I can be too.

Just my non-expert opinion.

chrisldgk 4 days ago||

Yea, that’s pretty much what I meant as well. Knowing the project is backed by a significant amount of money makes it a lot easier to rationalize using the product within your stack for the reasons you mentioned. This is usually more spreadsheet-acrobatics than actual reasoning (as is so often the case in enterprise) however, so YMMV for the actual outcome.

socketcluster 5 days ago|

This is a nice set of tools. Very useful.

I hope they will also develop a self-hosted standalone service/node which hosts accounts and can support JWTs which I could verify on my own servers so the BetterAuth node would issue JWTs signed with a secret key I provided as an ENV var, then I could verify the JWTs on my own servers. This would be a neat decoupling. Could be offered as a SaaS service as well.

I'm also keeping tabs on https://github.com/stack-auth/stack-auth

mooreds 4 days ago|

I'm in the auth space.

It's usually best to verify JWTs using an asymmetric keypair, that way the BetterAuth node can sign the JWT, and your servers can use something like JWKS to get the public key.

Lessens where the secret key needs to be.

The exception is if:

* you control all the nodes and are confident in the security of all of them now and going forward AND * speed is critical (using HMAC to sign JWTs is faster) AND * you've benchmarked and signing speed is a significant portion of response time

mooreds 4 days ago||

   * you control all the nodes and are confident in the security of all of them now and going forward AND 
   * speed is critical (using HMAC to sign/verify JWTs is faster) AND 
   * you've benchmarked and signing speed is a significant portion of response time

More comments...