Get help on Discord

Discussion about a 403 error when creating a user in NextAuth Sanity example

13 replies
Last updated: Sep 19, 2022
Hello! I am currently working through the "NextAuth Sanity" example on the website. When creating a user, I am receiving a network 403 error "ClientError: the mutation(s) failed: Insufficient permissions; permission "create" required". Is this because I am using the free version which doesn't include "Custom Access Control"? The token I created has editor permissions.
AI Update

The 403 "Insufficient permissions" error you're experiencing is not related to being on the free plan. The free plan does include basic access control - Custom Roles (the Enterprise feature mentioned in the Custom Roles documentation) is only needed for advanced, granular permissions using GROQ filters.

Your issue is likely related to one of these common causes:

1. Token permissions not matching dataset Make sure your API token has Editor permissions specifically for the dataset you're trying to write to. When you create a token, you need to ensure it's granted permissions for the correct dataset (usually "production" by default).

2. Dataset privacy settings If your dataset is set to "private," you need to ensure your token is properly authenticated. Check your Sanity client configuration - it should include your token with write permissions:

const client = sanityClient({
  projectId: 'your-project-id',
  dataset: 'your-dataset',
  token: 'your-token-with-editor-permissions',
  useCdn: false, // Important: CDN doesn't support authenticated requests
  apiVersion: '2024-01-01'
})

3. Token not included in the request In NextAuth examples, make sure the Sanity client being used for mutations actually includes your token. Sometimes the client is instantiated without the token, or a different client instance is used for reads vs writes.

4. CORS settings While this typically gives a different error, verify your CORS origins are configured correctly in your Sanity project settings at sanity.io/manage.

To debug, check:

  • Go to sanity.io/manage → your project → API settings
  • Verify your token exists and has "Editor" role for the correct dataset
  • Confirm the dataset name matches what's in your code
  • Make sure useCdn: false in your client configuration when performing mutations

The Editor role on any plan (including free) should absolutely allow document creation, so this is a configuration issue rather than a plan limitation.

No if you use our user roles, you should be fine... It looks like you're not using a 
read/write
token in you client setup for this. Could you check
manage.sanity.io and your next as well as sanity setups for the tokens? From what I can gleam this might be the issue
Thank you for your reply! I can confirm that I am using an API Token with editor privileges. I started with the "Next Blog with Comments" template deployed to Vercel. I am able to create comments, so it appears the token is working. Could you suggest another area I might look into?
Could you still check which kinds of permissions you set in manage.sanity.io since it seems it has more to do with 
roles
then token themselves...
I'm sorry, I don't understand where to look. The 3 default roles appear under the "Access" tab, but they all contain a message that states "This is a system default role and cannot be edited". Is there a different area I should be looking at?
I'm sorry, I don't understand where to look. The 3 default roles appear under the "Access" tab, but they all contain a message that states "This is a system default role and cannot be edited". Is there a different area I should be looking at?
I really think we need more information from you around your setup or where this error message is occurring and when ... My only blind guess I could do without more was token and roles.Please give us a bit more so we can help.
And ps: you as a free user can use every sanity feature but some extra bling bling and to a certain limit, so you don't have to worry about us limiting your work
😇 we love every user we have, paying or not, which you might gleem from this community. Who pays gets some extra wonderful things on top, but Sanity is for every purse and everyone ❤️
Thank you for your help! I started the project with the Next Blog starter deployed to Vercel, (which is working correctly). I then added the NextAuth Sanity plugin that I found on the Sanity website. I created the Schemas and API routes as directed on the plugin page. The 403 error appears in the console when submitting the form on the signup route. I haven't made any modifications other than adding the plugin, because I wanted to test the Auth functionality first before building the project. Please let me know if I can provide any other information. I appreciate your help.
You you please provide your API & form code as well as schemas? This could also be an issue with wrong data construction or so much more 🙏
I started again with a fresh install and recreated my steps. I am still getting the same error when submitting the sign up form. I created a public repo with the only commit showing the changes I made to the starter template. I also copied the network error to a text file in the root folder.

https://github.com/edavis211/next-auth-test
I really appreciate you taking the time to look at this. I wasn't expecting this level of help when I started the thread. So I just wanted you I am grateful for any insight you are able to provide.
And what a wonderful profile pic! 🙂 I will have a look
Hey
user Q
! Is it possible that your token is not getting picked up? That's usually the culprit in these situations.
Yep! The default sanity.js file from the Blog Starter Template was only passing along the token when preview mode was active. I moved it to the default config object and that solved the issue. It is now working perfectly! Thank you for the advice!
Fantastic!

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?