Skip to main content

Overview

The Developer Tools section provides essential utilities for developing and testing your Better Auth integration. Test OAuth flows, validate configuration, generate secrets, decode JWTs, check password strength, and export data.

Accessing Developer Tools

Navigate to Tools from the main sidebar to access all developer utilities.

Available Tools

OAuth Testing

Test OAuth Providers

Test your OAuth provider configurations with real authentication flows. Supports all Better Auth OAuth providers including GitHub, Google, Discord, Microsoft, and more.

How to Test OAuth

1

Open OAuth Tester

Click Test OAuth Providers in the Tools page
2

Select Provider

Choose from your configured OAuth providers:
  • GitHub
  • Google
  • Discord
  • Microsoft
  • Twitter
  • Facebook
  • And many more…
3

Start Test

Click Test to initiate OAuth flow:
  • Opens popup window with provider login
  • Authenticates with OAuth provider
  • Returns to Studio with results
4

View Results

Terminal shows test progress:
  • Opening OAuth popup
  • Waiting for authentication
  • Verifying with Better Auth
  • User information returned
  • Success or failure status

OAuth Test Output

Successful test shows:
  • User name and email from provider
  • OAuth account created or linked
  • Session established
  • Test duration
Failed test shows:
  • Error message
  • Possible causes
  • Configuration suggestions
OAuth tests create real user accounts and sessions. Use test/development environments.

Configuration Validator

Validate Better Auth Config

Analyze your Better Auth configuration for errors, warnings, and best practice violations.

Running Validation

1

Open Validator

Click Validate Configuration tool
2

Run Checks

Validator automatically checks:
  • Required configuration fields
  • Plugin compatibility
  • Database adapter setup
  • OAuth provider configuration
  • Security settings
  • Email provider setup
3

Review Results

Results are categorized:
  • Errors (red) - Must fix
  • Warnings (yellow) - Should review
  • Passes (green) - Configured correctly
4

Fix Issues

Each issue includes:
  • Description of the problem
  • Severity level
  • Suggested fix
  • Code example (when applicable)

Validation Categories

  • Secret key strength
  • Session expiration settings
  • CORS configuration
  • HTTPS enforcement
  • Cookie security flags
  • Plugin compatibility
  • Required dependencies
  • Plugin configuration
  • Conflicting plugins
  • Adapter configuration
  • Database connection
  • Schema compatibility
  • Migration status
  • Provider credentials
  • Redirect URI configuration
  • Scope settings
  • Provider-specific settings

Database Connection Test

Test Database

Verify your database connection and adapter configuration.
1

Run Test

Click Test Database Connection
2

Connection Check

Tests:
  • Database reachability
  • Adapter initialization
  • Query execution
  • Schema validation
3

View Results

Success shows:
  • Connection established
  • Sample user record (if exists)
  • Database type and version
Failure shows:
  • Error message
  • Connection details
  • Troubleshooting steps

Secret Generator

Generate Secure Secrets

Create cryptographically secure secrets for BETTER_AUTH_SECRET and other sensitive configuration.

Generate a Secret

1

Open Generator

Click Generate Secret tool
2

Configure

Choose secret options:
  • Length - 16, 32 (default), 64, or 128 bytes
  • Format - Hex or Base64
3

Generate

Click Generate SecretOutput includes:
  • Secret value (copyable)
  • Format and length
  • Entropy bits
  • .env format example
4

Save to .env (Self-hosted only)

Click Write to .env to:
  • Check for existing secret
  • Confirm overwrite if exists
  • Save to .env or .env.local
  • Show file path
Recommended settings:
  • Length: 32 bytes minimum
  • Format: Hex (more compatible)
  • Always use environment variables, never hardcode

Password Hasher

Hash Passwords

Generate password hashes for testing or migration purposes.
1

Open Hasher

Click Hash Password tool
2

Enter Password

  • Type or paste password
  • Optionally add salt
  • Choose hash algorithm:
    • SHA-256 (default)
    • SHA-384
    • SHA-512
  • Select encoding:
    • Hex (default)
    • Base64
    • Base64URL
3

Generate Hash

Click Hash PasswordOutput shows:
  • Hashed value (copyable)
  • Algorithm and encoding used
  • Salt (if provided)
This tool is for testing only. Better Auth handles password hashing automatically.

