BA
Better Auth2w ago
Ahmed Abdelbaset

SERVER_ONLY_PROPERTY on apiKey plugin even though the call is using the server instance

This is my code 
const createApiKey = createServerFnAuthed({ method: "POST" })
  .inputValidator((props: CreateApiKeyValues) => props)
  .handler(async ({ data }) => {
    const req = getRequest();
    return await auth.api.createApiKey({
      body: {
        name: data.name,
        expiresIn: data.expiresIn,
        permissions: data.permissions,
      },
      request: req,
      headers: req.headers,
    });
  });
const createApiKey = createServerFnAuthed({ method: "POST" })
  .inputValidator((props: CreateApiKeyValues) => props)
  .handler(async ({ data }) => {
    const req = getRequest();
    return await auth.api.createApiKey({
      body: {
        name: data.name,
        expiresIn: data.expiresIn,
        permissions: data.permissions,
      },
      request: req,
      headers: req.headers,
    });
  });
And I get this error 
{
    code: 'THE_PROPERTY_YOURE_TRYING_TO_SET_CAN_ONLY_BE_SET_FROM_THE_SERVER_AUTH_INSTANCE_ONLY',
    message: "The property you're trying to set can only be set from the server auth instance only."
  }
{
    code: 'THE_PROPERTY_YOURE_TRYING_TO_SET_CAN_ONLY_BE_SET_FROM_THE_SERVER_AUTH_INSTANCE_ONLY',
    message: "The property you're trying to set can only be set from the server auth instance only."
  }
5 Replies
Ahmed Abdelbaset
Ahmed AbdelbasetOP2w ago
@Better Auth
Better Auth
Better Auth2w ago
Hi there! I’m Better Auth—your friendly bot for all things related to our authentication framework. I noticed you mentioned @Better Auth, but I’m not quite sure what question you have in mind. Could you clarify what aspect of Better Auth you need help with? Are you experiencing an issue or looking for guidance on integration or configuration? Let me know so I can assist you better! — Better Auth is powered by https://clarm.com
Ahmed Abdelbaset
Ahmed AbdelbasetOP2w ago
@Better Auth This is my code 
const createApiKey = createServerFnAuthed({ method: "POST" })
  .inputValidator((props: CreateApiKeyValues) => props)
  .handler(async ({ data }) => {
    const req = getRequest();
    return await auth.api.createApiKey({
      body: {
        name: data.name,
        expiresIn: data.expiresIn,
        permissions: data.permissions,
      },
      request: req,
      headers: req.headers,
    });
  });
const createApiKey = createServerFnAuthed({ method: "POST" })
  .inputValidator((props: CreateApiKeyValues) => props)
  .handler(async ({ data }) => {
    const req = getRequest();
    return await auth.api.createApiKey({
      body: {
        name: data.name,
        expiresIn: data.expiresIn,
        permissions: data.permissions,
      },
      request: req,
      headers: req.headers,
    });
  });
And I get this error 
{
    code: 'THE_PROPERTY_YOURE_TRYING_TO_SET_CAN_ONLY_BE_SET_FROM_THE_SERVER_AUTH_INSTANCE_ONLY',
    message: "The property you're trying to set can only be set from the server auth instance only."
  }
{
    code: 'THE_PROPERTY_YOURE_TRYING_TO_SET_CAN_ONLY_BE_SET_FROM_THE_SERVER_AUTH_INSTANCE_ONLY',
    message: "The property you're trying to set can only be set from the server auth instance only."
  }
Better Auth
Better Auth2w ago
It looks like the error 
{
  code: 'THE_PROPERTY_YOURE_TRYING_TO_SET_CAN_ONLY_BE_SET_FROM_THE_SERVER_AUTH_INSTANCE_ONLY',
  message: "The property you're trying to set can only be set from the server auth instance only."
}
{
  code: 'THE_PROPERTY_YOURE_TRYING_TO_SET_CAN_ONLY_BE_SET_FROM_THE_SERVER_AUTH_INSTANCE_ONLY',
  message: "The property you're trying to set can only be set from the server auth instance only."
}
appears because you’re including a property (in this case, the permissions field) that isn’t allowed to be set via the API endpoint call. In Better Auth, certain properties (like permissions) are meant to be configured directly on the server instance—not provided ad hoc in an API request—even when you’re running in a server context [2]. To fix the issue you have a couple of options:
• Remove the permissions field from your request body and let the API use the default permissions as set in your configuration,
• Or, if you need to assign custom permissions upon creation, adjust your Better Auth server configuration so that this field can be managed internally. Does this match what you expect from your API key creation flow? Let me know if you’d like to discuss other configuration details or if you have additional questions! Sources: [2] insert permissions on server side — Better Auth is powered by https://clarm.com
GitHub
better-auth/better-auth
The most comprehensive authentication framework for TypeScript - better-auth/better-auth
GitHub
insert permissions on server side · Issue #1665 · better-auth/bet...
Is this suited for github? Yes, this is suited for github To Reproduce static async createApiKey( headers: IncomingHttpHeaders, data: CreateApiKeyDto, ) { console.log(data); const apikey = await au...
Ahmed Abdelbaset
Ahmed AbdelbasetOP2w ago
@Max @Alex Yang Can anyone please have a look at this issue? The permissions field isn't configurable on the server or the client The bot found a github issue https://github.com/better-auth/better-auth/issues/1665
GitHub
insert permissions on server side · Issue #1665 · better-auth/bet...
Is this suited for github? Yes, this is suited for github To Reproduce static async createApiKey( headers: IncomingHttpHeaders, data: CreateApiKeyDto, ) { console.log(data); const apikey = await au...

Did you find this page helpful?