Vercel acquired Better Auth: what it means and how to migrate to WorkOS
Vercel is acquiring Better Auth. Here's what the deal changes for teams building on the open source auth library—and how to migrate your users to WorkOS.
Vercel is acquiring Better Auth, the company behind the open source TypeScript authentication library. If you build on it — 4.7M+ weekly npm downloads and more than 850 contributors — the code your app depends on now sits inside a platform company. This is a good moment to look at what changes, what doesn't, and what your options are if you'd rather not run auth yourself.
What happened
On July 7, 2026, Better Auth founder Bereket Engida announced that he and the core team are joining Vercel. Vercel framed the deal as extending its open SDK strategy — software that's open by default, loosely coupled, and portable to any platform — to authentication. The library stays free and MIT-licensed, keeps its name, and the team continues to lead development with the same open contribution model, community governance, and framework support.
For context: Better Auth shipped its first release on September 28, 2024 after about seven months of work, went through Y Combinator and raised capital led by Peak XV along with more than 50 funds and angels, took over Auth.js / NextAuth.js, and launched a hosted platform, Better Auth Infrastructure, on January 1. The Vercel deal is the next step in that arc.
The roadmap is pointed at agents
Both companies are aiming at the same next problem: agent identity. The Better Auth team has been building Agent Auth so that each agent carries its own scoped, revocable identity, with the user as the single point of control. That work continues at Vercel and feeds into Vercel Connect and eve. In other words, the framework's near-term energy is going toward agent auth and Vercel's platform surface — not necessarily the enterprise checklist a B2B SaaS team is working through this quarter.

What it means if you build on Better Auth
Nothing breaks today. The library is still open source, still MIT, still maintained. But an acquisition changes the calculus in ways worth naming:
- Governance and direction now live inside a platform company.
- Roadmap priorities are shifting toward agent identity and Vercel's products.
- "Auth you own" still means you own the operational burden — the database, the session logic, the enterprise plugins, and the on-call.
That last point is the real decision. Better Auth's pitch has always been auth that lives inside your app and gives you code you own, rather than outsourcing it to a hosted service. That's an asset when you want full control, and a cost when you'd rather not run identity infrastructure yourself.
Own it or buy it
Better Auth gives you SSO, SAML 2.0, SCIM, organizations, and MFA as plugins you configure and operate across 20+ frameworks. On paper, that plugin list looks equivalent to AuthKit. In production, the comparison is harder to make: there's little public evidence of who runs Better Auth's SSO, SCIM, and organizations plugins at scale, how those deployments handle the long tail of identity-provider quirks, or how they've fared in enterprise security reviews. The WorkOS versions of these features process millions of authentications for companies whose names you know, OpenAI, Cursor, Indeed, and Loom to name a few — and every edge case they've hit has already been fixed for you.
A plugin you install is not the same as infrastructure someone else runs in production for enterprise customers. Better Auth's 4.7M+ weekly npm downloads measure the framework's overall installs across every kind of app — a strong signal for its core auth, and a much quieter one for how many teams run its B2B and enterprise features at scale.
WorkOS is built for exactly that case. AuthKit handles authentication, and SSO, SCIM directory sync, RBAC, MFA, audit logs, and feature flags run as a managed platform. You wire it in once; WorkOS operates it, including the SAML edge cases, directory sync quirks, and audit log retention you'd otherwise own.
The tradeoff is straightforward. If you want auth in your codebase and you're willing to own its maintenance, a framework fits. If you're moving upmarket into enterprise deals and you'd rather ship features than operate identity infrastructure, a managed platform takes that work off your plate. See the complete guide to user management for B2B SaaS for the full build-vs-buy breakdown.
How to migrate to WorkOS
WorkOS publishes a dedicated guide for migrating users and organizations from Better Auth. The shape of the move:
- Export your users and organizations from your Better Auth database.
- Import them into WorkOS using the Better Auth migration guide, or the generic path for importing from your own data store.
- Wire in AuthKit — set up AuthKit in your app to handle sign-in, sessions, and the hosted UI.
- Turn on enterprise features — SSO, SCIM, and RBAC — from the dashboard as customers ask for them.
If your stack is mixed, WorkOS also has migration guides for Auth0, AWS Cognito, Clerk, Descope, Firebase, Stytch, and Supabase Auth, so you can consolidate more than one system in the same move.
The bottom line
The Better Auth acquisition doesn't force anyone to move — the library is still open source and still maintained.
But acquisitions are a good prompt to re-examine your dependencies and decide, deliberately, whether owning auth or buying it is right for where your product is headed. OpenAI, Cursor, Perplexity, Webflow, PlanetScale, Indeed — and Vercel itself — made that call and buy from WorkOS. If you're ready to make the same one, migrating from Better Auth is a documented path.