description: Better Auth conventions globs: ["/auth.ts", "/auth-client.ts", "/api/auth/"] alwaysApply: false
- One server instance:
export const auth = betterAuth({ … })inlib/auth.ts. Server-only — never import it into client code. - Secrets from env (
BETTER_AUTH_SECRET,BETTER_AUTH_URL); never hardcode them. - Persist via a database adapter (
drizzleAdapter/prismaAdapter) matching your DB. Generate the schema withnpx @better-auth/cli generate, then apply it with your migration tool — don't hand-edit auth tables. - Mount once: Next App Router
app/api/auth/[...all]/route.ts→toNextJsHandler(auth). - Client:
createAuthClient()frombetter-auth/react; for every server plugin add its matching client plugin. - In Next,
nextCookies()must be the last plugin so server actions set cookies. - Read sessions server-side with
auth.api.getSession({ headers: await headers() })— pass headers; don't parse cookies by hand. - Add features (twoFactor, passkey, organization, magicLink, admin) via official plugins rather than rolling your own.