Dynamic Access Control hasPermission is always false
Hi guys, I am very likely doing something wrong, but I've been looking everywhere for a little more information and can't really find anything.
I have enabled the organizatoin plugin and the dynamic access control, and have been able to successfully create a role.
The role is in the database, it looks good, i assigned it to a user, and that also looks good. But whatever call I make from that users session, checking for a permission always returns false.
Simplified Example:
role: readonly
permissions: {
"configuration": [
"read"
]
}
await auth.api.hasPermission({
headers: h,
body: { permissions: { configuration: ["read"] } },
});
--> { error: null, success: false }
4 Replies
Some more logs I was able to find
2025-10-09T21:36:39.891Z INFO [Better Auth]: [Drizzle Adapter] #62 [3/3] findOne (Parsed Result): {
model: 'member',
data: {
organizationId: 'jTcEtLV0RmJTK0Tfee13QBb4nB5I5qXE',
userId: 'JW7vThDcG5CTKpLcHp4autWl2jwj3INH',
role: '5Nm0vfUpUc8Qhbg1CPEC4ZvFyLh3IKYa',
createdAt: 2025-10-09T18:18:19.773Z,
id: 'v6cwzrZES12bn5Anmza8Z2USNouXk6IC'
}
}
2025-10-09T21:36:39.891Z INFO [Better Auth]: [Drizzle Adapter] #63 [1/3] findMany: {
model: 'organizationRole',
where: [
{
operator: 'eq',
connector: 'AND',
field: 'organizationId',
value: 'jTcEtLV0RmJTK0Tfee13QBb4nB5I5qXE'
}
],
limit: 100,
sortBy: undefined,
offset: undefined
}
2025-10-09T21:36:39.966Z INFO [Better Auth]: [Drizzle Adapter] #63 [2/3] findMany (DB Result): {
model: 'organizationRole',
data: [
{
id: '5Nm0vfUpUc8Qhbg1CPEC4ZvFyLh3IKYa',
organizationId: 'jTcEtLV0RmJTK0Tfee13QBb4nB5I5qXE',
role: 'readonly',
permission: '{"configuration":["read"],"finance":["read"],"ac":["read","update","delete","create"],"gameday":["read"],"offer":["read"],"products":["read"],"partner":["read"],"period":["read"],"users":["read"],"member":["create","update","delete"],"organization":["delete","update"],"invitation":["create"],"team":["delete","update","create"],"role":["read","create"]}',
createdAt: 2025-10-09T18:17:42.357Z, updatedAt: 2025-10-09T21:24:53.762Z } ] } All these IDs seem correct, the role is returning the right permissions, and still returns false when I ask if the role has any of those @Better Auth
createdAt: 2025-10-09T18:17:42.357Z, updatedAt: 2025-10-09T21:24:53.762Z } ] } All these IDs seem correct, the role is returning the right permissions, and still returns false when I ask if the role has any of those @Better Auth
Hi there! I’ve seen several common questions in our Discord community about configuring and using Discord with Better Auth. Here are some of the most frequently asked questions along with concise answers:
• How can I specify bot permissions for Discord?
We recently added support for a
A new consent option was introduced that defaults to none, so you can easily configure whether or not to request explicit user consent during OAuth. This helps in fine-tuning your app’s permissions and trust flow [2]. • I’m getting an “Invalid OAuth2 redirect_uri” error – what’s going on?
There was a known issue where the generated OAuth URLs were missing the required
Some users have reported a
You can configure the Discord
We recently added support for a
permissions option in the Discord provider. This allows you to include a permissions parameter (passed as a number) in your OAuth URL when using the bot scope. This lets you control which bot permissions are requested during sign-in [1], [3].
• What’s the new consent option for Discord?A new consent option was introduced that defaults to none, so you can easily configure whether or not to request explicit user consent during OAuth. This helps in fine-tuning your app’s permissions and trust flow [2]. • I’m getting an “Invalid OAuth2 redirect_uri” error – what’s going on?
There was a known issue where the generated OAuth URLs were missing the required
++ prefix before the redirect_uri parameter, which Discord expects. The fix ensures the URL includes this prefix, so updating your version or checking your configuration is recommended if you face this issue [7].
• Why might I encounter a state_mismatch error during sign-in?Some users have reported a
state_mismatch error. This typically results from configuration discrepancies between your Better Auth settings and the Discord Developer Portal (such as mismatched callback URLs). Please verify that your redirect URLs exactly match on both ends [10].
• How do I set up the Discord provider?You can configure the Discord
GitHub
Build software better, together
GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.
GitHub
Build software better, together
GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.
GitHub
better-auth/better-auth
The most comprehensive authentication framework for TypeScript - better-auth/better-auth
GitHub
better-auth/better-auth
The most comprehensive authentication framework for TypeScript - better-auth/better-auth
provider by importing it and adding its client ID and secret to your Better Auth setup. For local development, remember to update the redirect URL accordingly (e.g., setting it to http://localhost:3000/api/auth/callback/discord). Detailed setup instructions can be found in the Better Auth docs [6].
If you have any more detailed questions or need tailored guidance, feel free to ask!
Sources:
[1] feat(discord): allow specification of permissions
[2] feat(discord): add consent as an option
[3] feat: add Discord bot permissions parameter support
[6] Discord | Better Auth
[7] Discord OAuth redirect_uri requires double plus signs (++) prefix - Better Auth generates invalid URLs
[10] Discord Provider throwing
state_mismatch error every time in latest versions
— Better Auth is powered by https://clarm.comGitHub
feat(discord): allow specification of permissions by TheUntraceable...
Reopening of #3163 as I was told it was closed by mistake.
Summary by cubic
Adds a new permissions option to the Discord provider so apps can request specific bot permissions during OAuth. Update...
GitHub
feat(discord): add consent as an option by Bekacru · Pull Request ...
closes #739
adds a consent option to Discord, defaulting to none as suggested in the linked issue.
GitHub
feat: add Discord bot permissions parameter support by TheUntraceab...
When using the Discord social plugin, you can set the bot scope, and this scope can have an additional permissions scope, referring to the permissions of the Discord Bot once authorized.
This pull ...
Not helpful :/
Well, I found the issue after digging, and as expecting I was doing something wrong
For whoever it might be helpful in the future:
- When assigning a dynamic role, do not assign the role id, assign directly the role name