AgentSkillsCN

authentication

借助 Better Auth 实现身份认证与授权——支持邮箱/密码登录、OAuth(Google、GitHub、Discord)、2FA/TOTP、密码密钥/WebAuthn、魔法链接、会话管理、基于角色的访问控制(RBAC)、组织架构与多租户管理,以及速率限制。采用与框架无关的 TypeScript 开发。适用于为任意 Web 应用添加身份认证功能。

SKILL.md
--- frontmatter
name: authentication
description: Authentication & authorization with Better Auth — email/password, OAuth (Google, GitHub, Discord), 2FA/TOTP, passkeys/WebAuthn, magic links, session management, RBAC, organizations/multi-tenant, rate limiting. Framework-agnostic TypeScript. Use for adding auth to any web app.
license: MIT

Authentication Mastery (Better Auth)

Framework-agnostic TypeScript authentication with Better Auth. Supports email/password, social OAuth, 2FA, passkeys, and enterprise features.

Auth Method Selection

MethodUse WhenComplexity
Email/PasswordStandard web app, full controlLow
OAuth (GitHub/Google)Quick signup, social integrationLow
Magic LinkPasswordless, email-first usersMedium
Passkeys/WebAuthnMaximum security, modern browsersMedium
2FA/TOTPEnhanced security requirementMedium
Organization/Multi-tenantSaaS, team featuresHigh

Quick Start

bash
npm install better-auth
env
BETTER_AUTH_SECRET=<generated-secret-32-chars-min>
BETTER_AUTH_URL=http://localhost:3000

Server Setup

typescript
// lib/auth.ts
import { betterAuth } from "better-auth"

export const auth = betterAuth({
  database: { /* see references/database-integration.md */ },
  emailAndPassword: { enabled: true, autoSignIn: true },
  socialProviders: {
    github: {
      clientId: process.env.GITHUB_CLIENT_ID!,
      clientSecret: process.env.GITHUB_CLIENT_SECRET!,
    },
    google: {
      clientId: process.env.GOOGLE_CLIENT_ID!,
      clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
    }
  }
})

Client Setup

typescript
// lib/auth-client.ts
import { createAuthClient } from "authentication/client"

export const authClient = createAuthClient({
  baseURL: process.env.NEXT_PUBLIC_BETTER_AUTH_URL || "http://localhost:3000"
})

Mount API (Next.js)

typescript
// app/api/auth/[...all]/route.ts
import { auth } from "@/lib/auth"
import { toNextJsHandler } from "authentication/next-js"
export const { POST, GET } = toNextJsHandler(auth)

Basic Usage

typescript
// Sign up
await authClient.signUp.email({ email, password, name })

// Sign in
await authClient.signIn.email({ email, password })
await authClient.signIn.social({ provider: "github" })

// Session (React hook)
const { data: session } = authClient.useSession()

// Protected route
if (!session) redirect('/login')

Reference Navigation

Implementation Checklist

  • Install better-auth, set env vars
  • Create auth server with database config
  • Run npx @authentication/cli generate for schema
  • Mount API handler in framework
  • Create client instance
  • Build sign-up/sign-in UI
  • Add session management
  • Set up protected routes/middleware
  • Configure email sending (verification/reset)
  • Enable rate limiting for production
  • Add plugins as needed (regenerate schema after)

Related Skills

SkillWhen to Use
nextjs-turborepoNext.js integration, API routes
databasesUser data storage, session management
rust-backend-advanceRust backend authentication patterns
testingAuthentication flow testing