[{"data":1,"prerenderedAt":778},["ShallowReactive",2],{"navigation_docs":3,"-guides-role-based-access":152,"-guides-role-based-access-surround":773},[4,42,68,110,131],{"title":5,"path":6,"stem":7,"children":8,"icon":11},"Getting Started","/getting-started","1.getting-started/0.index",[9,12,17,22,27,32,37],{"title":10,"path":6,"stem":7,"icon":11},"Introduction","i-lucide-sparkles",{"title":13,"path":14,"stem":15,"icon":16},"Installation","/getting-started/installation","1.getting-started/1.installation","i-lucide-download",{"title":18,"path":19,"stem":20,"icon":21},"Configuration","/getting-started/configuration","1.getting-started/2.configuration","i-lucide-settings",{"title":23,"path":24,"stem":25,"icon":26},"Client Setup","/getting-started/client-setup","1.getting-started/3.client-setup","i-lucide-monitor",{"title":28,"path":29,"stem":30,"icon":31},"Type Augmentation","/getting-started/type-augmentation","1.getting-started/4.type-augmentation","i-lucide-type",{"title":33,"path":34,"stem":35,"icon":36},"Schema Generation (NuxtHub)","/getting-started/schema-generation","1.getting-started/5.schema-generation","i-lucide-database",{"title":38,"path":39,"stem":40,"icon":41},"How It Works","/getting-started/how-it-works","1.getting-started/6.how-it-works","i-lucide-workflow",{"title":43,"path":44,"stem":45,"children":46,"page":67},"Core Concepts","/core-concepts","2.core-concepts",[47,51,55,59,63],{"title":48,"path":49,"stem":50},"serverAuth()","/core-concepts/server-auth","2.core-concepts/1.server-auth",{"title":52,"path":53,"stem":54},"Sessions","/core-concepts/sessions","2.core-concepts/2.sessions",{"title":56,"path":57,"stem":58},"Route Protection","/core-concepts/route-protection","2.core-concepts/3.route-protection",{"title":60,"path":61,"stem":62},"Auto‑Imports and Aliases","/core-concepts/auto-imports-aliases","2.core-concepts/4.auto-imports-aliases",{"title":64,"path":65,"stem":66},"Security & Caveats","/core-concepts/security-caveats","2.core-concepts/5.security-caveats",false,{"title":69,"path":70,"stem":71,"children":72,"page":67},"Guides","/guides","3.guides",[73,77,81,85,89,94,98,102,106],{"title":74,"path":75,"stem":76},"Role‑Based Access","/guides/role-based-access","3.guides/1.role-based-access",{"title":78,"path":79,"stem":80},"OAuth Providers","/guides/oauth-providers","3.guides/2.oauth-providers",{"title":82,"path":83,"stem":84},"Custom Database","/guides/custom-database","3.guides/3.custom-database",{"title":86,"path":87,"stem":88},"Database-less Mode","/guides/database-less-mode","3.guides/4.database-less-mode",{"title":90,"path":91,"stem":92,"icon":93},"External Auth Backend","/guides/external-auth-backend","3.guides/5.external-auth-backend","i-lucide-server",{"title":95,"path":96,"stem":97},"Migrating from nuxt-auth-utils","/guides/migrate-from-nuxt-auth-utils","3.guides/6.migrate-from-nuxt-auth-utils",{"title":99,"path":100,"stem":101},"Two-Factor Authentication (TOTP + Backup Codes)","/guides/two-factor-auth","3.guides/7.two-factor-auth",{"title":103,"path":104,"stem":105},"Testing","/guides/testing","3.guides/8.testing",{"title":107,"path":108,"stem":109},"Production Deployment","/guides/production-deployment","3.guides/9.production-deployment",{"title":111,"path":112,"stem":113,"children":114,"page":67},"Integrations","/integrations","4.integrations",[115,119,123,127],{"title":116,"path":117,"stem":118},"NuxtHub","/integrations/nuxthub","4.integrations/1.nuxthub",{"title":120,"path":121,"stem":122},"DevTools","/integrations/devtools","4.integrations/2.devtools",{"title":124,"path":125,"stem":126},"Convex","/integrations/convex","4.integrations/3.convex",{"title":128,"path":129,"stem":130},"i18n","/integrations/i18n","4.integrations/4.i18n",{"title":132,"path":133,"stem":134,"children":135,"page":67},"API