DiscordSign up
SKILLS.SH

create-auth-skill

Scaffold and implement authentication in TypeScript/JavaScript apps with Better Auth framework detection, database adapter setup, and OAuth integration. Detects frameworks (Next.js, SvelteKit, Nuxt, Astro, Express, Hono), databases (Prisma, Drizzle, MongoDB, raw drivers), and existing auth libraries through project scanning Supports email/password, OAuth (Google, GitHub, Apple, Microsoft, Discord, Twitter), magic links, passkeys, and phone authentication with configurable email verification and password reset Includes plugins for two-factor authentication, organizations/teams, admin dashboards, API bearer tokens, and enterprise SSO via scoped packages Generates server config (auth.ts), client config (auth-client.ts), route handlers, database migrations, and auth UI pages tailored to your framework and requirements

INSTALLATION
npx skills add https://github.com/better-auth/skills --skill create-auth-skill
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

$2a

Use what you find to pre-fill defaults and skip questions you can already answer.

Step 2: Ask planning questions

Use the AskQuestion tool to ask the user all applicable questions in a single call. Skip any question you already have a confident answer for from the scan. Group them under a title like "Auth Setup Planning".

Questions to ask:

-

Project type (skip if detected)

  • Prompt: "What type of project is this?"
  • Options: New project from scratch | Adding auth to existing project | Migrating from another auth library

-

Framework (skip if detected)

  • Prompt: "Which framework are you using?"
  • Options: Next.js (App Router) | Next.js (Pages Router) | SvelteKit | Nuxt | Astro | Express | Hono | SolidStart | Other

-

Database & ORM (skip if detected)

  • Prompt: "Which database setup will you use?"
  • Options: PostgreSQL (Prisma) | PostgreSQL (Drizzle) | PostgreSQL (pg driver) | MySQL (Prisma) | MySQL (Drizzle) | MySQL (mysql2 driver) | SQLite (Prisma) | SQLite (Drizzle) | SQLite (better-sqlite3 driver) | MongoDB (Mongoose) | MongoDB (native driver)

-

Authentication methods (always ask, allow multiple)

  • Prompt: "Which sign-in methods do you need?"
  • Options: Email & password | Social OAuth (Google, GitHub, etc.) | Magic link (passwordless email) | Passkey (WebAuthn) | Phone number
  • allow_multiple: true

-

Social providers (only if they selected Social OAuth above — ask in a follow-up call)

  • Prompt: "Which social providers do you need?"
  • Options: Google | GitHub | Apple | Microsoft | Discord | Twitter/X
  • allow_multiple: true

-

Email verification (only if Email & password was selected above — ask in a follow-up call)

  • Prompt: "Do you want to require email verification?"
  • Options: Yes | No

-

Email provider (only if email verification is Yes, or if Password reset is selected in features — ask in a follow-up call)

  • Prompt: "How do you want to send emails?"
  • Options: Resend | Mock it for now (console.log)

-

Features & plugins (always ask, allow multiple)

  • Prompt: "Which additional features do you need?"
  • Options: Two-factor authentication (2FA) | Organizations / teams | Admin dashboard | API bearer tokens | Password reset | None of these
  • allow_multiple: true

-

Auth pages (always ask, allow multiple — pre-select based on earlier answers)

  • Prompt: "Which auth pages do you need?"
  • Options vary based on previous answers:
  • Always available: Sign in | Sign up
  • If Email & password selected: Forgot password | Reset password
  • If email verification enabled: Email verification
  • allow_multiple: true

-

Auth UI style (always ask)

  • Prompt: "What style do you want for the auth pages? Pick one or describe your own."
  • Options: Minimal & clean | Centered card with background | Split layout (form + hero image) | Floating / glassmorphism | Other (I'll describe)

Step 3: Summarize the plan

After collecting answers, present a concise implementation plan as a markdown checklist. Example:

## Auth Implementation Plan

- **Framework:** Next.js (App Router)

- **Database:** PostgreSQL via Prisma

- **Auth methods:** Email/password, Google OAuth, GitHub OAuth

- **Plugins:** 2FA, Organizations, Email verification

- **UI:** Custom forms

### Steps

1. Install `better-auth` and `@better-auth/cli`

2. Create `lib/auth.ts` with server config

3. Create `lib/auth-client.ts` with React client

4. Set up route handler at `app/api/auth/[...all]/route.ts`

5. Configure Prisma adapter and generate schema

6. Add Google & GitHub OAuth providers

7. Enable `twoFactor` and `organization` plugins

8. Set up email verification handler

9. Run migrations

10. Create sign-in / sign-up pages

Ask the user to confirm the plan before proceeding to Phase 2.

