[{"data":1,"prerenderedAt":786},["ShallowReactive",2],{"navigation_docs":3,"-guides-role-based-access":152,"-guides-role-based-access-surround":781},[4,42,68,110,131],{"title":5,"path":6,"stem":7,"children":8,"icon":11},"Getting Started","/getting-started","1.getting-started/0.index",[9,12,17,22,27,32,37],{"title":10,"path":6,"stem":7,"icon":11},"Introduction","i-lucide-sparkles",{"title":13,"path":14,"stem":15,"icon":16},"Installation","/getting-started/installation","1.getting-started/1.installation","i-lucide-download",{"title":18,"path":19,"stem":20,"icon":21},"Configuration","/getting-started/configuration","1.getting-started/2.configuration","i-lucide-settings",{"title":23,"path":24,"stem":25,"icon":26},"Client Setup","/getting-started/client-setup","1.getting-started/3.client-setup","i-lucide-monitor",{"title":28,"path":29,"stem":30,"icon":31},"Type Augmentation","/getting-started/type-augmentation","1.getting-started/4.type-augmentation","i-lucide-type",{"title":33,"path":34,"stem":35,"icon":36},"Schema Generation (NuxtHub)","/getting-started/schema-generation","1.getting-started/5.schema-generation","i-lucide-database",{"title":38,"path":39,"stem":40,"icon":41},"How It Works","/getting-started/how-it-works","1.getting-started/6.how-it-works","i-lucide-workflow",{"title":43,"path":44,"stem":45,"children":46,"page":67},"Core Concepts","/core-concepts","2.core-concepts",[47,51,55,59,63],{"title":48,"path":49,"stem":50},"serverAuth()","/core-concepts/server-auth","2.core-concepts/1.server-auth",{"title":52,"path":53,"stem":54},"Sessions","/core-concepts/sessions","2.core-concepts/2.sessions",{"title":56,"path":57,"stem":58},"Route Protection","/core-concepts/route-protection","2.core-concepts/3.route-protection",{"title":60,"path":61,"stem":62},"Auto‑Imports and Aliases","/core-concepts/auto-imports-aliases","2.core-concepts/4.auto-imports-aliases",{"title":64,"path":65,"stem":66},"Security & Caveats","/core-concepts/security-caveats","2.core-concepts/5.security-caveats",false,{"title":69,"path":70,"stem":71,"children":72,"page":67},"Guides","/guides","3.guides",[73,77,81,85,89,94,98,102,106],{"title":74,"path":75,"stem":76},"Role‑Based Access","/guides/role-based-access","3.guides/1.role-based-access",{"title":78,"path":79,"stem":80},"OAuth Providers","/guides/oauth-providers","3.guides/2.oauth-providers",{"title":82,"path":83,"stem":84},"Custom Database","/guides/custom-database","3.guides/3.custom-database",{"title":86,"path":87,"stem":88},"Database-less Mode","/guides/database-less-mode","3.guides/4.database-less-mode",{"title":90,"path":91,"stem":92,"icon":93},"External Auth Backend","/guides/external-auth-backend","3.guides/5.external-auth-backend","i-lucide-server",{"title":95,"path":96,"stem":97},"Migrating from nuxt-auth-utils","/guides/migrate-from-nuxt-auth-utils","3.guides/6.migrate-from-nuxt-auth-utils",{"title":99,"path":100,"stem":101},"Two-Factor Authentication (TOTP + Backup Codes)","/guides/two-factor-auth","3.guides/7.two-factor-auth",{"title":103,"path":104,"stem":105},"Testing","/guides/testing","3.guides/8.testing",{"title":107,"path":108,"stem":109},"Production Deployment","/guides/production-deployment","3.guides/9.production-deployment",{"title":111,"path":112,"stem":113,"children":114,"page":67},"Integrations","/integrations","4.integrations",[115,119,123,127],{"title":116,"path":117,"stem":118},"NuxtHub","/integrations/nuxthub","4.integrations/1.nuxthub",{"title":120,"path":121,"stem":122},"DevTools","/integrations/devtools","4.integrations/2.devtools",{"title":124,"path":125,"stem":126},"Convex","/integrations/convex","4.integrations/3.convex",{"title":128,"path":129,"stem":130},"i18n","/integrations/i18n","4.integrations/4.i18n",{"title":132,"path":133,"stem":134,"children":135,"page":67},"API