Top
Best
New

Posted by sync 1 hour ago

Better Auth is joining Vercel(better-auth.com)
82 points | 56 comments
khurs 1 hour ago|
Reminder - KeyCloak was donated to CNCF so a safe choice

https://www.keycloak.org

https://www.cncf.io/blog/2023/04/11/keycloak-joins-cncf-as-a...

nvegater 1 hour ago||
how is this related to better auth ? In my understanding, keycloak and better auth are fundamentally different. I would compare keycloak more with Ory for example.
vaishnavsm 58 minutes ago|||
Keycloak and Better Auth aren't as fundamentally different as you may think! Better auth supports authn/z, being an identity _source_, being an identity provider, being an OIDC/SSO provider (so others can login using better auth), rbac, SAML/SCIM, and a ton more. It's actually really powerful! Most folks found better auth as an alternative to next-auth/auth.js - but better auth does a lot more than those.

(some of those features are enterprise only)

jzebedee 56 minutes ago|||
It's a good reminder, because in the auth landscape I wish I had just picked up Keycloak and stuck with it. Commercial auth is a bad value proposition and not the kind of infrastructure where you want to have acquisition churn happening often.

The self-hosted space is another headache. I wasted so much time trying to make smaller self-hosted auth solutions work, since Keycloak has a reputation for being heavyweight.

I looked into the Ory stack extensively trying to actually use it as advertised for self-hosted / open-source auth. It's aggressively gimped and its SSO features are emphatically _not_ open-source and are gated behind licensing, with no way to find out until you're actually running it.

It's also just unfinished. Their "stack" is a lot of cobbled-together Go mixed with incompletely rebranded acquisitions like SAML Jackson (now "Polis"), which they managed to gut so completely it went from a best-in-class OSS library to unusable.

aeneas_ory 45 minutes ago||
Probably the first time reading that the Ory stack is unfinished! Sorry you had a frustrating time, but there's 10 years of development and many happy customers + adopters who see it differently! Polis / Boxy still works as before, we didn't gut or take away anything.

Open source development needs to be paid by someone - most of the time people complaining about paying for software are working themselves (for money!) in some company making huge bucks, or looking up to "successful (as in money) tech leaders".

For Ory, B2B login is a good value differentiator, because it's required by companies selling to other companies meaning they can spend some money on licenses to further develop software.

Ory powers the largest technology providers, and super small solo projects. It's robust, stable, Apache2 licensed. It's the best CIAM tech out there that's free (!!).

In the end, everyone is entitled to their opinion but the "open source can't make money" train is honestly a bottom tier opinion and I'm tired of reading it on HN, probably written by people making $100K+ a year for writing software and using open source daily (without paying a dime).

It's like the people complaining that Wikipedia is collecting too many donations, while they cheer on Apple or Anthropic or whoever raking in billions of dollars.

Somehow, only if it's open source / non profit it's bad to make money. If it's proprietary nobody gives a damn. Says a lot about society.

khurs 28 minutes ago||
>Open source development needs to be paid by someone - most of the time people complaining about paying for software are working themselves (for money!) in some company making huge bucks, or looking up to "successful (as in money) tech leaders".

There is software that is cutting edge and always changing, and those types of products need to be paid for much more than software that is stable.

With a stable product like Auth (which requires only security fixes and minor features), the 'pay per MAU' model employed across Auth companies is unreasonable

A combination of the people and companies using the product for free or selling its support (like RedHat and IBM for KeyCloak) along with an open license allowing it to be offered as a cloud service should be sufficient?

If you want to pay per monthly active user for the rest of your life, up to you.

Vercel have raised multiple rounds, last one was in 2025 and $300m. So we don't know what the VC's are going to demand for revenue targets. https://en.wikipedia.org/wiki/Vercel

vaishnavsm 54 minutes ago|||
I really want to love KeyCloak. I've had really bad experiences with weird uptime bugs and crash loops that kept me from giving it an honest retry over the last couple years.

