Val Town documents three years of auth vendor pain with Clerk, ultimately migrating to Better Auth to regain control over sessions and the users table.
Key Takeaways
Clerk’s model of owning your users table creates a dual-authority problem: social apps need avatars and usernames synced via webhooks, adding fragile state.
Session refresh through Clerk made it a single point of failure; Clerk outages took down the entire site for already-logged-in users.
Clerk’s loadUser API had a 5 req/sec rate limit across the whole account, a footgun discovered in production.
Better Auth is self-hosted open source, keeps sessions local, and its paid ‘Infrastructure’ tier is stateless and uninvolved in session management.
A two-week dual-cookie transition period, assisted by LLMs, let users migrate from Clerk to Better Auth sessions without a hard cutover.
Hacker News Comment Review
Broad consensus that externalizing your users table to a third-party SaaS introduces sync bugs, rate limits, and uptime coupling; commenters prefer libraries over services for auth.
Commenters note that system availability is the product of all critical-path components, not just the minimum; one commenter cited a CloudFlare outage cascading into broken Auth0 JWT verification.
Better Auth’s founder replied in the thread, confirming the library was built to solve this exact vendor-coupling problem; WorkOS AuthKit was the main runner-up cited by commenters who evaluated alternatives.
Notable Comments
@snide: Went with Lucia, then self-hosted after Lucia sunset; argues auth is learnable in a week and less scary than vendors suggest.
@gordonhart: CloudFlare outage bricked his app for hours because Auth0 public keys for JWT verification were served behind CloudFlare – he didn’t even use CloudFlare directly.
