10 Better Auth plugins that every SaaS should use

When it comes to building software, my go-to provider for authentication is Better Orth. And I'm certainly not alone. Some of the popular reasons you'll find as to why people love to use Better Orth include the fact that it's open- source, highly configurable, has a great developer experience, and lets you keep full control of your own application data. Whilst I personally appreciate each and every one of these points, perhaps the biggest reason as to why I use better orth is because it not only saves me time when it comes to setting up authentication, uh, but it speeds up the entire process of building a SAS application. This is due to its fantastic plug-in system which makes it incredibly simple to not only add orth based features into your applications uh things like API keys, magic links, or simply checking to see whether a password has been pawned, but it also makes adding in other core features incredibly easy as well. Things like setting up payments, adding in bot protection or zerorust security, or simply just adding in an improved user experience. So, in this video, I'm going to go through 10 of my favorite Better Orth plugins. Ones that have not only saved me weeks worth of work, but make it incredibly easy to ship better products. The first plugin on this list isn't one I would actually consider to be related to orth, but it's such a huge timesaver that it deserves to be on this list. This is the Stripe plugin, which I personally think is the best plugin out there for better or tragically is one I don't even use. If you've ever integrated Stripe into a product before, then you'll know that whilst it starts simple, it quickly becomes quite a bit of a chore. Typically, when integrating with Stripe, you need to implement various different things such as customer creation, checkout management, subscription handling, and my least favorite, web hooks. All of which ends up being rather tedious to implement by hand. Fortunately, this is where the better or plug-in comes in, as it does pretty much all of the heavy lifting of these tasks for you. Whether it's automatically creating a customer on user signup, opening up a checkout page for a product using a single function, automatically handling web hooks, including verification and updating any user records when a user makes a purchase, and perhaps my favorite of all, easily managing subscription plans, which is achieved by defining the plans your product offers inside of the subscription fields of the Stripe plug-in. The configuration for these plans includes the Stripe price ID for monthly tiers, an optional price ID for any annual pricing, usage limits, and of course any free trials. Then with the plans defined, you can manage them using the Better Orth client. Whether it's to create a subscription for a user, switch the underlying plan a user has, list any active subscriptions for the current user, or to just simply cancel the subscription outright. Personally, I find the Stripe plug-in saves a huge amount of time when it comes to setting up payments for any SAS product. So much so that it completely taints the idea of doing it by hand, which is why it's a real shame that I don't actually use this plugin. This is because for payments, I instead use polar.sh, which fortunately does have a better or plugin, uh, but it's just not as fullfeatured. One thing that I do use when it comes to my applications, however, is multiple authentication methods, which is incredibly easy to achieve when using better orth as it provides support for many different methods out of the box, including email password credentials, magic link, and various oorthth providers such as Google, GitHub, and everyone's favorite, Roblox. Whilst having this versatility is ultimately a good thing, it can sometimes end up being somewhat of a drawback when it comes to user experience, especially I find when there's two options or more. Fortunately, that's where the second plugin on this list comes in called Last Log Method. And whilst it isn't the biggest timesaver, it's absolutely one that I think every user will appreciate. This plug-in allows you to store information about which login method a user last used, which means you can use it to provide a helpful indicator on your OR page, letting the user know which sign-in method they last used. Whilst this isn't the biggest feature to implement by hand, uh it's incredibly simple to do so when using better orth, as all you need to do is add both the serverside and client side plugins to their respective orth configuration plugins list. Upon doing so, you'll then have access to two new functions inside of the orth client. a get last used login method which will return a string containing the name of the last method used and is last used login method which accepts a string and returns a boolean. You can use either of these functions with the login form to display a simple indicator next to the associated login method letting the user know which one they last used improving your application's user experience at the cost of a couple of lines of code. Personally, however, when it comes to authentication methods, I'm still a fan of using simple email password authentication. And whilst better makes this incredibly easy to set this up, you do still have to be somewhat considerate when it comes to security, especially when it comes to preventing bots, of which there are two main approaches. The first is to use rate limiting, which better provides out of the box, uh, meaning that you don't have to implement it yourself or configure it inside of your infrastructure, although it is still a good idea to do so. The second approach to mitigating bots is to issue a challenge, which can be achieved using the next plug-in, capture. This plug-in makes it incredibly easy to add a capture challenge as part of your authentication flow and supports a number of different providers, including Google Recapture, Cloudflare Turnstyle, H Capture, and Capture Fox. The capture service that I personally prefer to use is Cloudflare Turnstyle, which I believe gives the best balance of user experience and bot protection. To set it up using better orth is as simple as the code on screen, setting the capture provider you want and then setting the secret key of that provider instance. Once the plug-in is then added to your project, it'll automatically