Reference","/api","5.api",[136,140,144,148],{"title":137,"path":138,"stem":139},"Composables","/api/composables","5.api/1.composables",{"title":141,"path":142,"stem":143},"Server Utilities","/api/server-utils","5.api/2.server-utils",{"title":145,"path":146,"stem":147},"Components","/api/components","5.api/3.components",{"title":149,"path":150,"stem":151},"Types","/api/types","5.api/4.types",{"id":153,"title":74,"body":154,"description":767,"extension":768,"links":769,"meta":770,"navigation":254,"path":75,"seo":771,"stem":76,"__hash__":772},"docs/3.guides/1.role-based-access.md",{"type":155,"value":156,"toc":758},"minimark",[157,162,351,355,405,409,487,491,514,591,595,607,612,615,754],[158,159,161],"h2",{"id":160},"with-admin-plugin","With Admin Plugin",[163,164,170],"pre",{"className":165,"code":166,"filename":167,"language":168,"meta":169,"style":169},"language-ts shiki shiki-themes one-light synthwave-84 synthwave-84","import { admin } from 'better-auth/plugins'\nimport { defineServerAuth } from '@onmax/nuxt-better-auth/config'\nexport default defineServerAuth({ plugins: [admin()] })\n\n// nuxt.config.ts - role is now typed!\nrouteRules: {\n  '/admin/**': { auth: { user: { role: 'admin' } } },\n  '/staff/**': { auth: { user: { role: ['admin', 'moderator'] } } },\n}\n","server/auth.config.ts","ts","",[171,172,173,200,217,249,256,263,273,307,345],"code",{"__ignoreMap":169},[174,175,178,182,186,190,193,196],"span",{"class":176,"line":177},"line",1,[174,179,181],{"class":180},"sqe1H","import",[174,183,185],{"class":184},"s17Py"," { ",[174,187,189],{"class":188},"sYvLG","admin",[174,191,192],{"class":184}," } ",[174,194,195],{"class":180},"from",[174,197,199],{"class":198},"sPAZv"," 'better-auth/plugins'\n",[174,201,203,205,207,210,212,214],{"class":176,"line":202},2,[174,204,181],{"class":180},[174,206,185],{"class":184},[174,208,209],{"class":188},"defineServerAuth",[174,211,192],{"class":184},[174,213,195],{"class":180},[174,215,216],{"class":198}," '@onmax/nuxt-better-auth/config'\n",[174,218,220,223,227,231,234,237,241,244,246],{"class":176,"line":219},3,[174,221,222],{"class":180},"export",[174,224,226],{"class":225},"sKg8T"," default",[174,228,230],{"class":229},"sfT9l"," defineServerAuth",[174,232,233],{"class":184},"({ ",[174,235,236],{"class":188},"plugins",[174,238,240],{"class":239},"sVnqq",":",[174,242,243],{"class":184}," [",[174,245,189],{"class":229},[174,247,248],{"class":184},"()] })\n",[174,250,252],{"class":176,"line":251},4,[174,253,255],{"emptyLinePlaceholder":254},true,"\n",[174,257,259],{"class":176,"line":258},5,[174,260,262],{"class":261},"st7cf","// nuxt.config.ts - role is now typed!\n",[174,264,266,270],{"class":176,"line":265},6,[174,267,269],{"class":268},"sivOE","routeRules",[174,271,272],{"class":184},": {\n",[174,274,276,279,282,285,287,289,292,294,296,299,301,304],{"class":176,"line":275},7,[174,277,278],{"class":198},"  '/admin/**'",[174,280,281],{"class":184},": { ",[174,283,284],{"class":188},"auth",[174,286,240],{"class":239},[174,288,185],{"class":184},[174,290,291],{"class":188},"user",[174,293,240],{"class":239},[174,295,185],{"class":184},[174,297,298],{"class":188},"role",[174,300,240],{"class":239},[174,302,303],{"class":198}," 