It also really shows its age, imo. The interface is clunky, roles and groups having overlapping responsibilities is confusing, making custom UIs for it makes me feel ancient, etc.

I really can't complain though. There is simply no alternative that's as open atm. It's also not easy to make one ( I tried :( ).

andrewstuart2 46 minutes ago||
Showing its age is also a pretty significant plus, for such a critical part of one's infrastructure. That means it's been beat up on and run through the ringer for a decade plus at this point and had lots of chances to fix CVEs and other bugs. Not to say there won't be more, but being older and time-proven for an IdP is a major positive.
kommunicate 57 minutes ago||
Is keycloak still the only real game in town for open source authorization (not authentication; that part is totally fungible)?
vaishnavsm 50 minutes ago||
If you're willing to take the pain of setting up an actual authz model, I've found OpenFGA^ to be really nice. We used it to set up some pretty complex authz involving cross-agent/user/org creation and sharing of data. It's not _simple_, but it is effective.

It's Apache 2.0 and a CNCF incubating project.

[^] https://openfga.dev/

bekacru 1 hour ago||
Bereket Here

the team at Vercel has been my biggest inspiration and always reflected many of the reasons we started working on Better Auth. This would allow us to focus more on what made better-auth great in the first place It hasn't even been 2 years since we started but thank you everyone from the open-source community for helping us make an impact in short amount of time. There is a lot to do to improve on open source auth and im really excited to be back focusing full time on building

oooyay 58 minutes ago|
You're saying that BetterAuth will remain 100% free and open source, will continue to be maintained, and unlocked from Vercels ecosystem?
bekacru 21 minutes ago|||
Yeah, Vercel has already done this before like with Nuxt, Svelte and other. But I also do want to have a better story for auth with all those frameworks and Nextjs as well.
mavelikara 41 minutes ago|||
You are asking the wrong person.
bhouston 59 minutes ago||
Congrats BetterAuth! It was the system I was considering before I rolled my own auth system around the passwordless concepts of: OPT + Passkeys + Google login. It is quite nice and simple and I've ported it to 3 separate projects now just via LLM:

https://ben3d.ca/blog/passwordless-login-system

If you are building a user system with a database already, adding passwordless auth is easy.

quibono 14 minutes ago|
On one hand I love how much easier the email + OTP / passkey flow is on the dev side, I find it _very_ frustrating as a user of services. User+password combos are straightforward at least.
magnio 1 hour ago||
I used Better Auth for my mobile app backend. It works okayish. My biggest complaints are the OpenAPI specification gets little care, as it mainly caters for JS frontend, and breaking changes in patch version are more common than most packages.
nightski 15 minutes ago||
Open source isn't really open any more. It's just pre-acquisition. I'm happy to the creators for their payday but honestly just happy I opted out of BetterAuth building my latest product.
mariopt 50 minutes ago||
So, it's just a matter of time until they destroy this project in favour of their cloud interests. Such a shame, it is (was) a nice open source project.
ndom91 25 minutes ago||
Congrats! Better auth still provides a grade A dev experience, even with all the plugins, integrations, and tons of things they support.

Best of luck over there!

jgeurts 39 minutes ago||
Bummed. Vercel is not a great steward of open source. Happy that Bereket got an exit, though.
bstsb 1 hour ago||
can Vercel give any assurance that they won’t add a reliance on their closed-source cloud offering for the package? especially given their ownership of next-auth too

i really loved better-auth’s DX but the nature of their database adapters means it’s relatively easy to switch over to another provider/library

Jnr 1 hour ago||
From what I remember, next-auth is kind of dead and Better Auth developers have been maintaining security of next-auth for some time now. (or was it Vercel that did the maintaining?)

Better Auth is the go-to solution for many people using Nextjs, so it makes sense that Vercel puts some effort in maintaining it.

I have never had issues running Nextjs in regular containers, it is just a good open source solution, I don't see why it would be any different with Better Auth.

mooreds 1 hour ago|
Congrats to Better Auth. I'm in the auth space and see all kinds of things.

Anything that makes it easier for developers to build secure applications is a win!

More comments...