Skip to main content

Overview

The StudioAccessConfig type controls who can access the Studio UI. You can restrict access by user roles, specific email addresses, configure session duration, and set a custom secret for authentication.

Type Definition

export type StudioAccessConfig = {
  roles?: string[];
  allowEmails?: string[];
  sessionDuration?: number;
  secret?: string;
};

Fields

roles
string[]
Array of user roles that are allowed to access Studio.Users must have one of these roles in their Better Auth user object to access the Studio UI.Example:
access: {
  roles: ["admin", "super-admin"]
}
allowEmails
string[]
Array of specific email addresses that are allowed to access Studio.Users with these email addresses can access Studio regardless of their role.Example:
access: {
  allowEmails: [
    "[email protected]",
    "[email protected]"
  ]
}
sessionDuration
number
Duration of Studio authentication sessions in seconds.Controls how long users stay authenticated in Studio before needing to re-authenticate.Example:
access: {
  sessionDuration: 3600 // 1 hour
}
secret
string
Custom secret for Studio authentication.Used to sign and verify Studio session tokens. If not provided, Studio will use a default secret.Recommendation: Provide a strong, unique secret in production environments.Example:
access: {
  secret: process.env.STUDIO_SECRET
}

Usage Examples

Restrict by Role

import { defineStudioConfig } from "better-auth-studio";

export const studioConfig = defineStudioConfig({
  auth,
  access: {
    roles: ["admin"],
  },
});

Allow Specific Emails

export const studioConfig = defineStudioConfig({
  auth,
  access: {
    allowEmails: [
      "[email protected]",
      "[email protected]"
    ],
  },
});

Combined Access Control

export const studioConfig = defineStudioConfig({
  auth,
  access: {
    roles: ["admin", "moderator"],
    allowEmails: ["[email protected]"],
    sessionDuration: 7200, // 2 hours
    secret: process.env.STUDIO_SECRET,
  },
});

Development vs Production

export const studioConfig = defineStudioConfig({
  auth,
  access: process.env.NODE_ENV === "production"
    ? {
        roles: ["admin"],
        secret: process.env.STUDIO_SECRET,
      }
    : {
        // More permissive in development
        roles: ["admin", "developer"],
      },
});

Security Considerations

Always restrict Studio access in production environments. Studio provides administrative access to user data, sessions, and system configuration.
  • Use roles or allowEmails to limit access to trusted users only
  • Set a custom secret in production using environment variables
  • Keep sessionDuration reasonable - shorter durations are more secure
  • Avoid hardcoding secrets - use environment variables instead

Build docs developers (and LLMs) love

Get started for freeTalk to us