BA
Better Auth2mo ago
codecret | Software Engineer

403 error when listing user from superadmin role

auth.ts 
 user: {
    deleteUser: {
      enabled: true,
    },
    additionalFields: {
      role: {
        type: ["user", "admin", "superadmin"],
      },
    },
  },
  plugins: [
    username(),
    admin({
      ac: ac,
      roles,
      adminRoles: ["admin", "superadmin"],
      defaultRole: "admin",
    }),
    nextCookies(),
  ],
 user: {
    deleteUser: {
      enabled: true,
    },
    additionalFields: {
      role: {
        type: ["user", "admin", "superadmin"],
      },
    },
  },
  plugins: [
    username(),
    admin({
      ac: ac,
      roles,
      adminRoles: ["admin", "superadmin"],
      defaultRole: "admin",
    }),
    nextCookies(),
  ],
authclient.ts 
export const authClient = createAuthClient({
  baseURL: env.NEXT_PUBLIC_BETTER_AUTH_URL,
  plugins: [
    usernameClient(),
    adminClient({
      ac,
      roles,
      adminRoles: ["admin", "superadmin"],
      defaultRole: "admin",
    }),
    inferAdditionalFields<typeof auth>(),
  ],
});
export const authClient = createAuthClient({
  baseURL: env.NEXT_PUBLIC_BETTER_AUTH_URL,
  plugins: [
    usernameClient(),
    adminClient({
      ac,
      roles,
      adminRoles: ["admin", "superadmin"],
      defaultRole: "admin",
    }),
    inferAdditionalFields<typeof auth>(),
  ],
});
error ? 
 const newData = await auth.api.listUsers({
        query: {
          limit: 10,
          sortBy: "createdAt",
          sortDirection: "desc",
        },
      });
 const newData = await auth.api.listUsers({
        query: {
          limit: 10,
          sortBy: "createdAt",
          sortDirection: "desc",
        },
      });
returning 
 
Error fetching users: [Error [APIError]: ] {
  status: 'UNAUTHORIZED',
  body: undefined,
  headers: {},
  statusCode: 401
}
 
Error fetching users: [Error [APIError]: ] {
  status: 'UNAUTHORIZED',
  body: undefined,
  headers: {},
  statusCode: 401
}
5 Replies
bekacru
bekacru2mo ago
you need to pass headers to listUsers
codecret | Software Engineer
codecret | Software EngineerOP2mo ago
im not sure if this is the right approach but still same error 
const data = await auth.api.userHasPermission({ // { error: null, success: true }
    body: {
      role: "superadmin",
      permission: {
        user: ["list"],
      },
    },
  });
  async function fetchUsers() { // returning Error fetching users: [Error [APIError]: You are not allowed to list users] 403 
    try {
      const newData = await auth.api.listUsers({
        headers: await headers(),
        query: {
          limit: 10,
          sortBy: "createdAt",
          sortDirection: "desc",
        },
      });
      console.log("Fetched Users:", newData);
    } catch (error) {
      console.error("Error fetching users:", error);
    }
  }

  fetchUsers();
  console.log(data);
const data = await auth.api.userHasPermission({ // { error: null, success: true }
    body: {
      role: "superadmin",
      permission: {
        user: ["list"],
      },
    },
  });
  async function fetchUsers() { // returning Error fetching users: [Error [APIError]: You are not allowed to list users] 403 
    try {
      const newData = await auth.api.listUsers({
        headers: await headers(),
        query: {
          limit: 10,
          sortBy: "createdAt",
          sortDirection: "desc",
        },
      });
      console.log("Fetched Users:", newData);
    } catch (error) {
      console.error("Error fetching users:", error);
    }
  }

  fetchUsers();
  console.log(data);
news?
bekacru
bekacru2mo ago
update to beta pnpm i better-auth@beta
codecret | Software Engineer
codecret | Software EngineerOP3w ago
its fixed with the new update thanks
KHRM
KHRM3w ago
aww i didnt know you can pass an array of strings to additionalFields i went through all this work to make a wrapper haha 
import "server-only";

import { auth } from "@/lib/auth";
import { headers } from "next/headers";
import { UserRole } from "@prisma/client";
import type { User } from "better-auth/types";

type GetSessionResponse = Awaited<
  ReturnType<(typeof auth)["api"]["getSession"]>
>;

type CustomGetSessionResponse = Omit<GetSessionResponse, "user"> & {
  user: Omit<User, "role"> & {
    role: UserRole;
  };
};

export async function getAuthSession(): Promise<CustomGetSessionResponse | null> {
  const session = await auth.api.getSession({
    headers: await headers(),
  });

  if (!session) return null;

  const { user, ...sessionWithoutUser } = session;
  const { role, ...userWithoutRole } = user;

  return {
    ...sessionWithoutUser,
    user: {
      ...userWithoutRole,
      role: role as UserRole,
    },
  };
}
import "server-only";

import { auth } from "@/lib/auth";
import { headers } from "next/headers";
import { UserRole } from "@prisma/client";
import type { User } from "better-auth/types";

type GetSessionResponse = Awaited<
  ReturnType<(typeof auth)["api"]["getSession"]>
>;

type CustomGetSessionResponse = Omit<GetSessionResponse, "user"> & {
  user: Omit<User, "role"> & {
    role: UserRole;
  };
};

export async function getAuthSession(): Promise<CustomGetSessionResponse | null> {
  const session = await auth.api.getSession({
    headers: await headers(),
  });

  if (!session) return null;

  const { user, ...sessionWithoutUser } = session;
  const { role, ...userWithoutRole } = user;

  return {
    ...sessionWithoutUser,
    user: {
      ...userWithoutRole,
      role: role as UserRole,
    },
  };
}

Did you find this page helpful?