Reference","/api","5.api",[136,140,144,148],{"title":137,"path":138,"stem":139},"Composables","/api/composables","5.api/1.composables",{"title":141,"path":142,"stem":143},"Server Utilities","/api/server-utils","5.api/2.server-utils",{"title":145,"path":146,"stem":147},"Components","/api/components","5.api/3.components",{"title":149,"path":150,"stem":151},"Types","/api/types","5.api/4.types",{"id":153,"title":74,"body":154,"description":775,"extension":776,"links":777,"meta":778,"navigation":266,"path":75,"seo":779,"stem":76,"__hash__":780},"docs/3.guides/1.role-based-access.md",{"type":155,"value":156,"toc":766},"minimark",[157,170,175,361,365,414,418,496,500,523,600,604,615,620,623,762],[158,159,160,161,165,166,169],"p",{},"Use this guide when your Better Auth user shape includes fields such as ",[162,163,164],"code",{},"role",", ",[162,167,168],{},"teamRole",", or custom authorization flags and you want to use them in route rules or server checks.",[171,172,174],"h2",{"id":173},"with-admin-plugin","With Admin Plugin",[176,177,183],"pre",{"className":178,"code":179,"filename":180,"language":181,"meta":182,"style":182},"language-ts shiki shiki-themes one-light synthwave-84 synthwave-84","import { admin } from 'better-auth/plugins'\nimport { defineServerAuth } from '@onmax/nuxt-better-auth/config'\nexport default defineServerAuth({ plugins: [admin()] })\n\n// nuxt.config.ts - role is now typed!\nrouteRules: {\n  '/admin/**': { auth: { user: { role: 'admin' } } },\n  '/staff/**': { auth: { user: { role: ['admin', 'moderator'] } } },\n}\n","server/auth.config.ts","ts","",[162,184,185,212,229,261,268,275,285,318,355],{"__ignoreMap":182},[186,187,190,194,198,202,205,208],"span",{"class":188,"line":189},"line",1,[186,191,193],{"class":192},"sqe1H","import",[186,195,197],{"class":196},"s17Py"," { ",[186,199,201],{"class":200},"sYvLG","admin",[186,203,204],{"class":196}," } ",[186,206,207],{"class":192},"from",[186,209,211],{"class":210},"sPAZv"," 'better-auth/plugins'\n",[186,213,215,217,219,222,224,226],{"class":188,"line":214},2,[186,216,193],{"class":192},[186,218,197],{"class":196},[186,220,221],{"class":200},"defineServerAuth",[186,223,204],{"class":196},[186,225,207],{"class":192},[186,227,228],{"class":210}," '@onmax/nuxt-better-auth/config'\n",[186,230,232,235,239,243,246,249,253,256,258],{"class":188,"line":231},3,[186,233,234],{"class":192},"export",[186,236,238],{"class":237},"sKg8T"," default",[186,240,242],{"class":241},"sfT9l"," defineServerAuth",[186,244,245],{"class":196},"({ ",[186,247,248],{"class":200},"plugins",[186,250,252],{"class":251},"sVnqq",":",[186,254,255],{"class":196}," [",[186,257,201],{"class":241},[186,259,260],{"class":196},"()] })\n",[186,262,264],{"class":188,"line":263},4,[186,265,267],{"emptyLinePlaceholder":266},true,"\n",[186,269,271],{"class":188,"line":270},5,[186,272,274],{"class":273},"st7cf","// nuxt.config.ts - role is now typed!