better-auth-best-practices

Overview of better-auth-best-practices skill

The better-auth-best-practices skill is a practical setup guide for integrating Better Auth correctly, especially when you need more than a generic “add auth” prompt. It is best for developers using Better Auth in TypeScript apps who need help with initial configuration, auth.ts placement, environment variables, database adapters, route wiring, migrations, sessions, and plugin-aware setup.

What this skill is actually for

Use better-auth-best-practices when the job is to get a Better Auth integration working with fewer avoidable mistakes. The skill is strongest at turning vague requests like “set up Better Auth in my app” into a more complete implementation plan with the right install steps, file expectations, and validation checks.

Best-fit users

This skill fits:

• developers adding Better Auth to a new or existing app
• agents helping with auth.ts, adapters, sessions, plugins, or env setup
• teams that want a safer starting point before consulting official examples

It is especially useful if you already know your framework and database, but need a reliable Better Auth setup path.

What makes it different from a normal prompt

A normal prompt may produce plausible auth code but miss Better Auth-specific details. The better-auth-best-practices skill adds repo-backed guidance around:

• required env vars like BETTER_AUTH_SECRET and BETTER_AUTH_URL
• where the CLI expects auth.ts
• when to run migration or schema generation commands
• the need to re-run CLI steps after plugin changes
• a simple post-install health check using GET /api/auth/ok

That makes it more useful for installation and troubleshooting than a broad “build login” request.

What it does not replace

This skill does not replace the live Better Auth documentation. The repository explicitly points users to https://better-auth.com/docs for current code examples and API changes. Treat the skill as a setup accelerator and decision aid, then confirm framework-specific code against the docs.

Core adoption decision

Install better-auth-best-practices if you want Better Auth-specific setup guidance with real operational details. Skip it if you need a full framework starter, production security review, or advanced authorization architecture beyond initial Better Auth integration.

How to Use better-auth-best-practices skill

Install the better-auth-best-practices skill

Install it with:

npx skills add https://github.com/better-auth/skills --skill best-practices

This adds the better-auth-best-practices guidance from the better-auth/skills repository.

Read the right source first

This skill is compact. Start with:

• better-auth/best-practices/SKILL.md

There are no extra references/, rules/, or helper scripts in this skill folder, so nearly all usable guidance is in that single file.

Know the minimum install context it expects

Before invoking the skill, gather these inputs:

• framework or runtime
• database choice and adapter
• whether you want email/password, OAuth, or both
• expected route path for auth handlers
• whether plugins are required
• where auth.ts should live in your repo

Without those inputs, the output will often stay too generic.

Start from the built-in Better Auth workflow

The repository gives a straightforward sequence:

1. npm install better-auth
2. set BETTER_AUTH_SECRET and BETTER_AUTH_URL
3. create auth.ts with database and config
4. create the framework route handler
5. run npx @better-auth/cli@latest migrate
6. verify with GET /api/auth/ok

If your prompt does not include these checkpoints, ask the model to structure its answer around them.

Use the right CLI command for your setup

The skill highlights a meaningful distinction:

• npx @better-auth/cli@latest migrate for built-in adapter flow
• npx @better-auth/cli@latest generate for Prisma or Drizzle schema generation

That matters because “run the Better Auth CLI” is too vague. If you are using Prisma or Drizzle, say so explicitly in your prompt so the output uses generate instead of defaulting to migrate.

Be explicit about auth.ts file location

The Better Auth CLI looks for auth.ts in:

• ./
• ./lib
• ./utils
• paths under ./src

If your project uses a custom location, tell the agent to use --config. This is one of the most common adoption blockers because code can look correct while the CLI still cannot find the config file.

Include environment variable decisions in the prompt

The skill calls out two key variables:

• BETTER_AUTH_SECRET
• BETTER_AUTH_URL

It also notes that you should only define baseURL or secret in config if those env vars are not set. That detail prevents duplicated or conflicting configuration. For higher-quality output, specify:

• local and production base URLs
• how secrets are managed
• whether .env.local, platform secrets, or Docker envs are used

Turn a rough request into a strong better-auth-best-practices prompt

Weak prompt:

• “Set up Better Auth for my app”

Stronger prompt:

• “Use the better-auth-best-practices skill to set up Better Auth in a Next.js TypeScript app with PostgreSQL and Drizzle. Put auth.ts under src/lib. We need email/password now and Google OAuth later. Show required env vars, route handler placement, whether to run generate or migrate, and how to verify setup with /api/auth/ok.”

Why this works:

• framework is clear
• adapter path is clear
• file location is clear
• auth methods are clear
• CLI choice becomes unambiguous
• verification is included

Ask for output in implementation order

For the best better-auth-best-practices usage, request the answer in this format:

1. packages to install
2. env vars
3. auth.ts
4. route handler
5. migration or schema command
6. plugin additions
7. verification steps
8. likely failure points

That structure matches the skill’s strengths and reduces back-and-forth.

