RORK LABJP
TOOLING — Rork's developer repos keep moving: rork-xcode was updated on July 16, rork-device on July 15, and rork-plist on July 13OPUS46 — Claude Opus 4.6 is live in Rork, and Rork Max is built to assemble apps on top of Claude CodeSIM — A cloud iOS simulator runs in the browser, with one click to install on a device and two clicks to publish to the App StoreMAX — Rork Max emits pure Swift rather than React Native, reaching iPhone, iPad, Apple Watch, Apple TV, Vision Pro, and even iMessageNATIVE — That opens up HealthKit, ARKit and LiDAR, NFC, Dynamic Island, Live Activities, 3D through Metal, and on-device inference with Core MLSEED — Rork raised a $15M seed led by Left Lane Capital, with Peak XV and a16z Speedrun joining the roundTOOLING — Rork's developer repos keep moving: rork-xcode was updated on July 16, rork-device on July 15, and rork-plist on July 13OPUS46 — Claude Opus 4.6 is live in Rork, and Rork Max is built to assemble apps on top of Claude CodeSIM — A cloud iOS simulator runs in the browser, with one click to install on a device and two clicks to publish to the App StoreMAX — Rork Max emits pure Swift rather than React Native, reaching iPhone, iPad, Apple Watch, Apple TV, Vision Pro, and even iMessageNATIVE — That opens up HealthKit, ARKit and LiDAR, NFC, Dynamic Island, Live Activities, 3D through Metal, and on-device inference with Core MLSEED — Rork raised a $15M seed led by Left Lane Capital, with Peak XV and a16z Speedrun joining the round
Articles/Dev Tools
Dev Tools/2026-05-04Advanced

Production Auth with Rork × Better Auth: Web + Mobile Unified Authentication

A hands-on guide to unifying your Rork mobile app and web admin under a single Better Auth backend. Covers email links, social, passkeys, and organizations — including every cookie and deep-link gotcha I hit in production.

Better AuthAuthentication8React Native209CookiesDeep LinksPasskeys2B2B SaaS

Premium Article

After running three Rork apps in production, the part that ate the most time wasn't UI or in-app purchases — it was authentication. Web on Clerk, mobile on Supabase Auth, Apple Sign In bolted on separately, organizations rolled by hand. By the time I needed to delete a user, I had to update four different systems. That codebase taught me a lesson.

For new projects I now standardize on Better Auth, a TypeScript-first auth library that landed in late 2024. It's framework-agnostic, plugin-driven, and self-hosted. Unlike Clerk, you run it on your own server. The trade-off is worth it: one backend handles browsers, iOS, and Android with the same session model.

This article walks through unifying a Rork-generated mobile app (React Native + Expo) and a Next.js admin panel under a single Better Auth server, with every gotcha I hit along the way. All the code below is verified against Better Auth 1.2.x at the time of writing.

Why Better Auth Now — Compared to Clerk, Supabase Auth, and Auth.js

Let me start with the comparison, since I've shipped production apps on each of these.

Clerk has gorgeous UI components and B2B features (orgs, invites, SSO) work out of the box. But MAU pricing compounds quickly — once you cross 50K MAU on a free app, the math stops working for indie dev revenue. Clerk is the option that hurts when things go well.

Supabase Auth is tightly coupled with Postgres and cheap. The downside is that GoTrue's JWT-based session is a little awkward to sync with mobile cookies, and OS-specific features like Apple Sign In and Passkeys you mostly wrap yourself.

Auth.js (formerly NextAuth) is web-centric. React Native support remains thin.

Better Auth was designed to take the best of these and re-implement them in TypeScript. Specifically:

  • Sessions are a hybrid of DB-stored cookies and bearer tokens. Web uses HttpOnly cookies; mobile uses bearer tokens — both reference the same session row
  • Auth methods are plugins. Email/password, magic link, social, passkeys, OTP, 2FA, organizations, SSO, Stripe — all composable
  • DB adapters cover Drizzle, Prisma, Mongo, Kysely, so Cloudflare D1 or Neon Postgres just works through Drizzle
  • Frontend clients exist for React, Vue, Svelte, Solid, and React Native

In short: an auth flow that works on the web works the same way on mobile, against the same DB. If you're tired of stitching things together like I was, this lands hard.

