I'm very tempted to make the leap from Lucia to Better Auth for a greenfield project, but the thought of jumping yet again from one auth solution to another is making me hesitate. If there are any satisfied (or unsatisfied) devs who have attempted the Lucia -> Better Auth transition, I'd love to hear your thoughts on this!

Hey I just converted my 0-user project from Lucia to Better Auth, and I had a few notes.

Better Auth is great - it just works, but there were a few quirks I had to face, like how it handles everything for you using the auth client instead of giving you helper functions to use to handle login/register requests and make it customizable on the server side

The migration was very easy, since I had no users to worry about, I was able to drop my users and sessions table and use the Better Auth cli to generate a migration with all the tables I could need. Even with some initial problems I had with the auth client and having to restructure my login errors to handle what the auth client returns, I'm happy with my migration, and it opens up a whole host of plugins and features I can easily integrate in the future

Thanks for sharing, you've successfully tipped the Better Auth scales for me... Might be too early to tell, but would you say you prefer Lucia or Better Auth at this point? I really like Lucia because of how little magic there is and how I can understand/control everything related to auth. But I wonder if it loses its luster as a project grows.

I loved Lucia just because it gives you control over absolutely everything you want to do, but I'm starting to like the bits of magic that com with Better Auth - namely things like email verification, password resets, and rate limiting were thing I was planning to implement but dreaded having to code everything whereas they come built-in or as simple plugins for Better Auth.

Alright I'm sold haha. You basically described the emotions I imagined I would've experienced if I transitioned to Better Auth. Just needed to hear it from someone else. Cheers!

Lucia is deprecated https://github.com/lucia-auth/lucia/discussions/1707 so yea i ll jump if I were you

Pretty amazing deal imo, would highly recommend anyone still in school to nab this when they can

Timely article... I recently learned about self-hosted runners and set one up on a Hetzner instance. Pretty smooth experience overall. If your action contains any SSH commands and you'd like to avoid setting up a firewall with 5000+ rules[0], I would recommend self-hosting a runner to help secure your target server's SSH port.

[0] https://api.github.com/meta

FWIW: Self-hosted runners are non-trivial to secure[1]; the defaults GitHub gives you are not necessarily secure ones, particularly if your self-hosted runner executes workflows from public repositories.

(Self-hosted runners are great for many other reasons, not least of which is that they're a lot cheaper. But I've seen a lot of people confuse GitHub Actions' latent security issues with something that self-hosted runners can fix, which is not per se the case.)

[1]: https://docs.github.com/en/actions/security-for-github-actio...

Hm that's good to know, thanks for the link. I'm just using the runner for private solo projects atm so I think my setup will do for now. But I definitely didn't consider the implications of using it on a private project with other contributors yikes.