Launch HN: Better Auth (YC X25) – TypeScript 认证框架
大家好!我们是 Better Auth 的 Bereket 和 KinfeMichael(<a href="https://www.better-auth.com">https://www.better-auth.com</a>),这是一个全面的 TypeScript 认证框架,允许您直接在自己的数据库中实现从简单认证流程到企业级系统的一切,嵌入在您的后端中。
需要说明的是——我们并不是在构建一个第三方认证服务。我们的目标是让您自己实现认证变得极其简单,以至于您再也不需要依赖其他服务。
以下是一些 YouTube 视频,解释了它是如何工作的(我们确实制作了自己的视频,但对效果不太满意,这些视频做得很好):
<a href="https://www.youtube.com/watch?v=hFtufpaMcLM" rel="nofollow">https://www.youtube.com/watch?v=hFtufpaMcLM</a> - 一个非常好的概述
<a href="https://www.youtube.com/watch?v=QurjwJHCoHQ" rel="nofollow">https://www.youtube.com/watch?v=QurjwJHCoHQ</a> - 也是一个不错的概述,并深入探讨了一些代码
<a href="https://www.youtube.com/watch?v=RKqHrE0KyeE" rel="nofollow">https://www.youtube.com/watch?v=RKqHrE0KyeE</a> - 简短明了
<a href="https://www.youtube.com/watch?v=Atev8Nxpw7c" rel="nofollow">https://www.youtube.com/watch?v=Atev8Nxpw7c</a> - 使用 TanStack 框架
<a href="https://www.youtube.com/watch?v=n6rP9d3RWo8" rel="nofollow">https://www.youtube.com/watch?v=n6rP9d3RWo8</a> - 一个完整的两小时教程
在 TypeScript 生态系统中,认证一直是许多开发者的痛点。这并不是因为没有选择,而是因为大多数选项都可以分为两类:(1)像 Auth0 这样的第三方服务,它们拥有您的用户数据,将您锁定在一个黑箱解决方案中,且通常非常昂贵;或者(2)像 NextAuth 这样的开源库,虽然涵盖了基础内容,但需要您自己拼凑解决方案。
对于 Better Auth,最初的契机是构建一个网络分析平台,并希望添加一个组织功能——例如工作区、团队、成员和细粒度权限。我原以为会有一些可以与 NextAuth(流行且几乎是唯一的库)对接的东西,但实际上并没有。唯一的选择是从头开始构建一切,或者切换到第三方认证提供商。我甚至尝试围绕 NextAuth 构建一个包装器来支持这些功能,但效果不佳。于是我们决定退一步,从零开始构建一个合适的认证库,并创建一个插件生态系统,让您可以从简单开始,按需扩展。这种挫折感最终催生了 Better Auth。
Better Auth 允许您直接在后端和数据库上实现自己的认证,支持从简单认证流程到企业级系统的一切,而无需依赖第三方服务。
它内置了常见认证流程的功能,您可以通过插件生态系统按需扩展,无论是双因素认证、密码钥匙、组织、多会话、单点登录,甚至与 Stripe 的账单集成。
与第三方认证提供商不同,我们只是一个您在自己项目中安装的库。它永久免费,完全存在于您的代码库中,并赋予您完全的控制权。您将获得类似 Auth0 或 Clerk 的所有功能,甚至通过我们的插件系统获得更多,包括与 Stripe 或 Polar 的账单集成。大多数库仅停留在基础功能,但 Better Auth 旨在随着您的需求扩展,同时在您不需要所有额外功能时保持简单。
我们目前正在构建一个基础设施层,与框架协同工作,提供作为单一库难以实现的功能——例如带有用户分析的管理仪表板、机器人/欺诈/滥用检测、二级会话存储等。这将是我们的商业产品。为此,您可以在 <a href="https://www.better-auth.build" rel="nofollow">https://www.better-auth.build</a> 上加入候补名单。不过,这只是需要这些功能的团队的可选基础设施。该库是免费的开源项目,并将保持如此。
我们期待您的反馈!
查看原文
Hi HN! We’re Bereket and KinfeMichael of Better Auth (<a href="https://www.better-auth.com/">https://www.better-auth.com/</a>), a comprehensive authentication framework for TypeScript that lets you implement
everything from simple auth flows to enterprise-grade systems directly on your own database, embedded in your backend.<p>To be clear—we’re not building a 3rd party auth service. Our goal is to make rolling your own auth so ridiculously easy that you’ll never need one.<p>Here are some YouTube videos explaining how it works (we did make our own video but weren’t happy with it and these videos do a great job):<p><a href="https://www.youtube.com/watch?v=hFtufpaMcLM" rel="nofollow">https://www.youtube.com/watch?v=hFtufpaMcLM</a> - a really good overview<p><a href="https://www.youtube.com/watch?v=QurjwJHCoHQ" rel="nofollow">https://www.youtube.com/watch?v=QurjwJHCoHQ</a> - also a good overview and dives a little deeper into the code<p><a href="https://www.youtube.com/watch?v=RKqHrE0KyeE" rel="nofollow">https://www.youtube.com/watch?v=RKqHrE0KyeE</a> - short and clear<p><a href="https://www.youtube.com/watch?v=Atev8Nxpw7c" rel="nofollow">https://www.youtube.com/watch?v=Atev8Nxpw7c</a> - with TanStack framework<p><a href="https://www.youtube.com/watch?v=n6rP9d3RWo8" rel="nofollow">https://www.youtube.com/watch?v=n6rP9d3RWo8</a> - a full-on 2 hour tutorial<p>Auth has been a pain point for many developers in the TypeScript ecosystem for a while. Not because there aren’t options but because most fall into 2 buckets: (1) Third-party services like Auth0 which own your user data, lock you into a black-box solution and are often super expensive; or (2) open source libraries like NextAuth that cover the basics but leave you stitching your own solution together from there.<p>For Better Auth. the kick off moment was building a web analytics platform and wanting to add an organization feature - things like workspaces, teams, members, and granular permissions. I assumed there’d be something out there I could plug in to NextAuth (the popular and kind of the only library), but there wasn’t. The only options were to build everything from scratch or switch to a 3rd party auth provider. I even tried hacking together a wrapper around NextAuth to support those features, but it was hacky. That’s when we decided to take a step back and build a proper auth library from the ground up with a plugin ecosystem that lets you start simple and scale as needed. That frustration turned into Better Auth.<p>Better Auth lets you roll your own auth directly on your backend and database, with support for everything from simple auth flows to enterprise-grade systems without relying on 3rd party services.<p>It comes with built-in features for common auth flows, and you can extend it as needed through a plugin ecosystem whether that’s 2FA, passkeys, organizations, multi-session, SSO, or even billing integration with Stripe.<p>Unlike 3rd party auth providers, we’re just a library you install in your own project. It’s free forever, lives entirely in your codebase, and gives you full control. You get all the features you’d expect from something like Auth0 or Clerk plus even more through our plugin system, including things like billing integrations with Stripe or Polar. Most libraries stop at the basics but Better Auth is designed to scale with your needs while keeping things simple when you don’t need all the extras.<p>We’re currently building an infrastructure layer that works alongside the framework to offer features that are hard to deliver as just a library—e.g. an admin dashboard with user analytics, bot/fraud/abuse detection, secondary session storage, and more. This will be our commercial offering. For this, there’s a waitlist at <a href="https://www.better-auth.build" rel="nofollow">https://www.better-auth.build</a>. However, this is only optional infrastructure for teams that need these capabilities. The library is free and open source and will remain so.<p>We’d love your feedback!