Anonymous Guest Access with Better Auth Anonymous Plugin

[dory-finn]

🧩 Feature: Anonymous Guest Access with Better Auth Anonymous Plugin

Type: Feature
Priority: High
Status: Proposal

---

🎯 Background

Dory currently requires users to sign in before they can start using the product. This adds friction for first-time users and weakens activation, especially for traffic coming from the landing page, Reddit, Hacker News, and other community channels.

To reduce this friction, Dory should support instant guest access using Better Auth’s Anonymous plugin, allowing users to start with an authenticated guest session without providing email, password, or OAuth upfront. Better Auth’s docs describe Anonymous as a way to give users an authenticated experience without requiring PII, while still allowing them to link a real auth method later. ([Better Auth]1)

---

💡 Goal

• Let users enter Dory immediately without creating an account
• Reuse the existing Better Auth session model instead of building a custom guest auth flow
• Allow guest users to access core product functionality from the first session
• Support seamless upgrade from anonymous user to permanent account later

---

🧱 Scope

1. Use Better Auth Anonymous Plugin

Enable Better Auth’s Anonymous plugin on the server and client instead of implementing a custom guest identity system. The official Better Auth documentation provides both the server-side anonymous() plugin and the client-side anonymousClient() plugin for this flow. ([Better Auth]1)

Server:

import { betterAuth } from "better-auth";
import { anonymous } from "better-auth/plugins";

export const auth = betterAuth({
  // existing config
  plugins: [anonymous()],
});

Client:

import { createAuthClient } from "better-auth/client";
import { anonymousClient } from "better-auth/client/plugins";

export const authClient = createAuthClient({
  plugins: [anonymousClient()],
});

---

2. Anonymous Session on First Visit

On first app load:

• check whether a session already exists
• if not, create an anonymous session automatically
• treat the user as authenticated, but with anonymous status

This avoids building a separate guest_id registration API and keeps guest access aligned with Better Auth’s native session lifecycle. That also reduces custom auth logic and future maintenance cost. This approach matches Better Auth’s intended anonymous-auth usage model. (Better Auth)

---

3. Data Ownership

Anonymous users should be able to create and own product data during the guest session, including:

• connections
• tabs
• query history
• saved queries

These records should be associated with the anonymous user account created by Better Auth.

---

4. Upgrade Prompts

Anonymous users can use the product normally, but some actions should trigger an upgrade prompt, such as:

• cloud sync
• sharing results
• advanced AI models
• cross-device persistence
• higher usage limits

This keeps the first-run experience smooth while creating natural conversion points.

---

5. Account Linking

When a guest user decides to sign in with GitHub, email, or another provider, Dory should link the authentication method to the existing anonymous account instead of creating a separate new user whenever possible.

This is exactly one of the core reasons to use Better Auth Anonymous: users can start anonymously and later attach a real authentication method to the same account. (Better Auth)

Preferred behavior:

• preserve the same user identity
• preserve all guest-owned resources
• avoid manual data migration wherever possible

---

🧠 Technical Notes

• Better Auth officially supports Anonymous as a first-party plugin. (Better Auth)
• Better Auth also notes that database migration or schema generation is required after enabling the plugin. Their docs recommend running npx auth migrate or npx auth generate to add the required fields and tables. ([Better Auth]1)
• This is preferable to a custom guest_id + manual registration flow because it keeps guest auth inside the same auth framework, session handling, and future account-linking path.
• Since Dory already uses Better Auth, this should integrate more cleanly with the current auth stack.

---

⚠️ Open Questions

• Should anonymous users be allowed to save queries, or should saving require upgrade?
• Should connections created by anonymous users remain local-only until account linking?
• Should AI usage for anonymous users be quota-limited by session, device, or IP?
• Should anonymous users get a default personal workspace immediately, or should that be created only after upgrade?

---

✅ Acceptance Criteria

• Users can access Dory without signing in first
• Anonymous sessions are created using Better Auth Anonymous plugin
• Anonymous users can use core product flows immediately
• Guest-created data remains available after linking a real account
• Upgrade prompts appear only at intentional conversion points
• No separate custom guest auth system is required

---

📌 Why This Approach

Using Better Auth Anonymous gives Dory a cleaner and more standard guest-access model:

• less custom auth code
• fewer edge cases around session handling
• built-in path for account linking
• better long-term maintainability

Instead of inventing a parallel guest identity system, Dory can treat guest access as a first-class authenticated mode from day one.