hasPermission in organization plugin vs admin plugin
Hey there,
does
await auth.api.hasPermission consider the admin or the org plugin or both?10 Replies
@Better Auth
Hi there! Here are some common questions and answers from our Discord community regarding Better Auth:
1. How do I set up Discord sign in?
To use Discord sign in, you’ll need a client ID and client secret from the Discord Developer Portal. Make sure to set the correct redirect URL (for example, for local development use http://localhost:3000/api/auth/callback/discord) and update it accordingly if you change the base path of your auth routes [1]. 2. Why am I getting an "Invalid OAuth2 redirect_uri" error with Discord?
Some users have experienced an "Invalid OAuth2 redirect_uri" error because Discord requires a ++ prefix before the redirect_uri parameter. In some versions, Better Auth generated URLs without this required prefix. The expected behavior is for Better Auth to include the ++ prefix, which aligns with Discord’s OAuth requirements [2]. 3. How can I add bot permissions for my Discord integration?
If your integration needs Discord bot capabilities, you can set the
To use Discord sign in, you’ll need a client ID and client secret from the Discord Developer Portal. Make sure to set the correct redirect URL (for example, for local development use http://localhost:3000/api/auth/callback/discord) and update it accordingly if you change the base path of your auth routes [1]. 2. Why am I getting an "Invalid OAuth2 redirect_uri" error with Discord?
Some users have experienced an "Invalid OAuth2 redirect_uri" error because Discord requires a ++ prefix before the redirect_uri parameter. In some versions, Better Auth generated URLs without this required prefix. The expected behavior is for Better Auth to include the ++ prefix, which aligns with Discord’s OAuth requirements [2]. 3. How can I add bot permissions for my Discord integration?
If your integration needs Discord bot capabilities, you can set the
bot scope and specify additional permissions in your Discord provider configuration. This enhancement gives you more control over the Discord bot’s permissions during the OAuth flow [3].
Remember to double-check your environment configuration and callback URLs as misconfigurations can lead to errors with authentication. If you run into any issues or have more questions, feel free to ask!
Sources:
[1] Discord | Better Auth
[2] Discord OAuth redirect_uri requires double plus signs (++) prefix - Better Auth generates invalid URLs
[3] feat: add Discord bot permissions parameter supportGitHub
better-auth/better-auth
The most comprehensive authentication framework for TypeScript - better-auth/better-auth
GitHub
Build software better, together
GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.
Discord | Better Auth
Discord provider setup and usage.
doesn't help
@Better Auth
Hey there,
does
await auth.api.hasPermission consider the admin or the org plugin or both?Hey there! It depends on which permission model you’re targeting. In Better Auth, the admin plugin uses the endpoint called userHasPermission (for example, via auth.api.userHasPermission) to check a user's permissions on the admin side [3]. On the other hand, the organization plugin provides an endpoint called hasPermission (used as auth.api.hasPermission) for permission checks within an organization context [6].
So if you call await auth.api.hasPermission, you’re invoking the organization plugin’s permission check. If you need to check admin-specific permissions, you’d use userHasPermission instead. Hope that clears things up! Sources: [3] Admin | Better Auth [6] Organization | Better Auth
So if you call await auth.api.hasPermission, you’re invoking the organization plugin’s permission check. If you need to check admin-specific permissions, you’d use userHasPermission instead. Hope that clears things up! Sources: [3] Admin | Better Auth [6] Organization | Better Auth
Admin | Better Auth
Admin plugin for Better Auth
Organization | Better Auth
The organization plugin allows you to manage your organization's members and teams.
@michidk
@Better Auth what happens if i assign the same set of roles to the org and admin plugin
When you assign the same set of roles to both the organization and admin plugins, you essentially unify the permission definitions across your Better Auth instance. This means that the permissions defined for a role will be applied in both contexts, allowing for a consistent model when managing users and their access rights.
Keep in mind, however, that each plugin has its own default permission sets. If you override those defaults (for example, by creating custom roles), you need to merge the default statements with your custom definitions to preserve the originally intended permissions [4]. In the admin plugin, the roles are used to control endpoints related to user management, so if you’re reusing the same roles, any change or customization will affect both organizational operations and admin actions [8].
In summary, using the same roles across both plugins is supported and can help maintain a unified RBAC model—but it requires careful handling of default permissions to ensure that no unintended behavior occurs.
Sources:
[4] Organization | Better Auth
[8] Admin | Better Auth
Organization | Better Auth
The organization plugin allows you to manage your organization's members and teams.
Admin | Better Auth
Admin plugin for Better Auth
I think it's just org.
let me check
Yeah it's org
for admin you need to call auth.api.userHasPermission
thanks Max!