1 reply

Admin Plugin List Users gives 403 when trying to use role in adminRoles list?

HonoPlugins related

Svelte Kit

I'm on a static sveltekit frontend calling a hono backend.

My settings are simple. My plugins look like this on the server:

[
  admin({
    adminRoles: ['admin', 'root'],
  }),
  apiKey(),
  username(),
]

[
  admin({
    adminRoles: ['admin', 'root'],
  }),
  apiKey(),
  username(),
]

I have no custom permissions setup.

My auth client on the frontend is defined this way. super simple:

import { createAuthClient } from 'better-auth/svelte';
import { PUBLIC_API_URL } from '$env/static/public';
import {
  adminClient,
  apiKeyClient,
  usernameClient
} from 'better-auth/client/plugins';

export const authClient = createAuthClient({
  /** The base URL of the server (optional if you're using the same domain) */
  baseURL: PUBLIC_API_URL,
  plugins: [adminClient(), apiKeyClient(), usernameClient()],
  basePath: '/auth'
});

import { createAuthClient } from 'better-auth/svelte';
import { PUBLIC_API_URL } from '$env/static/public';
import {
  adminClient,
  apiKeyClient,
  usernameClient
} from 'better-auth/client/plugins';

export const authClient = createAuthClient({
  /** The base URL of the server (optional if you're using the same domain) */
  baseURL: PUBLIC_API_URL,
  plugins: [adminClient(), apiKeyClient(), usernameClient()],
  basePath: '/auth'
});

and I have a user with the role

'root'

'root'

trying to call

listUsers

listUsers

async function getAdmins() {
    const { data: admins_res, error } = await authClient.admin.listUsers({
      query: {
        filterField: 'role',
        filterOperator: 'contains',
        filterValue: 'admin'
      }
    });

    if (error) {
      console.error(error);
      throw new Error(error.message, {
        cause: error.statusText
      });
    }

    return admins_res;
  }

async function getAdmins() {
    const { data: admins_res, error } = await authClient.admin.listUsers({
      query: {
        filterField: 'role',
        filterOperator: 'contains',
        filterValue: 'admin'
      }
    });

    if (error) {
      console.error(error);
      throw new Error(error.message, {
        cause: error.statusText
      });
    }

    return admins_res;
  }

I have sign in and sign out working fine but when I call

listUsers

listUsers

it sends back this:

{code: 'YOU_ARE_NOT_ALLOWED_TO_LIST_USERS', message: 'You are not allowed to list users', status: 403, statusText: 'Forbidden'}

{code: 'YOU_ARE_NOT_ALLOWED_TO_LIST_USERS', message: 'You are not allowed to list users', status: 403, statusText: 'Forbidden'}

I've looked at the docs and even other peoples' situations, some said to update so I updated to v1.4.5 on the client and server to no avail. I'm not sure what to do but ask for a hand.

Admin Plugin List Users gives 403 when trying to use role in adminRoles list?

HonoPlugins related

Svelte Kit

I'm on a static sveltekit frontend calling a hono backend.

My settings are simple. My plugins look like this on the server:

[
  admin({
    adminRoles: ['admin', 'root'],
  }),
  apiKey(),
  username(),
]

[
  admin({
    adminRoles: ['admin', 'root'],
  }),
  apiKey(),
  username(),
]

I have no custom permissions setup.

My auth client on the frontend is defined this way. super simple:

import { createAuthClient } from 'better-auth/svelte';
import { PUBLIC_API_URL } from '$env/static/public';
import {
  adminClient,
  apiKeyClient,
  usernameClient
} from 'better-auth/client/plugins';

export const authClient = createAuthClient({
  /** The base URL of the server (optional if you're using the same domain) */
  baseURL: PUBLIC_API_URL,
  plugins: [adminClient(), apiKeyClient(), usernameClient()],
  basePath: '/auth'
});

import { createAuthClient } from 'better-auth/svelte';
import { PUBLIC_API_URL } from '$env/static/public';
import {
  adminClient,
  apiKeyClient,
  usernameClient
} from 'better-auth/client/plugins';

export const authClient = createAuthClient({
  /** The base URL of the server (optional if you're using the same domain) */
  baseURL: PUBLIC_API_URL,
  plugins: [adminClient(), apiKeyClient(), usernameClient()],
  basePath: '/auth'
});

and I have a user with the role

'root'

'root'

trying to call

listUsers

listUsers

async function getAdmins() {
    const { data: admins_res, error } = await authClient.admin.listUsers({
      query: {
        filterField: 'role',
        filterOperator: 'contains',
        filterValue: 'admin'
      }
    });

    if (error) {
      console.error(error);
      throw new Error(error.message, {
        cause: error.statusText
      });
    }

    return admins_res;
  }

async function getAdmins() {
    const { data: admins_res, error } = await authClient.admin.listUsers({
      query: {
        filterField: 'role',
        filterOperator: 'contains',
        filterValue: 'admin'
      }
    });

    if (error) {
      console.error(error);
      throw new Error(error.message, {
        cause: error.statusText
      });
    }

    return admins_res;
  }

I have sign in and sign out working fine but when I call

listUsers

listUsers

it sends back this:

{code: 'YOU_ARE_NOT_ALLOWED_TO_LIST_USERS', message: 'You are not allowed to list users', status: 403, statusText: 'Forbidden'}

{code: 'YOU_ARE_NOT_ALLOWED_TO_LIST_USERS', message: 'You are not allowed to list users', status: 403, statusText: 'Forbidden'}

I've looked at the docs and even other peoples' situations, some said to update so I updated to v1.4.5 on the client and server to no avail. I'm not sure what to do but ask for a hand.

Admin Plugin List Users gives 403 when trying to use role in adminRoles list?

Similar Threads

Admin Plugin List Users gives 403 when trying to use role in adminRoles list?

Similar Threads

Similar Threads

Similar Threads