@suluk/better-auth - v0.2.0
    Preparing search index...

    Function principalFromSession

    • Extract a { scopes } principal from a Better Auth session. Null/undefined session ⇒ anonymous (no scopes). Beyond the user/apiKey scopes, it encodes MFA + org state AS scopes (Phase 1): a 2FA-cleared session gains mfa:verified, and each org membership contributes org:<id>:<scope> (explicit + role-mapped) — so a route gates 2FA/tenancy through the same scope check enforceAccess already does, no richer Principal type required.

      Parameters

      Returns Principal