Better Auth, by a self-taught Ethiopian dev, raises $5M from Peak XV, YC

Posted by bundie 6 days ago

Better Auth, by a self-taught Ethiopian dev, raises $5M from Peak XV, YC(techcrunch.com)

282 points | 177 commentspage 2

voidmain0001 5 days ago|

Why does the article’s title state the country of origin of the developer? Does it matter? Is it a surprise that there are smart, business savvy developers across the globe?

ericyd 4 days ago||

It isn't a surprise for many, but my impression is that distribution of VC funds to African counties is highly inequitable. The article mentions that this is the first investment in an African founder for one of the involved VCs (Peak VX).

revskill 5 days ago||

Because it is an inyeresting fact.

briandear 5 days ago||

Aren’t we all self taught? I’m not sure why that part of the story is relevant. In over 15 years of this business, I’ve directly been on a team with probably 5-10 total people with a comp-sci degree — and that includes my time at Apple. Mark Zuckerberg was self-taught.

bapak 5 days ago|

No, a lot of people go to college or "bootcamps" before entering the field. Given the amount of computer science graduates, I'd say we're not all self-taught.

arvindparekh 4 days ago||

This is awesome! I literally gave better-auth a spin 2 days ago and I was able to get it up and running within 15 minutes. I'm yet to try the plugins, but looks really easy to set up and work with, safe to say I'll be using it for future projects.

I didn't like the fact that it doesn't have a built-in sign-in ui components, but glady https://github.com/daveyplate/better-auth-ui solves it.

h1fra 5 days ago||

Congrats, very good library. I wonder what's going to be the business model though, since the library main difference is that it's not a cloud service

mooreds 5 days ago|

From the article:

> Engida says Better Auth, currently free to use, will focus on improving its core features and launch a paid enterprise infrastructure that plugs into its open source base. This will give developers the flexibility to self-host or opt for Better Auth’s cloud add-ons as needed.

So open-core and cloud hosting, it seems.

TrySound 4 days ago||

Just tried to setup auth with it recently. And oh boy, so refreshing. Built auth once for a project years ago. Never again. Here just configured stuff, setup email and social creds and live!

sebmellen 5 days ago||

Curious how this compares to something like Ory Kratos? And what would the projected revenue stream be?

trollbridge 5 days ago||

Kratos and Better Auth are almost orthogonal to one another. Kratos provides a comprehensive back end, but no front end at all - you have to write it yourself.

Better Auth is mostly focused on the front end.

You could use the two together, although I haven't seen anyone do that.

I have wasted so much time on third-party authentication frameworks like Ory Kratos that I wish we'd just written our own internal auth library. With Kratos we ended up customising it so heavily we could have just written our own. Same goes for ones that provided a frontend such as Keycloak.

koakuma-chan 5 days ago||

> Better Auth is mostly focused on the front end.

Better Auth has nothing to do with front end.

mooreds 5 days ago||

> And what would the projected revenue stream be?

I addressed that here, straight from the article. Basically open-core and hosting.

https://news.ycombinator.com/item?id=44388741

exiguus 5 days ago||

If i get it correctly, it solves the problem, to store data on MVP/Prototype Auth providers like Superbase, Auth0 or Firebase.

How does it compare to something mature like keycloak?

And what is the difference to just self-host superbase?

Spivak 5 days ago|

The killer feature is that it's embeddable into your app. You don't have to host anything besides your app and your app's database.

I can't understand why people who aren't Google scale do it any other way. When you're at the point where you need a separate auth service I'd call that good problems to have.

koakuma-chan 5 days ago|||

> The killer feature is that it's embeddable into your app. You don't have to host anything besides your app and your app's database.

That's why they're gonna monetize by building a cloud service?

Spivak 5 days ago||

I mean right now it's JS's devise. There's always time in the future for them to ruin it.

mooreds 5 days ago||||

Here's an article[0] (on my employer's website) that talks through some of the things to think about when choosing an authentication solution. (It's a bit old so doesn't discuss BetterAuth directly.)