\n",[186,276,278,282],{"class":188,"line":277},6,[186,279,281],{"class":280},"sivOE","routeRules",[186,283,284],{"class":196},": {\n",[186,286,288,291,294,297,299,301,304,306,308,310,312,315],{"class":188,"line":287},7,[186,289,290],{"class":210},"  '/admin/**'",[186,292,293],{"class":196},": { ",[186,295,296],{"class":200},"auth",[186,298,252],{"class":251},[186,300,197],{"class":196},[186,302,303],{"class":200},"user",[186,305,252],{"class":251},[186,307,197],{"class":196},[186,309,164],{"class":200},[186,311,252],{"class":251},[186,313,314],{"class":210}," 'admin'",[186,316,317],{"class":196}," } } },\n",[186,319,321,324,326,328,330,332,334,336,338,340,342,344,347,349,352],{"class":188,"line":320},8,[186,322,323],{"class":210},"  '/staff/**'",[186,325,293],{"class":196},[186,327,296],{"class":200},[186,329,252],{"class":251},[186,331,197],{"class":196},[186,333,303],{"class":200},[186,335,252],{"class":251},[186,337,197],{"class":196},[186,339,164],{"class":200},[186,341,252],{"class":251},[186,343,255],{"class":196},[186,345,346],{"class":210},"'admin'",[186,348,165],{"class":196},[186,350,351],{"class":210},"'moderator'",[186,353,354],{"class":196},"] } } },\n",[186,356,358],{"class":188,"line":357},9,[186,359,360],{"class":196},"}\n",[171,362,364],{"id":363},"with-organization-plugin","With Organization Plugin",[176,366,369],{"className":178,"code":367,"filename":368,"language":181,"meta":182,"style":182},"// Works the same way with any plugin fields\nrouteRules: {\n  '/team/**': { auth: { user: { teamRole: 'owner' } } },\n}\n","nuxt.config.ts",[162,370,371,376,382,410],{"__ignoreMap":182},[186,372,373],{"class":188,"line":189},[186,374,375],{"class":273},"// Works the same way with any plugin fields\n",[186,377,378,380],{"class":188,"line":214},[186,379,281],{"class":280},[186,381,284],{"class":196},[186,383,384,387,389,391,393,395,397,399,401,403,405,408],{"class":188,"line":231},[186,385,386],{"class":210},"  '/team/**'",[186,388,293],{"class":196},[186,390,296],{"class":200},[186,392,252],{"class":251},[186,394,197],{"class":196},[186,396,303],{"class":200},[186,398,252],{"class":251},[186,400,197],{"class":196},[186,402,168],{"class":200},[186,404,252],{"class":251},[186,406,407],{"class":210}," 'owner'",[186,409,317],{"class":196},[186,411,412],{"class":188,"line":263},[186,413,360],{"class":196},[171,415,417],{"id":416},"with-custom-fields","With Custom Fields",[176,419,421],{"className":178,"code":420,"filename":368,"language":181,"meta":182,"style":182},"// Any field on AuthUser works\nrouteRules: {\n  '/premium/**': { auth: { user: { isPremium: true } } },\n  '/verified/**': { auth: { user: { emailVerified: true } } },\n}\n",[162,422,423,428,434,464,492],{"__ignoreMap":182},[186,424,425],{"class":188,"line":189},[186,426,427],{"class":273},"// Any field on AuthUser works\n",[186,429,430,432],{"class":188,"line":214},[186,431,281],{"class":280},[186,433,284],{"class":196},[186,435,436,439,441,443,445,447,449,451,453,456,458,462],{"class":188,"line":231},[186,437,438],{"class":210},"  '/premium/**'",[186,440,293],{"class":196},[186,442,296],{"class":200},[186,444,252],{"class":251},[186,446,197],{"class":196},[186,448,303],{"class":200},[186,450,252],{"class":251},[186,452,197],{"class":196},[186,454,455],{"class":200},"isPremium",[186,457,252],{"class":251},[186,459,461],{"class":460},"s3ZNE"," true",[186,463,317],{"class":196},[186,465,466,469,471,473,475,477,479,481,483,486,488,490],{"class":188,"line":263},[186,467,468],{"class":210},"  '/verified/**'",[186,470,293],{"class":196},[186,472,296],{"class":200},[186,474,252],{"class":251},[186,476,197],{"class":196},[186,478,303],{"class":200},[186,480,252],{"class":251},[186,482,197],{"class":196},[186,484,485],{"class":200},"emailVerified",[186,487,252],{"class":251},[186,489,461],{"class":460},[186,491,317],{"class":196},[186,493,494],{"class":188,"line":270},[186,495,360],{"class":196},[171,497,499],{"id":498},"matching-logic","Matching