From Supabase to Clerk to Better Auth

Posted by stevekrouse 21 hours ago

From Supabase to Clerk to Better Auth(blog.val.town)

270 points | 198 commentspage 4

MrDarcy 12 hours ago|

Recently went with a vendor of an agentic observability and evaluation product built on Supabase and Clerk. The number of vulnerabilities and CVE’s and outright… I don’t even know the words, coming from this stack is staggering.

Be very very wary of any vendor selling something built on this Supabase + Clerk stack. That alone is a very strong indicator they do not understand basic security or data protection.

cyberax 20 hours ago||

> Some important context is that Clerk is a major success. They just raised 50 million dollars and they have lots of satisfied users.

And even more users who are looking to escape. Clerk is just a mess. They are trying to cram EVERYTHING into their libraries: Web3 crap, Stripe, etc. Clerk's JS blob is now triggering the browser inspectors for being slow to load.

Every time when we upgraded React, Clerk libraries were the biggest pain with their transitive dependencies. We had issues with Stripe libraries with conflicting versions, etc.

And forget about debugging it. The libraries are obfuscated, and the TS code is impenetrable mess of abstractions to support "isomorphic" code that can run transparently on the frontend and backend.

And their platform itself is lacking important functionality, like freaking audit logs and versioning. Somebody (probably) accidentally changed a setting in their console, and we couldn't trace back when it happened or who did it.

Edit: oh yeah, and don't forget their unreliability. I had to wake up on Sunday to deal with Clerk failing the API calls for token refreshes last week.

jdwyah 14 hours ago||

Man, glad I chose WorkOS instead. I’ve been a happy camper there but have wondered about Clerk bc it felt hotter. Turns out hot isn’t always good.

notbekacru 19 hours ago||

> And even more users who are looking to escape.

Uhm, companies like Replit and several other large startups are actually adopting Clerk. I guess if your world mainly revolves around X (formerly Twitter), it can seem like everyone is moving away from Clerk.

Also, Better Auth’s X presence is pretty much centered around criticizing every auth provider out there, so the discourse there tends to skew heavily negative.

billybones 16 hours ago|||

> Also, Better Auth’s X presence is pretty much centered around criticizing every auth provider out there, so the discourse there tends to skew heavily negative.

This from an account created 2 hours ago, with a username that’s a negation of the BetterAuth founder…

If you’re Clerk stakeholder why not just come out as yourself and engage openly!

colinclerk 13 hours ago||

Clerk cofounder here: I hope this isn’t a Clerk stakeholder! It’s definitely misaligned with our culture around not speaking about competitors and instead playing our own game.

cco 15 hours ago||||

Replit is using Clerk to power their login?

cyberax 17 hours ago|||

Clerk looks _really_ good initially. It's perfect if you want to prototype something and not care about auth.

It's only when you start getting into the details that you begin to suffer. For example, there's _still_ no way to do offline auth on mobile. So that your application could be opened if there's no connectivity at the moment. But hey, you can do the Metamask Web3 blockchain thingie!

I have never used Twitter/X, and I don't even have an account there. I'm purely talking about my personal experience and the experience of other companies that I know personally.

> Also, Better Auth’s X presence is pretty much centered around criticizing every auth provider out there, so the discourse there tends to skew heavily negative.

They are actually not wrong. Auth is not such a hard task, it's just a lot of drudgery that detracts you from the actual goal of your company. But it's critical functionality that MUST ALWAYS WORK, before all else. And Clerk just fails this test.

I'm switching my company to Logto (it's lightweight and when something breaks, I know how to pick up the pieces), so I don't even have an opinion on Better Auth.

mooreds 15 hours ago|||

> offline auth on mobile

Does Better Auth offer this? Or any other auth libraries or solutions? I haven't heard of any, but haven't done an intensive look either.

I suppose you could do something with a cached JWT or cached password hash (though sending a password hash to a mobile client spooks me).

I'm in the space and interested in learning more.

cyberax 15 hours ago||

We ended up caching the credentials and the JWT refresh token from Clerk, and then manually requesting the access token using the Clerk's sparsely documented frontend API. Except that to do this with Clerk, we needed to fake the cache API and then pluck the token out of the undocumented "__clerk_client_jwt" key.

This is supported by Better Auth out-of-the box. It doesn't hide these kinds of stuff from you.

mooreds 11 hours ago|||

Sounds tough. I'd love to learn more.

I wasn't able to find the Better Auth docs about this use case, can you share them here please?

ClubSandwich7 12 hours ago|||

Hello! I'm a mobile eng @ Clerk. Would you be open to chatting? I'd love to make this experience better for you

cyberax 11 hours ago||

Sure. I added my email into the profile.

colinclerk 13 hours ago|||

Clerk cofounder here - appreciate the feedback and forwarding to the mobile team!

notbekacru 16 hours ago||

When is the Better Auth to WorkOS to Vanilla Auth post coming

dzonga 18 hours ago||

in rails I just authentication-zero.

no need for 3rd party provider.

mooreds 15 hours ago||

Is that the new library that came out in rails 8? Saw someone present on that at RailsConf 2025 and it seemed like a great solution for all rails apps. Hope it leads that ecosystem to get rid of devise (which I always found confusing).

nop_slide 17 hours ago||

This is what I use, great little library and haven’t touched nor thought about my auth since I set it up.

manishsharan 18 hours ago||

Has anyone used Keycloak for actual production? I have often thought about it but I stick to Auth0 just because I don't know if Keycloak has a good track record?

mooreds 15 hours ago||

You might be interested in some of the presentations at KeyConf[0]. You can also get some real world stories from the Reddit[1].

I was at KubeCon EU this year (representing my employer, FusionAuth) and there were lots of folks who were running Keycloak who came and chatted with us.

It's a different set of tradeoffs than Auth0 or other SaaS services. More control, but more responsibility too.

0: https://events.linuxfoundation.org/kubecon-cloudnativecon-eu...

1: https://www.reddit.com/r/KeyCloak/

sally_glance 13 hours ago|||

I've seen it used in production by larger orgs. The scale where you plan for around 6 months of migration, customization and integration of your legacy zoo with 7 different user account DBs. On one hand, all of these projects were successful and now run it in production. On the other, they all really needed the 6 months to whip it into shape.

Edit: Meaning I would use it if you need to get up and running quickly, but it's a solid foundation to build on long-term.

dizhn 17 hours ago|||

For what it's worth Authentik has been listing Cloudflare as a customer for a while. Worth a look. There might be something in their blog.

sudb 16 hours ago|||

Yes! I used keycloak for multitenant auth and it worked fine - a little dated but functional. Nowadays I'd probably stick to something like Clerk/BetterAuth/Supertokens.

cpursley 19 hours ago||

If you're in Elixir-land, I've put together a few packages to help migrating from Supabase (or other stacks):

- https://github.com/agoodway/introspex (generate Ecto Schemas from postgres tables)

- https://github.com/agoodway/pgrest (Supabase/PostgREST compatible query engine)

I also found this helpful in the migration: https://github.com/supabase-community/supabase-ex

Nothing for auth, I basically did a one-off script for that. Phoenix auth stuff that comes out of the box is great.

cpursley 19 hours ago|

Oh, and http://github.com/agoodway/walex if you need the realtime database change stuff.

moomoo11 19 hours ago||

I've just stuck with Auth0 for years now.

Easy to use and high reliability. Some of these other providers are not the best at reliability.

tancky777 1 hour ago||

[dead]

Eli_EB 5 hours ago|

[dead]

More comments...