Privilege elevation?
Hello,
First of all, this is a very nice library — thank you for your work!
I had a question: is there a way to implement temporary privilege elevation?
I see that there is an admin plugin, but I’m wondering if it's possible to have a system where a regular user can temporarily gain elevated privileges. For example, to access an admin dashboard, instead of creating a separate admin user, a regular user could enter an additional password on a specific page and gain admin privileges for, say, 15 minutes.
Would it be possible to implement something like this, maybe with a custom plugin?
Thanks in advance!
3 Replies
grant user admin, revoke after the intended purpose is served
i think that is the only way
yes i suppose you can make a custom plugin for that
Thanks for the answer. but this does seems this trivial, because I don't know it i can change the cookie session to have more privilege but for a certain time only or until the session ends.
I think it would be nice to have this "sudo mode" or "step-up authentication" directly in better-auth
could you not have a dedicated table for granting priviledge until x datetime, it will require extra hit into the db.
you could cache it also
im not well versed with node based api. maybe you could swap out the middleware for a custom one that fetches from temp roles when fetching main role