Password Strength Checker

Check Password Strength

Test passwords against your Better Auth password requirements.
1

Open Checker

Click Password Strength Checker
2

Enter Password

Type the password to analyze
3

Check Strength

Click Check PasswordResults show:
  • Strength Score - Weak, Fair, Good, Strong, Very Strong
  • Requirements - Passed/Failed checks:
    • Minimum length
    • Maximum length
    • Uppercase letters
    • Lowercase letters
    • Numbers
    • Special characters
  • Meets Config - Whether it passes your Better Auth requirements

JWT Decoder

Decode & Verify JWTs

Decode JWT tokens and verify signatures.
1

Open Decoder

Click JWT Decoder tool
2

Paste JWT

Enter the JWT token to decode
3

Add Secret (Optional)

Provide signing secret to verify signature
4

Decode

Click Decode JWTOutput shows:
  • Header - Algorithm, token type
  • Payload - Claims, user data, expiration
  • Signature - Valid or Invalid (if secret provided)
  • Decoded Data - Pretty-printed JSON

UUID Generator & Validator

Generate UUIDs

Create UUID v4 identifiers or validate existing UUIDs.

Generate UUIDs

1

Open Generator

Click UUID Generator
2

Set Count

Choose how many UUIDs to generate (1-100)
3

Generate

Click Generate UUIDsEach UUID is:
  • Displayed in a list
  • Copyable with one click
  • Valid UUID v4 format

Validate UUIDs

1

Paste UUID

Enter UUID in validation field
2

Validate

Results show:
  • Valid or Invalid
  • Version - UUID version (v1, v4, etc.)
  • Variant - RFC 4122 compliance

Token Generator

Generate API Keys & Tokens

Create API keys or custom JWT tokens for testing.
1

Open Generator

Click Token Generator
2

Choose Type

  • API Key - Random secure string
  • JWT - Signed JSON Web Token
3

Configure JWT (if JWT selected)

  • Subject - User ID or identifier
  • Audience - Target application
  • Expires In - Minutes until expiration
  • Secret - Signing secret
  • Custom Claims - Additional JSON data
4

Generate

Click Generate TokenOutput shows:
  • Token value (copyable)
  • Type and configuration
  • Expiration time (for JWTs)

Data Export

Export Database Data

Export users, sessions, organizations, and other data to JSON or CSV.
1

Open Exporter

Click Export Data tool
2

Select Tables

Choose what to export:
  • Users
  • Sessions
  • Organizations
  • Teams
  • Accounts
  • Invitations
3

Configure Export

  • Format - JSON or CSV
  • Limit - Number of records (default 1000)
4

Export

Click ExportDownloads file with:
  • Selected data
  • Chosen format
  • Timestamp in filename

OAuth Credentials Helper

Get OAuth Credentials

Fetch test OAuth credentials from Better Auth Studio backend for development.
1

Open Helper

Click OAuth Credentials tool
2

Select Provider

Choose OAuth provider:
  • Google
  • GitHub
  • Discord
  • Microsoft
  • And more…
3

Enter Origin

Provide your app origin:
  • localhost:3000
  • myapp.com
  • Auto-detected from config
4

Fetch Credentials

Click Fetch CredentialsReturns:
  • Client ID - OAuth client ID
  • Client Secret - OAuth secret (hidden by default)
  • Redirect URI - Configured callback URL
5

Save to .env (Self-hosted only)

Optionally write credentials to .env file:
  • Checks for existing values
  • Confirms overwrite
  • Saves in correct format
This uses Better Auth Studio’s test credentials for development. Use your own credentials in production.

