Why Better Auth Over Lucia, Clerk, and Auth0
January 25, 2025 · Magnus Rødseth
Why Better Auth Over Lucia, Clerk, and Auth0
Authentication is the foundation of trust between your users and your application. Get it wrong, and nothing else matters. This makes the auth decision one of the most consequential choices in any stack.
When choosing authentication for Eden Stack, I evaluated the spectrum: fully managed services (Clerk, Auth0), DIY libraries (Lucia), and the newer middle ground (Better Auth). Here's why Better Auth won — and why Eden Stack makes that choice even more compelling.
The Authentication Spectrum
Authentication solutions fall along a spectrum of control versus convenience:
DIY Library Managed Service
|------------------------|------------------------|
Lucia Better Auth Clerk, Auth0
(Full control) (Best of both) (Zero config)Each position has legitimate tradeoffs. Let's examine them.
Clerk & Auth0: The Managed Convenience
Clerk has become the darling of the indie hacker community. Auth0 remains the enterprise standard. Both offer genuine value:
What managed services do well:
- Zero configuration — authenticate users in minutes
- Pre-built UI components that look professional
- Handles security updates automatically
- Organization/team management out of the box
- Compliance certifications (SOC2, etc.)
If you're validating an idea this weekend and authentication is purely a checkbox, Clerk's free tier gets you there fast. That's real value.
The Vendor Lock-In Reality
But here's what happens at scale:
Clerk Pricing (as of 2025):
- Free: 10,000 monthly active users
- Pro: $0.02/MAU beyond free tier
- At 100,000 MAU: ~$1,800/month
- At 1,000,000 MAU: ~$18,000/month
Auth0 Pricing:
- Free: 25,000 MAU
- Enterprise: Custom pricing (typically $20,000+/year)
These aren't unreasonable prices for enterprise SaaS. But for a startup template meant to scale from zero to successful business, locking in five-figure annual auth costs felt wrong.
More importantly: your users aren't really yours. User data lives in Clerk's infrastructure. Session management is their implementation. If you ever need to migrate, you're facing a significant engineering project.
Lucia: The DIY Purist's Choice
On the other end sits Lucia — a minimal, framework-agnostic auth library. It's excellent for what it is: session management primitives that give you full control.
// Lucia: Build everything yourself
import { Lucia } from 'lucia';
const lucia = new Lucia(adapter);
// You implement everything: OAuth, email verification,
// password reset, organizations, 2FA...What Lucia does well:
- Complete control over your auth implementation
- No vendor lock-in whatsoever
- Minimal footprint, educational value
- Framework agnostic
The reality: Implementing production-ready auth with Lucia means building:
- Email/password flows with secure hashing
- OAuth integration for each provider
- Email verification flows
- Password reset flows
- Session management and rotation
- Two-factor authentication
- Organization/workspace management
- Invite flows
- Role-based access control
That's weeks of development before you ship a single feature. For a template meant to accelerate development, that defeats the purpose.
Better Auth: The Middle Ground
Better Auth occupies a unique position: ownership with batteries included.
// Better Auth: Full features, your database
import { betterAuth } from 'better-auth';
import { drizzleAdapter } from 'better-auth/adapters/drizzle';
import { db } from './db';
export const auth = betterAuth({
database: drizzleAdapter(db, { provider: 'pg' }),
emailAndPassword: { enabled: true },
socialProviders: {
google: {
clientId: process.env.GOOGLE_CLIENT_ID!,
clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
},
},
plugins: [
organization(), // Teams & workspaces
twoFactor(), // 2FA support
admin(), // Admin capabilities
],
});Notice what's happening: everything runs in your infrastructure, using your database. No external API calls for session validation. No user data leaving your servers. Full control, with features that would take weeks to build.
Organizations and Workspaces
This is where Better Auth truly shines for SaaS applications. The organization plugin provides:
// Create an organization
await auth.api.createOrganization({
body: {
name: 'Acme Corp',
slug: 'acme',
},
headers,
});
// Invite members
await auth.api.createInvitation({
body: {
organizationId: org.id,
email: 'teammate@example.com',
role: 'member',
},
headers,
});
// Role-based access
await auth.api.updateMemberRole({
body: {
organizationId: org.id,
userId: member.id,
role: 'admin',
},
headers,
});Building organization management from scratch is a multi-week project. Invitations, roles, permissions, member management — all the details that seem simple until you implement them. Better Auth handles this with a single plugin.
The Type-Safe API
Better Auth provides an RPC-like TypeScript client that feels modern:
import { createAuthClient } from 'better-auth/client';
const authClient = createAuthClient();
// Fully typed API
const { data: session } = await authClient.session.get();
const { data: orgs } = await authClient.organization.list();Combined with Elysia's type inference, you get end-to-end type safety for your entire auth flow.
The Eden Stack Advantage
Here's the key insight: Better Auth's value multiplies when combined with a well-configured template.
Eden Stack provides:
- Pre-built UI components — Login, register, password reset, organization management — all styled with your theme
- Database schema ready — Drizzle migrations for all auth tables
- API integration complete — Elysia routes mounted and configured
- Mobile support — Expo auth flows that just work
The main reason to reach for Clerk — "it comes with UI" — disappears when Eden Stack provides that UI with Better Auth underneath.
// Eden Stack: Pre-built auth pages
// apps/web/src/routes/login.tsx — styled and ready
// apps/web/src/routes/register.tsx — with validation
// apps/web/src/routes/onboarding.tsx — organization setup
// apps/mobile/app/(auth)/login.tsx — native mobileYou get Clerk's convenience with Better Auth's ownership.
When to Choose What
Choose Clerk or Auth0 when:
- You're validating an idea and speed is everything
- Enterprise compliance requirements demand their certifications
- Your budget comfortably absorbs their pricing at scale
- You genuinely don't want to think about auth ever
Choose Lucia when:
- You have specific requirements that don't fit standard patterns
- Educational purposes — learning how auth really works
- Very minimal applications where batteries-included is overkill
Choose Better Auth when:
- You want production-ready features without vendor lock-in
- Organization/workspace management is needed
- You're building a SaaS that needs to scale cost-effectively
- You value owning your user data and auth infrastructure
Why Eden Stack Uses Better Auth
For a template designed to help developers build real SaaS businesses, the calculus was clear:
- No vendor lock-in — Your users, your data, your infrastructure
- Batteries included — Organizations, 2FA, OAuth all work out of the box
- Cost effective — No per-user fees as you scale
- Type-safe — Excellent TypeScript support that fits our philosophy
- UI included — Eden Stack provides the components Clerk sells you
Better Auth recently raised $5M from Peak XV and YC — validation that this approach resonates. The library is actively maintained, well-documented, and growing rapidly.
Combined with the pre-built UI and configurations in Eden Stack, you get managed-service convenience with self-hosted freedom. That's the foundation every SaaS deserves.
This post reflects my opinions after building production applications with various authentication solutions. Clerk and Auth0 are excellent products — this isn't about them being bad, but about Better Auth being a better fit for Eden Stack's goals.