Logic",[501,502,503,511,517],"ul",{},[504,505,506,510],"li",{},[507,508,509],"strong",{},"Single value",": exact match required",[504,512,513,516],{},[507,514,515],{},"Array",": OR logic (user field must be one of the values)",[504,518,519,522],{},[507,520,521],{},"Multiple fields",": AND logic (all must match)",[176,524,526],{"className":178,"code":525,"language":181,"meta":182,"style":182},"// Must be admin AND verified\n{ auth: { user: { role: 'admin', emailVerified: true } } }\n\n// Must be admin OR moderator\n{ auth: { user: { role: ['admin', 'moderator'] } } }\n",[162,527,528,533,565,569,574],{"__ignoreMap":182},[186,529,530],{"class":188,"line":189},[186,531,532],{"class":273},"// Must be admin AND verified\n",[186,534,535,538,540,542,544,546,548,551,553,555,557,559,562],{"class":188,"line":214},[186,536,537],{"class":196},"{ ",[186,539,296],{"class":280},[186,541,293],{"class":196},[186,543,303],{"class":280},[186,545,293],{"class":196},[186,547,164],{"class":280},[186,549,550],{"class":196},": ",[186,552,346],{"class":210},[186,554,165],{"class":196},[186,556,485],{"class":280},[186,558,550],{"class":196},[186,560,561],{"class":460},"true",[186,563,564],{"class":196}," } } }\n",[186,566,567],{"class":188,"line":231},[186,568,267],{"emptyLinePlaceholder":266},[186,570,571],{"class":188,"line":263},[186,572,573],{"class":273},"// Must be admin OR moderator\n",[186,575,576,578,580,582,584,586,588,591,593,595,597],{"class":188,"line":270},[186,577,537],{"class":196},[186,579,296],{"class":280},[186,581,293],{"class":196},[186,583,303],{"class":280},[186,585,293],{"class":196},[186,587,164],{"class":280},[186,589,590],{"class":196},": [",[186,592,346],{"class":210},[186,594,165],{"class":196},[186,596,351],{"class":210},[186,598,599],{"class":196},"] } } }\n",[171,601,603],{"id":602},"complex-logic","Complex Logic",[158,605,606,607,610,611,614],{},"For complex authorization, use custom middleware or ",[162,608,609],{},"requireUserSession"," with a ",[162,612,613],{},"rule"," callback.",[616,617,619],"h3",{"id":618},"complex-authorization-with-rule-callbacks","Complex Authorization with Rule Callbacks",[158,621,622],{},"For authorization logic that can't be expressed with field matching:",[176,624,627],{"className":178,"code":625,"filename":626,"language":181,"meta":182,"style":182},"export default defineEventHandler(async (event) => {\n  await requireUserSession(event, {\n    rule: (session) => {\n      // User must have 'reports:read' permission\n      return session.user.permissions?.includes('reports:read')\n    }\n  })\n\n  return getReports()\n})\n","server/api/reports.ts",[162,628,629,660,675,693,698,731,736,741,745,756],{"__ignoreMap":182},[186,630,631,633,635,638,641,644,647,651,654,657],{"class":188,"line":189},[186,632,234],{"class":192},[186,634,238],{"class":237},[186,636,637],{"class":241}," defineEventHandler",[186,639,640],{"class":196},"(",[186,642,643],{"class":192},"async",[186,645,646],{"class":196}," (",[186,648,650],{"class":649},"sgisi","event",[186,652,653],{"class":196},") ",[186,655,656],{"class":192},"=>",[186,658,659],{"class":196}," {\n",[186,661,662,665,668,670,672],{"class":188,"line":214},[186,663,664],{"class":192},"  await",[186,666,667],{"class":241}," requireUserSession",[186,669,640],{"class":196},[186,671,650],{"class":200},[186,673,674],{"class":196},", {\n",[186,676,677,680,682,684,687,689,691],{"class":188,"line":231},[186,678,679],{"class":241},"    