protect three key endpoints. Signup/ email, sign in/ email, and forget password. All three of which are especially susceptible when it comes to bots. Additionally, you can also configure this plug-in to work with other endpoints that you may want to protect as well. Once the plug-in is enabled, each of these three and any other configured endpoints then require a capture token to be sent in the request header, which can be obtained using the relevant capture service. The documentation provides some example packages you can use to implement your capture on the front end uh for whichever service you've configured. Out of all of the plugins on this list, uh this one probably requires the most amount of work. But even still, better or really reduces the amount it would normally take. And because it's still easier to set up, then it means I don't skip adding in capture to my projects, uh, like I do like day. Okay, so this next plugin is one that allows me to use better orth across multiple different services and also with languages that don't natively support it. This is the JWT plugin, which when added to better orth provides support for generating JSON web tokens for authenticated users. In addition to providing this ability, it will also publish a JWKS or JW key store endpoint which is used to expose the public key of the key pair used to sign your JWT tokens. This means any downstream services can easily access this public key and verify that the JWT is signed by your orth service. By using the JWT plug-in, it means you can easily add authentication support and zero trust security to other services that you might have by simply implementing JWT support, which most languages have a package for. Personally, I like to use this plug-in so that I can have a dedicated TypeScript server just for better orth and then make use of a more agreeable language such as Go or more recently Rust. Lately, however, it turns out that I no longer even need to use a TypeScript server to add support for better OR, thanks to a brand new feature provided by my Postgres provider and the sponsor of today's video, Neon. This feature is their brand new Neon Orth V2, which is a hosted implementation of the better server, directly integrating it with your Neon Postgres database. To add Neonorth V2 to a project is as simple as navigating over to the orth section in the Neon database dashboard, followed by clicking enable, which will then set up the authentication server and add in the necessary tables to your database schema. Then if you head on over to the configuration tab, you can find the orth URL for connecting your better or client uh which you can achieve by pasting it in to the base URL of the client configuration. Because Neon or is using better or under the hood, then this also means that there's no vendor lockin, especially as all of the data is written to your own Neon Postgres database, which means you get all of the features that Neon provides, including instant branching, data anonymization, and point in time recovery. Best of all, all of this is available for free as you get up to 60,000 monthly active users on the free tier of Neon and up to 1 million when you use a paid plan. So, to get your own database to use with Neonorth V2 powered by BetterAth, then visit neon.com/dreamsofcode or click the link in the description down below. A big thank you to Neon for sponsoring this video. Okay, so the fifth plugin on this list is one that I've always implemented by hand in the past, but now I just rely entirely on this plug-in instead. This is the admin plugin, which allows you to define users with the admin role. Whilst this may seem rather simple on the surface, it ends up unlocking a huge number of user management features. These include the ability to create, list, and update users, the ability to ban or unban users, and the ability to manage user sessions, such as listing them or revoking them. Now, to be fair, most of these features are reasonably simple to implement, uh, which is why I've always done so in the past. However, where this package really shines is in a couple of more advanced features. The first is role-based access control which allows you to easily manage and create roles and permissions. The second one which is perhaps my favorite is user impersonation which is incredibly useful both for debugging in prod and when providing user support two areas I always appreciate as much help as I can possibly get which fortunately the admin plugin provides. So the next plugin on this list is one that's incredibly useful for any product which provides a public API. This is the API key plugin which when added to better allows a user to generate an API key that they can use. Whilst this functionality may seem like it's simple enough, uh this plug-in is actually rather comprehensive, providing pretty much any requirement you can think of when it comes to the humble API key, including custom API key permissions, the ability to create a key with an expiration, uh the ability to delete an API key, rate limiting for both individual keys and all API keys in general, and perhaps my favorite feature, the ability to set a custom prefix, which is another nice developer experience that's popped up over the past couple of years. As I mentioned, this plugin is extremely comprehensive. So, if you want to see every feature that it provides, then I recommend checking out the documentation. Uh, there's a link to it in the description down below. So, plug-in number seven on this list is one that's a little bit dear to my heart as it's incredibly useful for anybody who likes to build CLI applications. This is the device authorization plug-in, which is used to enable authentication for devices with limited input capabilities, uh, such as CLI applications. The way it works is it achieves authentication through an implementation of RFC8682, which is the OOTH 2.0 device authorization grant. For those of us who haven't memorized every RFC out there, uh this is basically the login flow that you typically encounter when you authorize a CLI. Uh if you've ever used the GitHub CLI, then you know what this looks like. If you haven't used it however then fortunately the better or CLI itself provides an example you can invoke using the login subcommand which will perform the relevant device flow as you can see on my screen under the hood this flow does a few different steps each