Better Auth Organization Plugin Issue
Problem: The Organization.useListOrganizations() hook consistently returns 403 Forbidden errors despite proper authentication and valid organization memberships.
Environment:
- Better Auth 1.2.8 with MongoDB adapter
- SvelteKit 2.21.1 + Svelte 5
- Organization plugin enabled with no access control restrictions
Details: Organization creation works perfectly and users are properly assigned as owners, but the list endpoint
(/api/auth/organization/get-full-organization) always returns 403. Direct MongoDB queries show the user has valid memberships with correct roles. This appears to be an authorization bug specific to the list endpoint, as all other organization operations (create, switch, member management) work correctly.
Workaround: I've implemented a server-side MongoDB aggregation to bypass the hook, but this loses the real-time capabilities that Better Auth hooks provide.
Anybody know whether this is an known issue ? Please help if you have any experience with MongoDB adapter + list endpoint specific issue that breaks a core feature.
I have reported this as an issue: https://github.com/better-auth/better-auth/issues/3012
GitHub
Organization plugin authorization fails with MongoDB adapter - 403 ...
Is this suited for github? Yes, this is suited for github To Reproduce Better Auth Organization Plugin Bug Report Date: June 13, 2025 Reporter: @jamestagal (Benjamin Waller) Priority: High - Core m...
0 Replies