Authentication
A comprehensive guide and toolset for implementing end-to-end authentication using Better-Auth, Drizzle ORM, and Neon Postgres.
Before Implementation
Gather context to ensure successful implementation:
| Source | Gather |
|---|---|
| Codebase | Project structure (Mono-repo vs separate), existing Drizzle config, Docusaurus setup |
| Conversation | Auth providers needed (Email, GitHub, etc.), role requirements, specific onboarding fields |
| Skill References | Drizzle schemas, Auth client configuration, Docusaurus integration patterns |
| User Guidelines | .env naming conventions, security standards |
Workflows
1. Project Initialization
- •Ensure
Better-Auth,Drizzle-ORM, and@neondatabase/serverlessare installed. - •Configure
.envwithDATABASE_URL,BETTER_AUTH_SECRET, andBETTER_AUTH_URL.
2. Database & Schema Setup
- •Define the auth schema in
src/db/schema.ts(seereferences/database_schema.md). - •Initialize Drizzle with Neon HTTP/Websocket based on environment.
- •Run
npx @better-auth/cli generateand apply migrations.
3. Auth Server Configuration
- •Set up
auth.tslibrary to initialize Better-Auth with the Drizzle adapter. - •Configure plugins (OIDC if needed, Email/Password, etc.).
4. Client-Side Integration
- •Initialize the Better-Auth client in the frontend.
- •Swizzle Docusaurus
RootorNavbarto provide auth context (seereferences/frontend_integration.md). - •Implement Login/Signup UI components with proper error handling.
Component Patterns
Auth Client Setup
typescript
import { createAuthClient } from "better-auth/react";
export const authClient = createAuthClient({
baseURL: process.env.BETTER_AUTH_URL
});
Protected Route Hook
typescript
export function useRequireAuth() {
const { data: session, isPending } = authClient.useSession();
useEffect(() => {
if (!isPending && !session) {
window.location.href = "/login";
}
}, [session, isPending]);
return { session, isPending };
}
References
| File | Content |
|---|---|
references/database_schema.md | Drizzle schema definitions for People, Sessions, and Accounts |
references/frontend_integration.md | Docusaurus swizzling and React context patterns |
references/better_auth_api.md | Core API reference for server and client |
references/security_best_practices.md | PKCE, CORS, and Secret management |
Scripts
- •
scripts/validate_env.py- Validates that all required environment variables are set.
Common Pitfalls
- •Neon Cold Starts: Always use the serverless-aware Drizzle drivers for edge functions.
- •CORS Mismatch:
BETTER_AUTH_URLmust match the actual frontend URL exactly. - •Docusaurus SSR: Ensure auth client only runs on the client-side to avoid hydration mismatches.
Implementation Checklist
- •
.envvariables verified - • Drizzle migrations applied and tables exist in Neon
- •
auth.tsexported and correctly configured - • Frontend
authClientinitialized - •
Rootcomponent swizzled for global auth state - • Login/Logout flows tested end-to-end
- • Role-based access verified (if applicable)