of which is really important as is pretty much the case with every RFC implementation whilst implementing all of this by hand is possible again by using better orth it just gives you so much time back which can be spent doing far more interesting things so plugin number eight is really useful If you want your application to have B2B customers, uh, which every application should really strive to do because that's where all the money is at, this is the organization plug-in, which allows you to easily enable organization support when it comes to your application's authentication. Whilst organizations feels like it might be simple to implement yourself. Uh, once you start getting into the requirements that you may need such as teams, roles, access controls, and of course, invites, then the scope of work to roll this feature yourself uh can really start to explode. Fortunately, again, the Better Orth plugin provides all of this out of the box, saving a huge amount of time. If that wasn't good enough by itself, by fusing the organizations plugin with another that we looked at already, it provides even more functionality. This is the Stripe plugin, which when paired with this plug-in allows you to associate a subscription with an organization instead of an individual user, which makes supporting B2B use cases incredibly simple. So, plug-in number nine is one that if I'm being honest, I would never implement by hand, but as a user, it's something I've come to appreciate quite a lot recently. This is support for pass keys, which if you're not familiar with are a passwordless authentication method built on top of web orn. Instead [clears throat] of typing out a password, you authenticate using your device. Things such as face ID, Touch ID, or a hardware key such as a UB key. Uh, by the way, I know I've promised a few folk on a video on UB keys soon. I've got one planned to come out in the next couple of months. Normally implementing pass keys requires quite a bit of work, especially when it comes to generating keys and cryptography. When it comes to the better or pass key plug-in, however, all it takes is two function calls to set it up. One to register a key and one to log in. Of course, the plug-in doesn't just stop there as it also provides a number of methods for users to manage their own pass keys. Again, this is another plug-in that I would really recommend, especially in 2026, as it provides users with a modern authentication experience that I personally think is perhaps the way forward. Okay, so the last plugin on this list is probably going to be the least impressive, but for me, it encapsulates a lot of the benefits of what better or provides. This is the two-factor plug-in, which as the name implies, provides the ability to set up and manage two-factor or multiffactor authentication. The plug-in [clears throat] provides support for three different MFA approaches. Uh one-time passwords, i.e. OTP, which is where a code is sent to either the user's email or phone. Timed one-time passwords or TOTP, which are used with apps like Google Authenticator or UB Keys. And backup codes, which are really important for any MFA implementation. Like pretty much all of the plugins on this list, setting up the 2FA plugin is as simple as adding it to your plugins list in your better orth server and client configuration and then migrating your database. Upon doing so, you'll then have a bunch of methods in the better or client for managing multiffactor authentication. What makes this plug-in so great for myself to be included on this list is what it represents. Because when you compare setting this up to enabling it on other or providers, this feature can cost at least $100 a month, which in my opinion is completely outrageous. This really goes to show how much value Better Orth provides through these fantastic plugins, which not only helps me to save time when building software, uh, but it also allows me to save money whilst enabling me to have ownership of my own application data. Speaking of which, I want to give a big thank you to the sponsor of today's video, Neon. If you're interested in using their new v2 orth feature, which allows you to use better orth directly integrated into your neon postgres database without needing to deploy a typescript server, then make sure to head on over to neon.com/dreamsofcode by using the link in the description down below. Otherwise, that's all from me. But a big thank you to you for watching and I'll see you on the next one.

...and I wouldn't build a product without using them in 2026. To get your own Neon Auth instance, powered by Better Auth, then visit https://get.neon.com/OXPYD7k There's many things to love about Better Auth. It's open source, self deploy-able, can be used as part of a monolith or dedicated service, and is EXTREMELY developer friendly. One of the best parts, in my opinion however, is it's fantastic plugin system, which even the logo suggestes. By adding plugins to better auth, you can turn it from a simple authentication provider into a powerful framework for the foundation of any good product. Of course, there are many different plugins out there, and knowing which ones to use can sometimes be lost. Therefore, I decided to share 10 of my favorite Better Auth plugins, ones which just save so much time. A portion of this video is sponsored by Neon Watch my course on building cli applications in Go: https://dreamsofcode.io/courses/cli-apps-go/learn 👈 How I edit my videos: https://getkiru.app Links: Better Auth: https://www.better-auth.com/docs/introduction API Key Plugin: https://www.better-auth.com/docs/plugins/api-key Stripe Plugin: https://www.better-auth.com/docs/plugins/stripe Neon Auth Docs: https://neon.com/docs/auth/overview My Gear: - Camera: https://amzn.to/3E3ORuX - Microphone: https://amzn.to/40wHBPP - Audio Interface: https://amzn.to/4jwbd8o - Headphones: https://amzn.to/4gasmla - Keyboard: ZSA Voyager Join this channel to get access to perks: https://www.youtube.com/channel/UCWQaM7SpSECp9FELz-cHzuQ/join Join Discord: https://discord.com/invite/eMjRTvscyt Join Twitter: https://twitter.com/dreamsofcode_io 00:00:00 #0 - Intro 00:01:07 #1 - Stripe 00:02:58 #2 - Last Login Method 00:04:30 #3 - Captcha 00:06:23 #4 - JWT 00:07:33 Sponsor 00:08:43 #5 - Admin 00:09:44 #6 - API Keys 00:10:34 #7 - Device Authorization 00:11:38 #8 - Organziations 00:12:31 #9 - Passkeys 00:13:31 #10 - 2fa