An embeddable library is great for one application; simplifies development and deployment. You can have foreign keys directly to user ids. It's the reason Devise or Spring Security are great for single applications

Yet breaking out authentication to a separate service is one of the first things broken out a certain scale. Why?

   * single sign-on between applications (if you have more than one)
   * eliminate a user data silo (if you have more than one application)
   * different security/legal requirements between PII/credentials of users and application data
   * a desire to hang multiple applications off of one identity store for data consistency
   * separate deployment cadences

You might say "I'll only have one application for the foreseeable future", but you might think about about any SaaS applications you'd want to have your customers use (support ticketing, training, public forums/communities). And mobile applications. And applications for different segments of your userbase.

(The multiple app case is much stronger for IAM/Workforce, part of why Okta is a 17B company.)

Such a migration can be complex, so if you can see needing any of the above things soon, it can make sense to start with a sep auth server. You don't need to be google scale to get the benefits.

0: https://fusionauth.io/articles/identity-basics/complete-auth...

uh_uh 5 days ago|||

Does it also embed two-factor authentication, confirmation/reset emails for me? Those are the reasons one might want to go with Firebase.

notpushkin 5 days ago|||

It does 2FA. You have to implement emails yourself, but honestly it’s not that big of a deal (you likely have to do other emails for your app anyway).

It also does a bunch of other auth things, like OIDC.

trollbridge 5 days ago|||

Another reason to use Firebase is because they can provide a lot the advanced security (e.g. blacklists for 2FA phone numbers/emails coming from an algorthm whose innards are only known to Google).

yewenjie 5 days ago||

Can anyone compare Better Auth with something more barebones like Lucia?

vivzkestrel 5 days ago||

lucia is deprecated https://github.com/lucia-auth/lucia/discussions/1707

threatofrain 5 days ago||

Lucia has been converted into a kind of tutorial, which is another way of saying the author is going to college now and is busy or interested in other things.

As an aside OpenAuth seems dead. No activity for 2 months.

apgwoz 5 days ago||

No activity for 2 months implies death?

Is this the core reason that we have a proliferation of packages, arguably doing the same thing, slightly differently, in some ecosystems… We’ve become this impatient?

threatofrain 5 days ago|||

This space is too hot and the author behind OpenAuth (Dax) is awesome and fast, so this is not his usual tempo. You're free to read the tea leaves, but I wouldn't bet on this one.

apgwoz 5 days ago||

There is a sibling post describing this particular project as known dead from the author.

However, my comment is a larger commentary. Imagine if a scientist went off and did research for 2 months and didn’t provide any updates about what they were doing? Would we assume their project was dead? Or a writer who publishes a short story and says “I will turn this into a 500 page novel.” 2 months later… no novel… must be dead!

Why can’t we, instead, assume that people who work on open source are sometimes taking a break? Why can’t we create more fluidity around software… fork it… try to integrate it later? The git model was literally designed around this, but we’ve instead decided to live in a centralized shithole where only the original author is smart enough to make useful contributions… and when they don’t… for whatever reason, we shit can the project and start from scratch.

Revolving door.

FireBeyond 5 days ago|||

No activity for nearly 3 months with 67 open issues, 32 open PRs (many as simple as "fix typo") might signify that not a lot of time is being put into the project.

vivzkestrel 5 days ago||

no lucia author has himself said that he s deprecating this https://github.com/lucia-auth/lucia/discussions/1707

Capricorn2481 5 days ago|||

They're talking about Open Auth.

https://github.com/toolbeam/openauth

qreerq 5 days ago|||

[dead]

dancerofaran 5 days ago||

helllll ya!

one of the best libraries in the ecosystem. it's basically open-source Clerk without the baggage of needing to trust someone else's security story

govindsb 5 days ago|

Better Auth is brilliant! My only criticism is that it's too tightly coupled with Kysely.

More comments...