'admin'",[174,305,306],{"class":184}," } } },\n",[174,308,310,313,315,317,319,321,323,325,327,329,331,333,336,339,342],{"class":176,"line":309},8,[174,311,312],{"class":198},"  '/staff/**'",[174,314,281],{"class":184},[174,316,284],{"class":188},[174,318,240],{"class":239},[174,320,185],{"class":184},[174,322,291],{"class":188},[174,324,240],{"class":239},[174,326,185],{"class":184},[174,328,298],{"class":188},[174,330,240],{"class":239},[174,332,243],{"class":184},[174,334,335],{"class":198},"'admin'",[174,337,338],{"class":184},", ",[174,340,341],{"class":198},"'moderator'",[174,343,344],{"class":184},"] } } },\n",[174,346,348],{"class":176,"line":347},9,[174,349,350],{"class":184},"}\n",[158,352,354],{"id":353},"with-organization-plugin","With Organization Plugin",[163,356,359],{"className":165,"code":357,"filename":358,"language":168,"meta":169,"style":169},"// Works the same way with any plugin fields\nrouteRules: {\n  '/team/**': { auth: { user: { teamRole: 'owner' } } },\n}\n","nuxt.config.ts",[171,360,361,366,372,401],{"__ignoreMap":169},[174,362,363],{"class":176,"line":177},[174,364,365],{"class":261},"// Works the same way with any plugin fields\n",[174,367,368,370],{"class":176,"line":202},[174,369,269],{"class":268},[174,371,272],{"class":184},[174,373,374,377,379,381,383,385,387,389,391,394,396,399],{"class":176,"line":219},[174,375,376],{"class":198},"  '/team/**'",[174,378,281],{"class":184},[174,380,284],{"class":188},[174,382,240],{"class":239},[174,384,185],{"class":184},[174,386,291],{"class":188},[174,388,240],{"class":239},[174,390,185],{"class":184},[174,392,393],{"class":188},"teamRole",[174,395,240],{"class":239},[174,397,398],{"class":198}," 'owner'",[174,400,306],{"class":184},[174,402,403],{"class":176,"line":251},[174,404,350],{"class":184},[158,406,408],{"id":407},"with-custom-fields","With Custom Fields",[163,410,412],{"className":165,"code":411,"filename":358,"language":168,"meta":169,"style":169},"// Any field on AuthUser works\nrouteRules: {\n  '/premium/**': { auth: { user: { isPremium: true } } },\n  '/verified/**': { auth: { user: { emailVerified: true } } },\n}\n",[171,413,414,419,425,455,483],{"__ignoreMap":169},[174,415,416],{"class":176,"line":177},[174,417,418],{"class":261},"// Any field on AuthUser works\n",[174,420,421,423],{"class":176,"line":202},[174,422,269],{"class":268},[174,424,272],{"class":184},[174,426,427,430,432,434,436,438,440,442,444,447,449,453],{"class":176,"line":219},[174,428,429],{"class":198},"  '/premium/**'",[174,431,281],{"class":184},[174,433,284],{"class":188},[174,435,240],{"class":239},[174,437,185],{"class":184},[174,439,291],{"class":188},[174,441,240],{"class":239},[174,443,185],{"class":184},[174,445,446],{"class":188},"isPremium",[174,448,240],{"class":239},[174,450,452],{"class":451},"s3ZNE"," true",[174,454,306],{"class":184},[174,456,457,460,462,464,466,468,470,472,474,477,479,481],{"class":176,"line":251},[174,458,459],{"class":198},"  '/verified/**'",[174,461,281],{"class":184},[174,463,284],{"class":188},[174,465,240],{"class":239},[174,467,185],{"class":184},[174,469,291],{"class":188},[174,471,240],{"class":239},[174,473,185],{"class":184},[174,475,476],{"class":188},"emailVerified",[174,478,240],{"class":239},[174,480,452],{"class":451},[174,482,306],{"class":184},[174,484,485],{"class":176,"line":258},[174,486,350],{"class":184},[158,488,490],{"id":489},"matching-logic","Matching Logic",[492,493,494,502,508],"ul",{},[495,496,497,501],"li",{},[498,499,500],"strong",{},"Single