Phase 2: Implementation

Only proceed here after the user confirms the plan from Phase 1.

Follow the decision tree below, guided by the answers collected above.

Is this a new/empty project?

├─ YES → New project setup

│   1. Install better-auth (+ scoped packages per plan)

│   2. Create auth.ts with all planned config

│   3. Create auth-client.ts with framework client

│   4. Set up route handler

│   5. Set up environment variables

│   6. Run CLI migrate/generate

│   7. Add plugins from plan

│   8. Create auth UI pages

│

├─ MIGRATING → Migration from existing auth

│   1. Audit current auth for gaps

│   2. Plan incremental migration

│   3. Install better-auth alongside existing auth

│   4. Migrate routes, then session logic, then UI

│   5. Remove old auth library

│   6. See migration guides in docs

│

└─ ADDING → Add auth to existing project

    1. Analyze project structure

    2. Install better-auth

    3. Create auth config matching plan

    4. Add route handler

    5. Run schema migrations

    6. Integrate into existing pages

    7. Add planned plugins and features

At the end of implementation, guide users thoroughly on remaining next steps (e.g., setting up OAuth app credentials, deploying env vars, testing flows).

Installation

Core: npm install better-auth

Scoped packages (as needed):

Package

Use case

@better-auth/passkey

WebAuthn/Passkey auth

@better-auth/sso

SAML/OIDC enterprise SSO

@better-auth/stripe

Stripe payments

@better-auth/scim

SCIM user provisioning

@better-auth/expo

React Native/Expo

Environment Variables

BETTER_AUTH_SECRET=<32+ chars, generate with: openssl rand -base64 32>

BETTER_AUTH_URL=http://localhost:3000

DATABASE_URL=<your database connection string>

Add OAuth secrets as needed: GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, GOOGLE_CLIENT_ID, etc.

Server Config (auth.ts)

Location: lib/auth.ts or src/lib/auth.ts

Minimal config needs:

  • database - Connection or adapter
  • emailAndPassword: { enabled: true } - For email/password auth

Standard config adds:

  • socialProviders - OAuth providers (google, github, etc.)
  • emailVerification.sendVerificationEmail - Email verification handler
  • emailAndPassword.sendResetPassword - Password reset handler

Full config adds:

  • plugins - Array of feature plugins
  • session - Expiry, cookie cache settings
  • account.accountLinking - Multi-provider linking
  • rateLimit - Rate limiting config

Export types: export type Session = typeof auth.$Infer.Session

Client Config (auth-client.ts)

Import by framework:

Framework

Import

React/Next.js

better-auth/react

Vue

better-auth/vue

Svelte

better-auth/svelte

Solid

better-auth/solid

Vanilla JS

better-auth/client

Client plugins go in createAuthClient({ plugins: [...] }).

Common exports: signIn, signUp, signOut, useSession, getSession

Route Handler Setup

Framework

File

Handler

Next.js App Router

app/api/auth/[...all]/route.ts

toNextJsHandler(auth) → export { GET, POST }

Next.js Pages

pages/api/auth/[...all].ts

toNextJsHandler(auth) → default export

Express

Any file

app.all("/api/auth/*", toNodeHandler(auth))

SvelteKit

src/hooks.server.ts

svelteKitHandler(auth)

SolidStart

Route file

solidStartHandler(auth)

Hono

Route file

auth.handler(c.req.raw)

Next.js Server Components: Add nextCookies() plugin to auth config.

Database Migrations

Adapter

Command

Built-in Kysely

npx @better-auth/cli@latest migrate (applies directly)

Prisma

npx @better-auth/cli@latest generate --output prisma/schema.prisma then npx prisma migrate dev

Drizzle

npx @better-auth/cli@latest generate --output src/db/auth-schema.ts then npx drizzle-kit push

Re-run after adding plugins.