rule",[186,681,252],{"class":251},[186,683,646],{"class":196},[186,685,686],{"class":649},"session",[186,688,653],{"class":196},[186,690,656],{"class":192},[186,692,659],{"class":196},[186,694,695],{"class":188,"line":263},[186,696,697],{"class":273},"      // User must have 'reports:read' permission\n",[186,699,700,703,707,710,712,714,717,720,723,725,728],{"class":188,"line":270},[186,701,702],{"class":192},"      return",[186,704,706],{"class":705},"svFNh"," session",[186,708,709],{"class":196},".",[186,711,303],{"class":200},[186,713,709],{"class":196},[186,715,716],{"class":200},"permissions",[186,718,719],{"class":196},"?.",[186,721,722],{"class":241},"includes",[186,724,640],{"class":196},[186,726,727],{"class":210},"'reports:read'",[186,729,730],{"class":196},")\n",[186,732,733],{"class":188,"line":277},[186,734,735],{"class":196},"    }\n",[186,737,738],{"class":188,"line":287},[186,739,740],{"class":196},"  })\n",[186,742,743],{"class":188,"line":320},[186,744,267],{"emptyLinePlaceholder":266},[186,746,747,750,753],{"class":188,"line":357},[186,748,749],{"class":192},"  return",[186,751,752],{"class":241}," getReports",[186,754,755],{"class":196},"()\n",[186,757,759],{"class":188,"line":758},10,[186,760,761],{"class":196},"})\n",[763,764,765],"style",{},"html pre.shiki code .sqe1H, html code.shiki .sqe1H{--shiki-light:#A626A4;--shiki-default:#FEDE5D;--shiki-dark:#FEDE5D}html pre.shiki code .s17Py, html code.shiki .s17Py{--shiki-light:#383A42;--shiki-default:#BBBBBB;--shiki-dark:#BBBBBB}html pre.shiki code .sYvLG, html code.shiki .sYvLG{--shiki-light:#E45649;--shiki-default:#FF7EDB;--shiki-dark:#FF7EDB}html pre.shiki code .sPAZv, html code.shiki .sPAZv{--shiki-light:#50A14F;--shiki-default:#FF8B39;--shiki-dark:#FF8B39}html pre.shiki code .sKg8T, html code.shiki .sKg8T{--shiki-light:#E45649;--shiki-default:#FEDE5D;--shiki-dark:#FEDE5D}html pre.shiki code .sfT9l, html code.shiki .sfT9l{--shiki-light:#4078F2;--shiki-default:#36F9F6;--shiki-dark:#36F9F6}html pre.shiki code .sVnqq, html code.shiki .sVnqq{--shiki-light:#0184BC;--shiki-default:#B6B1B1;--shiki-dark:#B6B1B1}html pre.shiki code .st7cf, html code.shiki .st7cf{--shiki-light:#A0A1A7;--shiki-light-font-style:italic;--shiki-default:#848BBD;--shiki-default-font-style:italic;--shiki-dark:#848BBD;--shiki-dark-font-style:italic}html pre.shiki code .sivOE, html code.shiki .sivOE{--shiki-light:#383A42;--shiki-default:#FE4450;--shiki-dark:#FE4450}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .s3ZNE, html code.shiki .s3ZNE{--shiki-light:#986801;--shiki-default:#F97E72;--shiki-dark:#F97E72}html pre.shiki code .sgisi, html code.shiki .sgisi{--shiki-light:#383A42;--shiki-light-font-style:inherit;--shiki-default:#FF7EDB;--shiki-default-font-style:italic;--shiki-dark:#FF7EDB;--shiki-dark-font-style:italic}html pre.shiki code .svFNh, html code.shiki .svFNh{--shiki-light:#383A42;--shiki-default:#FF7EDB;--shiki-dark:#FF7EDB}",{"title":182,"searchDepth":214,"depth":214,"links":767},[768,769,770,771,772],{"id":173,"depth":214,"text":174},{"id":363,"depth":214,"text":364},{"id":416,"depth":214,"text":417},{"id":498,"depth":214,"text":499},{"id":602,"depth":214,"text":603,"children":773},[774],{"id":618,"depth":231,"text":619},"Protect routes using generic field matching on AuthUser.","md",null,{},{"title":74,"description":775},"EFc4ffge_1vszR794ZKvaFJaUh6qq3ZRLHDMZbF_16Q",[782,784],{"title":64,"path":65,"stem":66,"description":783,"children":-1},"What is enforced where, and what you should not assume.",{"title":78,"path":79,"stem":80,"description":785,"children":-1},"Configure OAuth providers and sign in with `signIn.social()`.",1777451672715]