Use plugin-aware prompts

The skill explicitly warns to re-run the CLI after adding or changing plugins. If your setup depends on plugins, include that requirement up front. Otherwise the model may produce a valid core config but miss schema or migration updates introduced by plugins.

Validate the integration before expanding scope

Do not jump straight from install to full UI flows. First confirm:

• env vars are loaded
• auth.ts is discoverable
• CLI completed successfully
• GET /api/auth/ok returns { status: "ok" }

This is the practical checkpoint that most improves installation success.

Best workflow for better-auth-best-practices for Access Control

For better-auth-best-practices for Access Control, use the skill for the authentication foundation first, then layer authorization requirements on top. A good prompt is:

• “Set up Better Auth first, then show where role or permission checks should be attached in route handlers, session handling, or plugin config. Separate what Better Auth config handles from what app-level access control must enforce.”

This keeps the model from over-claiming that Better Auth setup alone solves all authorization logic.

better-auth-best-practices skill FAQ

Is this skill good for first-time Better Auth installs?

Yes. The skill is most useful during first install because it covers the recurring setup decisions people miss: env vars, file placement, CLI usage, and verification. It is less valuable once your integration is already stable and you only need a tiny API lookup.

Is better-auth-best-practices enough without the docs?

No. The repository itself says to consult better-auth.com/docs for current examples and latest API details. Use the skill to improve setup quality and reduce guesswork, then confirm exact implementation against the docs.

When is this better than an ordinary AI prompt?

It is better when the task is specific to Better Auth and install-sensitive. A generic prompt may skip:

• BETTER_AUTH_SECRET length expectations
• BETTER_AUTH_URL
• auth.ts discovery paths
• the generate vs migrate distinction
• re-running CLI steps after plugin changes

Is the better-auth-best-practices guide framework-specific?

Not fully. It gives a portable Better Auth workflow, but you still need framework-specific route and handler code from official docs or your app context. If you do not name your framework, expect broader advice.

Can beginners use the better-auth-best-practices skill?

Yes, but beginners should provide more context than they think. At minimum include framework, database, and desired login methods. Otherwise the output may be technically correct but not directly runnable.

Does it cover Access Control end to end?

Not by itself. better-auth-best-practices for Access Control is useful for establishing auth setup and identifying where authorization concerns connect, but you still need application-specific permission rules, protected routes, and enforcement strategy.

When should I not use this skill?

Skip it if:

• you are not using Better Auth
• you only need one exact API example from the docs
• you need a full production security audit
• your main problem is app authorization design rather than Better Auth installation

How to Improve better-auth-best-practices skill

Give the skill concrete project facts

The fastest way to improve output is to supply:

• framework
• runtime
• database and ORM
• auth.ts location
• login methods
• plugin list
• deployment environment

The better-auth-best-practices skill becomes much more actionable when those details are known.

Ask it to resolve likely failure points early

A strong prompt includes:

• “List the top setup mistakes for this stack”
• “Tell me if the CLI will fail to find auth.ts”
• “Say whether I should use generate or migrate and why”
• “Show how env vars override config values”

These questions produce better install guidance than asking for code alone.

Request verification, not just code

Many bad auth outputs look complete but are untested. Ask the model to include:

• the expected result of GET /api/auth/ok
• what success looks like after the CLI command
• what to inspect if the route fails
• what to revisit after adding plugins

This improves first-pass usefulness more than asking for longer code samples.

Improve better-auth-best-practices for Access Control prompts

If your goal includes authorization, separate concerns in the request:

• “Part 1: Better Auth installation”
• “Part 2: session shape and claims”
• “Part 3: app-level route protection and permission checks”

That keeps the answer from mixing setup steps with business-specific access logic.

Iterate after the first answer

After the first pass, refine with targeted follow-ups such as:

• “Rewrite for Prisma instead of built-in adapter”
• “Move auth.ts to src/utils”
• “Add plugin changes and tell me which CLI command to re-run”
• “Adapt this to production env handling”

The skill responds best to concrete adjustments, not broad “make it better” requests.

Watch for the main failure modes

The most likely weak outputs are:

• missing env vars
• wrong file path assumptions
• incorrect CLI command for the adapter stack
• no mention of re-running CLI after plugin changes
• no validation step after setup

If any of these are absent, ask for a corrected answer before implementing.

Use the skill as a setup lens, not a final authority

To get the most from the better-auth-best-practices skill, use it to shape a clean install plan, then verify exact syntax and framework-specific code against https://better-auth.com/docs. That combination is the safest way to turn the skill into a working integration.