Database Adapters

Database

Setup

SQLite

Pass better-sqlite3 or bun:sqlite instance directly

PostgreSQL

Pass pg.Pool instance directly

MySQL

Pass mysql2 pool directly

Prisma

prismaAdapter(prisma, { provider: "postgresql" }) from better-auth/adapters/prisma

Drizzle

drizzleAdapter(db, { provider: "pg" }) from better-auth/adapters/drizzle

MongoDB

mongodbAdapter(db) from better-auth/adapters/mongodb

Common Plugins

Plugin

Server Import

Client Import

Purpose

twoFactor

better-auth/plugins

twoFactorClient

2FA with TOTP/OTP

organization

better-auth/plugins

organizationClient

Teams/orgs

admin

better-auth/plugins

adminClient

User management

bearer

better-auth/plugins

-

API token auth

openAPI

better-auth/plugins

-

API docs

passkey

@better-auth/passkey

passkeyClient

WebAuthn

sso

@better-auth/sso

-

Enterprise SSO

Plugin pattern: Server plugin + client plugin + run migrations.

Auth UI Implementation

Sign in flow:

  • signIn.email({ email, password }) or signIn.social({ provider, callbackURL })
  • Handle error in response
  • Redirect on success

Session check (client): useSession() hook returns { data: session, isPending }

Session check (server): auth.api.getSession({ headers: await headers() })

Protected routes: Check session, redirect to /sign-in if null.

Security Checklist

  • BETTER_AUTH_SECRET set (32+ chars)
  • advanced.useSecureCookies: true in production
  • trustedOrigins configured
  • Rate limits enabled
  • Email verification enabled
  • Password reset implemented
  • 2FA for sensitive apps
  • CSRF protection NOT disabled
  • account.accountLinking reviewed

Troubleshooting

Issue

Fix

"Secret not set"

Add BETTER_AUTH_SECRET env var

"Invalid Origin"

Add domain to trustedOrigins

Cookies not setting

Check baseURL matches domain; enable secure cookies in prod

OAuth callback errors

Verify redirect URIs in provider dashboard

Type errors after adding plugin

Re-run CLI generate/migrate

Resources

BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

find-skills
2/3

Discover and install specialized agent skills from the open ecosystem when users need extended capabilities. Helps identify relevant skills by domain and task when users ask "how do I do X" or "find a skill for X" Integrates with the Skills CLI ( npx skills find , npx skills add ) to search, verify, and install packages from the skills.sh directory Recommends skills based on install count, source reputation, and GitHub stars to ensure quality before suggesting installation Presents skill options with install commands and links to skills.sh for user review and one-click installation

Verified authorvercel-labs
SKILLS.SH
1.5M19.6K
2026-05-22
vercel-react-best-practices
3/3

React and Next.js performance optimization guide with 64 prioritized rules across 8 categories. Organized by impact level, from critical waterfalls and bundle optimization down to advanced patterns, each rule includes incorrect/correct code examples and explanations Covers eight domains: async patterns, bundle size, server-side caching, client-side data fetching, re-render optimization, rendering performance, JavaScript efficiency, and advanced patterns Designed for use during component writing, code review, refactoring, and performance audits on React and Next.js applications Each rule has a prefix code (e.g., async-parallel , bundle-barrel-imports ) for easy reference in automated tooling and documentation

Verified authorvercel-labs
SKILLS.SH
389K26.9K
2026-05-22
azure-validate
2/3

Pre-deployment validation for Azure infrastructure, configuration, and permissions before deployment. Requires .azure/plan.md from a prior azure-prepare run; stops immediately if the plan is missing Executes recipe-specific validation commands (azd provision, bicep build, terraform validate) and records proof in the plan document Performs build verification, configuration checks, and permission validation; blocks deployment if any check fails Only authorized method to set plan status to Validated ; must be followed by azure-deploy skill to execute the actual deployment

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22
appinsights-instrumentation
3/3

Guidance and reference material for instrumenting webapps with Azure Application Insights. Covers SDK setup, telemetry patterns, and configuration for ASP.NET Core and Node.js applications hosted in Azure Distinguishes between this skill (reference and guidance) and azure-prepare (actual implementation); invoke azure-prepare when the user wants to add instrumentation to their project Provides auto-instrumentation guidance for C# ASP.NET Core apps in Azure App Service, plus manual instrumentation paths for creating App Insights resources via Bicep templates or Azure CLI Includes language-specific code modification guides for ASP.NET Core, Node.js, and Python, plus quick references for OpenTelemetry SDKs and exporters

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card