Skip to main content
Better Auth ships with a rich set of built-in plugins that extend the core framework. Plugins can add new authentication methods, management capabilities, token strategies, integrations with external services, and more.

How plugins work

Plugins are added to your betterAuth configuration via the plugins array on the server. Most plugins also provide a corresponding client plugin that exposes typed methods on the auth client.
auth.ts
import { betterAuth } from "better-auth"
import { organization, admin } from "better-auth/plugins"

export const auth = betterAuth({
  // ... other config
  plugins: [
    organization(),
    admin(),
  ]
})

Adding client plugins

Client plugins are added to createAuthClient using the same plugins array. They expose additional methods under plugin-specific namespaces.
auth-client.ts
import { createAuthClient } from "better-auth/client"
import { organizationClient, adminClient } from "better-auth/client/plugins"

export const authClient = createAuthClient({
  plugins: [
    organizationClient(),
    adminClient(),
  ]
})

// Plugin methods are available under their namespace:
await authClient.organization.create({ name: "Acme", slug: "acme" })
await authClient.admin.listUsers({ query: { limit: 10 } })
After adding a plugin that requires database changes, run npx auth migrate or npx auth generate to update your schema.

Available plugins

Authentication

Two-Factor Authentication

Add TOTP, SMS, or backup code two-factor authentication to your app.

Passkey

WebAuthn/passkey support for passwordless biometric authentication.

Magic Link

Passwordless email magic link sign-in flows.

Phone Number

Phone number-based authentication with SMS verification.

Anonymous

Allow users to authenticate without providing any personal information.

Username

Username and password authentication alongside email.

Generic OAuth

Connect to any OAuth 2.0 or OIDC provider with a unified interface.

Authorization & Management

Organization

Multi-tenant organization management with roles, invitations, and access control.

Admin

Administrative tools for user management, banning, and impersonation.

SSO

Enterprise Single Sign-On via SAML 2.0 and OIDC providers.

API & Tokens

JWT

Issue and verify JSON Web Tokens with a JWKS endpoint for service-to-service auth.

API Key

Create, manage, and verify API keys for programmatic access.

OAuth & OIDC Providers

OIDC Provider

Turn Better Auth into a full OpenID Connect identity provider.