Migration Helpers

Run Migrations

Migrate users from other authentication providers to Better Auth.

Supported Migrations

Clerk

Migrate from Clerk:
  • Downloads Clerk CSV export
  • Fetches REST API data
  • Preserves passwords and TOTP secrets
  • Respects Better Auth plugins

Supabase

Planned migration from Supabase:
  • Export auth.users and auth.identities
  • Preserve password hashes
  • Support incremental migrations

Auth0

Planned migration from Auth0:
  • Use Management API bulk exports
  • Maintain password hash compatibility
  • Migrate applications and roles

NextAuth.js

Planned migration from NextAuth.js:
  • Read existing NextAuth database
  • Move refresh tokens and OAuth profiles
  • Support multiple database adapters

Running Clerk Migration

1

Open Migration Tool

Click Run Migration tool
2

Select Provider

Choose Clerk
3

Review Migration Script

See the full migration code that will run
4

Execute

Click Run MigrationTerminal shows:
  • Migration preparation
  • CSV download progress
  • User creation progress
  • Success/failure count
  • Completion summary
Migrations modify your database. Always test in a development environment first.

Custom Migration Script

Write your own migration:
1

Select Custom Script

Choose Custom Script option
2

Write Migration Code

Use the code editor to write your migration:
import { migrateUser } from '@better-auth/migration';

async function run() {
  const users = await fetchLegacyUsers();
  
  for (const user of users) {
    await migrateUser({
      email: user.email,
      passwordHash: user.passwordHash,
      metadata: user.metadata,
    });
  }
}

run();
3

Execute

Click Run Migration to execute your script

Tool Categories

Tools are organized by function:
  • OAuth - OAuth provider testing and credentials
  • Database - Connection testing and data export
  • Testing - Password checking, JWT decoding
  • Utilities - Secret generation, UUID creation, token generation
  • Migration - Provider migration tools

Best Practices

1

Test in Development

Always test OAuth, migrations, and configurations in development before production.
2

Use Strong Secrets

  • Generate secrets with 32+ bytes
  • Use hex encoding for compatibility
  • Never commit secrets to version control
3

Validate Configuration

  • Run config validator before deploying
  • Fix all errors
  • Address warnings when possible
4

Export Before Migrations

  • Export existing data before running migrations
  • Test migration on backup database
  • Verify data integrity after migration

Security Considerations

Developer tools are powerful. Follow these security guidelines:
  • Restrict Access - Only allow trusted developers to access Tools
  • Use Test Accounts - OAuth tests create real accounts; use test users
  • Protect Secrets - Never share generated secrets or paste them publicly
  • Development Only - Some tools (like migration) should only run in dev
  • Review Migrations - Always review migration scripts before execution

Troubleshooting

  • Allow popups for Better Auth Studio domain
  • Check browser popup settings
  • Try different browser
  • Verify OAuth provider credentials are correct
  • Check redirect URI matches configuration
  • Ensure OAuth app is not suspended
  • Review Better Auth logs for errors
Only available in self-hosted mode:
  • Verify file system permissions
  • Check .env file exists and is writable
  • Ensure running in self-hosted deployment
  • Ensure using latest Better Auth version
  • Check plugin compatibility
  • Review Better Auth documentation for changes

API Reference

Developer tools use these endpoints:
  • GET /api/tools/oauth/providers - List OAuth providers
  • POST /api/tools/oauth/test - Start OAuth test
  • GET /api/tools/oauth/status - Check OAuth test status
  • POST /api/tools/validate-config - Validate configuration
  • GET /api/database/test - Test database connection
  • POST /api/tools/generate-secret - Generate secret
  • POST /api/tools/password-strength - Check password
  • POST /api/tools/migrations/run - Execute migration

Build docs developers (and LLMs) love

Get started for freeTalk to us