Better AuthBA
Better Auth2w ago
Steven

Admin Plugin List Users gives 403 when trying to use role in adminRoles list?

I'm on a static sveltekit frontend calling a hono backend.

My settings are simple. My plugins look like this on the server:

[
  admin({
    adminRoles: ['admin', 'root'],
  }),
  apiKey(),
  username(),
]


I have no custom permissions setup.

My auth client on the frontend is defined this way. super simple:
import { createAuthClient } from 'better-auth/svelte';
import { PUBLIC_API_URL } from '$env/static/public';
import {
  adminClient,
  apiKeyClient,
  usernameClient
} from 'better-auth/client/plugins';

export const authClient = createAuthClient({
  /** The base URL of the server (optional if you're using the same domain) */
  baseURL: PUBLIC_API_URL,
  plugins: [adminClient(), apiKeyClient(), usernameClient()],
  basePath: '/auth'
});


and I have a user with the role 'root' trying to call listUsers:

async function getAdmins() {
    const { data: admins_res, error } = await authClient.admin.listUsers({
      query: {
        filterField: 'role',
        filterOperator: 'contains',
        filterValue: 'admin'
      }
    });

    if (error) {
      console.error(error);
      throw new Error(error.message, {
        cause: error.statusText
      });
    }

    return admins_res;
  }


I have sign in and sign out working fine but when I call listUsers it sends back this:
{code: 'YOU_ARE_NOT_ALLOWED_TO_LIST_USERS', message: 'You are not allowed to list users', status: 403, statusText: 'Forbidden'}

I've looked at the docs and even other peoples' situations, some said to update so I updated to v1.4.5 on the client and server to no avail. I'm not sure what to do but ask for a hand.
Was this page helpful?