Three Reasons Better Auth Fits Rork Apps

Rork generates React Native + Expo apps and deploys them on Cloudflare. If your auth backend also runs on Cloudflare, latency stays predictable. Better Auth pairs especially well with this setup, for three reasons.

First, you can run Better Auth as-is on Cloudflare Workers + Hono. auth.handler accepts a standard Request and returns a Response. One Hono route — app.all('/api/auth/*', c => auth.handler(c.req.raw)) — and you're done.

Second, Drizzle ORM lets you share Cloudflare D1 or Neon Postgres. If your Rork app already uses Drizzle for its backend, just add the auth schema to your existing tables. On my current project I reused the DB I'd set up in Rork × Neon Postgres + Drizzle ORM Backend Guide and only added auth-schema.ts.

Third, Expo deep links and cookies both work. This matters more than it sounds. You can have Apple Sign In redirect to myapp://auth/callback on mobile, while the web version uses cookies for the same session — without writing two implementations.

Thank you for reading this far.

Continue Reading

What follows includes implementation code, benchmarks, and practical content we hope you'll find useful. This site runs without ads — server and development costs are supported entirely by members like you. If it's been helpful, we'd be truly grateful for your support.

WHAT YOU'LL LEARN
If you've been juggling separate auth stacks for web and mobile, you can now collapse them into one Better Auth server with shared sessions, shared DB, and shared business logic
You'll learn how to ship the parts everyone gets stuck on — Apple Sign In's Service ID confusion, deep links breaking on Safari, cookies refusing to save on iOS — with copy-pasteable code that actually works
Whether you're a solo dev or building B2B SaaS, you'll come away with production patterns for organizations, passkeys, and cross-device session sync that scale from your first user to your first thousand
Secure payment via Stripe · Cancel anytime

Unlock This Article

Get full access to the rest of this article. Buy once, read anytime. This site is ad-free — your support goes directly toward keeping it running.

or
Unlock all articles with Membership →
Share

Thank You for Reading

Rork Lab is ad-free, supported entirely by members like you. We publish practical guides daily with implementation code, benchmarks, and production-ready patterns. If you've found it useful, we'd love to have you on board.

  • Copy-paste ready implementation code
  • New advanced guides published daily
  • $5/mo or $10 for lifetime access
View Membership →

Related Articles

Dev Tools2026-06-19
Hardening API Calls in Rork Apps: Token Refresh, Retry, and Idempotency
The fetch Rork generates is left fragile against expired tokens, flaky signal, and double sends. Here is a design that consolidates token refresh, retry with backoff, and idempotency keys into a single client layer, with implementation code and operational numbers.
Dev Tools2026-07-15
The Comma That Fell to the Start of a Line: Rork, Quote Cards, and Japanese Line Breaking
React Native's Text component does not guarantee Japanese line-breaking rules. Here are the violation rates I measured, a WORD JOINER implementation that survives copy and VoiceOver, an onTextLayout audit harness, and how Rork Max (SwiftUI) differs.
Dev Tools2026-07-15
My Rork sleep timer faded out on time — but the sound didn't
Rork writes sleep-timer fades against the wall clock with setInterval. The numbers say 30 minutes, but the real audio fades early or cuts out abruptly. Here is how to drive the fade from the actual playback position, why a logarithmic curve sounds natural, and the honest limit of JS fades when the screen is locked.
📚RECOMMENDED BOOKS
Build a Large Language Model (From Scratch)
Sebastian Raschka
LLM Dev
Prompt Engineering for LLMs
Berryman & Ziegler
Prompting
AI Engineering
Chip Huyen
AI Eng
* Contains affiliate links
See all →