value",": exact match required",[495,503,504,507],{},[498,505,506],{},"Array",": OR logic (user field must be one of the values)",[495,509,510,513],{},[498,511,512],{},"Multiple fields",": AND logic (all must match)",[163,515,517],{"className":165,"code":516,"language":168,"meta":169,"style":169},"// Must be admin AND verified\n{ auth: { user: { role: 'admin', emailVerified: true } } }\n\n// Must be admin OR moderator\n{ auth: { user: { role: ['admin', 'moderator'] } } }\n",[171,518,519,524,556,560,565],{"__ignoreMap":169},[174,520,521],{"class":176,"line":177},[174,522,523],{"class":261},"// Must be admin AND verified\n",[174,525,526,529,531,533,535,537,539,542,544,546,548,550,553],{"class":176,"line":202},[174,527,528],{"class":184},"{ ",[174,530,284],{"class":268},[174,532,281],{"class":184},[174,534,291],{"class":268},[174,536,281],{"class":184},[174,538,298],{"class":268},[174,540,541],{"class":184},": ",[174,543,335],{"class":198},[174,545,338],{"class":184},[174,547,476],{"class":268},[174,549,541],{"class":184},[174,551,552],{"class":451},"true",[174,554,555],{"class":184}," } } }\n",[174,557,558],{"class":176,"line":219},[174,559,255],{"emptyLinePlaceholder":254},[174,561,562],{"class":176,"line":251},[174,563,564],{"class":261},"// Must be admin OR moderator\n",[174,566,567,569,571,573,575,577,579,582,584,586,588],{"class":176,"line":258},[174,568,528],{"class":184},[174,570,284],{"class":268},[174,572,281],{"class":184},[174,574,291],{"class":268},[174,576,281],{"class":184},[174,578,298],{"class":268},[174,580,581],{"class":184},": [",[174,583,335],{"class":198},[174,585,338],{"class":184},[174,587,341],{"class":198},[174,589,590],{"class":184},"] } } }\n",[158,592,594],{"id":593},"complex-logic","Complex Logic",[596,597,598,599,602,603,606],"p",{},"For complex authorization, use custom middleware or ",[171,600,601],{},"requireUserSession"," with a ",[171,604,605],{},"rule"," callback.",[608,609,611],"h3",{"id":610},"complex-authorization-with-rule-callbacks","Complex Authorization with Rule Callbacks",[596,613,614],{},"For authorization logic that can't be expressed with field matching:",[163,616,619],{"className":165,"code":617,"filename":618,"language":168,"meta":169,"style":169},"export default defineEventHandler(async (event) => {\n  await requireUserSession(event, {\n    rule: (session) => {\n      // User must have 'reports:read' permission\n      return session.user.permissions?.includes('reports:read')\n    }\n  })\n\n  return getReports()\n})\n","server/api/reports.ts",[171,620,621,652,667,685,690,723,728,733,737,748],{"__ignoreMap":169},[174,622,623,625,627,630,633,636,639,643,646,649],{"class":176,"line":177},[174,624,222],{"class":180},[174,626,226],{"class":225},[174,628,629],{"class":229}," defineEventHandler",[174,631,632],{"class":184},"(",[174,634,635],{"class":180},"async",[174,637,638],{"class":184}," (",[174,640,642],{"class":641},"sgisi","event",[174,644,645],{"class":184},") ",[174,647,648],{"class":180},"=>",[174,650,651],{"class":184}," {\n",[174,653,654,657,660,662,664],{"class":176,"line":202},[174,655,656],{"class":180},"  await",[174,658,659],{"class":229}," requireUserSession",[174,661,632],{"class":184},[174,663,642],{"class":188},[174,665,666],{"class":184},", {\n",[174,668,669,672,674,676,679,681,683],{"class":176,"line":219},[174,670,671],{"class":229},"    rule",[174,673,240],{"class":239},[174,675,638],{"class":184},[174,677,678],{"class":641},"session",[174,680,645],{"class":184},[174,682,648],{"class":180},[174,684,651],{"class":184},[174,686,687],{"class":176,"line":251},[174,688,689],{"class":261},"      // User must have 'reports:read' permission\n",[174,691,692,695,699,702,704,706,709,712,715,717,720],{"class":176,"line":258},[174,693,694],{"class":180},"      return",[174,696,698],{"class":697},"svFNh"," session",[174,700,701],{"class":184},".",[174,703,291],{"class":188},[174,705,701],{"class":184},[174,707,708],{"class":188},"permissions",[174,710,711],{"class":184},"?.",[174,713,714],{"class":229},"includes",[174,716,632],{"class":184},[174,718,719],{"class":198},"'reports:read'",[174,721,722],{"class":184},")\n",[174,724,725],{"class":176,"line":265},[174,726,727],{"class":184},"    }\n",[174,729,730],{"class":176,"line":275},[174,731,732],{"class":184},"  })\n",[174,734,735],{"class":176,"line":309},[174,736,255],{"emptyLinePlaceholder":254},[174,738,739,742,745],{"class":176,"line":347},[174,740,741],{"class":180},"  return",[174,743,744],{"class":229}," getReports",[174,746,747],{"class":184},"()\n",[174,749,751],{"class":176,"line":750},10,[174,752,753],{"class":184},"})\n",[755,756,757],"style",{},"html pre.shiki code .sqe1H, html code.shiki .sqe1H{--shiki-light:#A626A4;--shiki-default:#FEDE5D;--shiki-dark:#FEDE5D}html pre.shiki code .s17Py, html code.shiki .s17Py{--shiki-light:#383A42;--shiki-default:#BBBBBB;--shiki-dark:#BBBBBB}html pre.shiki code .sYvLG, html code.shiki .sYvLG{--shiki-light:#E45649;--shiki-default:#FF7EDB;--shiki-dark:#FF7EDB}html pre.shiki code .sPAZv, html code.shiki .sPAZv{--shiki-light:#50A14F;--shiki-default:#FF8B39;--shiki-dark:#FF8B39}html pre.shiki code .sKg8T, html code.shiki .sKg8T{--shiki-light:#E45649;--shiki-default:#FEDE5D;--shiki-dark:#FEDE5D}html pre.shiki code .sfT9l, html code.shiki .sfT9l{--shiki-light:#4078F2;--shiki-default:#36F9F6;--shiki-dark:#36F9F6}html pre.shiki code .sVnqq, html code.shiki .sVnqq{--shiki-light:#0184BC;--shiki-default:#B6B1B1;--shiki-dark:#B6B1B1}html pre.shiki code .st7cf, html code.shiki .st7cf{--shiki-light:#A0A1A7;--shiki-light-font-style:italic;--shiki-default:#848BBD;--shiki-default-font-style:italic;--shiki-dark:#848BBD;--shiki-dark-font-style:italic}html pre.shiki code .sivOE, html code.shiki .sivOE{--shiki-light:#383A42;--shiki-default:#FE4450;--shiki-dark:#FE4450}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .s3ZNE, html code.shiki .s3ZNE{--shiki-light:#986801;--shiki-default:#F97E72;--shiki-dark:#F97E72}html pre.shiki code .sgisi, html code.shiki .sgisi{--shiki-light:#383A42;--shiki-light-font-style:inherit;--shiki-default:#FF7EDB;--shiki-default-font-style:italic;--shiki-dark:#FF7EDB;--shiki-dark-font-style:italic}html pre.shiki code .svFNh, html code.shiki .svFNh{--shiki-light:#383A42;--shiki-default:#FF7EDB;--shiki-dark:#FF7EDB}",{"title":169,"searchDepth":202,"depth":202,"links":759},[760,761,762,763,764],{"id":160,"depth":202,"text":161},{"id":353,"depth":202,"text":354},{"id":407,"depth":202,"text":408},{"id":489,"depth":202,"text":490},{"id":593,"depth":202,"text":594,"children":765},[766],{"id":610,"depth":219,"text":611},"Protect routes using generic field matching on AuthUser.","md",null,{},{"title":74,"description":767},"OLdYEnx0t1XxDguYo01LeHfL-dIg2W-eGv0k1OPP790",[774,776],{"title":64,"path":65,"stem":66,"description":775,"children":-1},"What is enforced where, and what you should not assume.",{"title":78,"path":79,"stem":80,"description":777,"children":-1},"Configure OAuth providers and sign in with `signIn.social()`.",1774189123865]