Production-ready authentication with Better Auth and Encore. Encore provisions the database and manages secrets. Better Auth handles users, sessions, and OAuth.
- Database provisioned automatically by Encore (PostgreSQL)
- Better Auth configured with email/password login
- Auth routes exposed at
/auth/*via a raw endpoint - Auth handler that validates sessions for protected endpoints
- Protected endpoint at
/profilethat requires authentication - Frontend at
/sitewith a sign-in/sign-up form
-
Install Encore if you haven't already:
curl -L https://encore.dev/install.sh | bash -
Create a new app from this example:
encore app create --example=ts/betterauth
-
Set your auth secret (generate one with
openssl rand -base64 32):encore secret set --type dev,local,pr,production AuthSecret -
Make sure Docker is running (Encore uses it for the local database).
-
Run the app:
encore run
-
Open http://localhost:4000/site to sign up and sign in.
To enable GitHub login:
- Create an OAuth app at GitHub Developer Settings. Set the callback URL to
http://localhost:4000/auth/callback/github. - Uncomment the
socialProviderssection inauth/auth.ts. - Set the secrets:
encore secret set --type local GithubClientId encore secret set --type local GithubClientSecret
Better Auth supports 20+ OAuth providers including Google, Discord, Apple, and more.