> A hard lesson you learn building a complex system is that its reliability is the minimum of the combined reliability of its critical parts.

It's worse than that, the combined availability is the product of all components in the critical path. If your software, the authentication layer, and the cloud provider each have 99% availability, and any one of them can bring your service down, then your final availability is just 97%.

It gets worse the more layers you have, and you probably have a lot more layers than that. If you have eleven components in your critical path, each with "three nines" of availability, your final service will have a single nine. That's why reducing components and going for reliable solutions is so important.

Can someone more intelligent then me tell me why should I offload my postgres users table to some 3rd party provider? Like what is so hard about keeping that table in my VM on hetzner that I have to give it off to someone else? It's not payments, it's just a few fields of data

Hey, Bereket from Better Auth here. I started Better Auth to solve this exact issue for myself, and it later turned into a company. It always give me joy to just see others getting the same value from it :) There is a lot to work on, would love to know what we can improve

I enjoyed the Supabase migration article from a while ago (https://blog.val.town/blog/migrating-from-supabase) as well. There's a shortage of good, honest writing on long-term engineering decisions, please keep up the blog!

This is why I'm so thankful I went with Lucia early. They sort of sunset their library and replaced it with documentation (and some small utilities) for how to manage and host authentication for yourself. It's always presented as some big, scary thing you can't manage yourself, but I found that taking the week to learn how security and basic salting works, I was able to feel more confident about how everything worked.

Using Clerk, quite unhappy with it. No proper RBAC (roles are tied to organizations, not stored on user itself, so you cannot have a concept of global admin or something like that, unless you use metadata for storing arbitrary key value paris), and more than once in the past weeks/months it had a downtime causing the whole app to fail.

Would think twice before using it in the future.

You could almost call the comparison between Clerk and Better Auth unfair. One is a service and one is a library, apples to oranges. Any third-party service integrated into a stack is a liability, libraries as well, but to a lesser degree. It’s about time for more services to be replaced by libraries. Better Auth really shows how to do that imo, it’s a library that integrates on the frontend, backend, and database. This is why it’s so good.

If anything I feel like Clerk adoption is becoming the norm in recent years. I started using it about a year ago and found it to have troublesome reliability.

Tom's articles are always a good read.

Anyone remember Auth0 and passportjs?

The churn of auth services is never ending, but I suppose so are the standards.

Does Better Auth still have the weird design to be everything “request header based”? I remember running admin scripts and tests to be very hacky due to it cause if you skipped that plugins wouldn’t run

what do you get from Better Auth btw? When I used it last year, I still found it lacking and it seemed to be run by one guy.

> Some important context is that Clerk is a major success. They just raised 50 million dollars and they have lots of satisfied users.

And even more users who are looking to escape. Clerk is just a mess. They are trying to cram EVERYTHING into their libraries: Web3 crap, Stripe, etc. Clerk's JS blob is now triggering the browser inspectors for being slow to load.

Every time when we upgraded React, Clerk libraries were the biggest pain with their transitive dependencies. We had issues with Stripe libraries with conflicting versions, etc.

And forget about debugging it. The libraries are obfuscated, and the TS code is impenetrable mess of abstractions to support "isomorphic" code that can run transparently on the frontend and backend.

And their platform itself is lacking important functionality, like freaking audit logs and versioning. Somebody (probably) accidentally changed a setting in their console, and we couldn't trace back when it happened or who did it.

Edit: oh yeah, and don't forget their unreliability. I had to wake up on Sunday to deal with Clerk failing the API calls for token refreshes last week.

Better auth is great! I love how it's way more hackable than using a something like Clerk. We were able to add a plugin to allow auth via iframe postMessage (embedded in a CRM) and everything worked seamlessly.

If you're in Elixir-land, I've put together a few packages to help migrating from Supabase (or other stacks):

- https://github.com/agoodway/introspex (generate Ecto Schemas from postgres tables)

- https://github.com/agoodway/pgrest (Supabase/PostgREST compatible query engine)

I also found this helpful in the migration: https://github.com/supabase-community/supabase-ex

Nothing for auth, I basically did a one-off script for that. Phoenix auth stuff that comes out of the box is great.

I've just stuck with Auth0 for years now.

Easy to use and high reliability. Some of these other providers are not the best at reliability.

The homepage of val.town says "Zapier for know-code engineers".. Is KNOW-code engineer a term?