whoami
whoami3y ago

Receiving JWT fields beyond what UserIdentity provides

Hi team, we tried to implement RLS with clerk provided auth fields, I wanted to know is there any plans extending auth.getUserIdentity() to receive fields other than what UserIdentity provides? Passing org_id to gender field sounds like a hack but I suppose there should be a better way? 
export const { withQueryRLS, withMutationRLS } = RowLevelSecurity<
  { auth: Auth; db: DatabaseReader },
  DataModel
>({
  chats: {
    read: async ({ auth }, chat) => {
      const identity = await auth.getUserIdentity()
      if (!identity) {
        throw new Error('Unauthenticated call to mutation')
      }
      const { gender: org } = identity
      return chat.org === org
    },
    modify: async ({ auth }, chat) => {
      const identity = await auth.getUserIdentity()
      if (!identity) {
        throw new Error('Unauthenticated call to mutation')
      }
      const { gender: org } = identity
      return chat.org === org
    },
  },
})
export const { withQueryRLS, withMutationRLS } = RowLevelSecurity<
  { auth: Auth; db: DatabaseReader },
  DataModel
>({
  chats: {
    read: async ({ auth }, chat) => {
      const identity = await auth.getUserIdentity()
      if (!identity) {
        throw new Error('Unauthenticated call to mutation')
      }
      const { gender: org } = identity
      return chat.org === org
    },
    modify: async ({ auth }, chat) => {
      const identity = await auth.getUserIdentity()
      if (!identity) {
        throw new Error('Unauthenticated call to mutation')
      }
      const { gender: org } = identity
      return chat.org === org
    },
  },
})
Also we've found that when passing whatever clerk values to address fields like address: {{org.id}} the auth will crash, not sure if there is any bug associated with clerk or convex.
2 Replies
Michal Srb
Michal Srb3y ago
Hey @whoami , for now we don't have the ability to pass through fields that are not part of the OpenID spec, but we might add this in the future. Your workaround looks good given the current limitations.
whoami
whoamiOP3y ago
Thanks Michal, maybe you can also take a look at the issue passing value to address field, it might be a bug on either convex or clerk, the auth will crash as long as I pass the address field in clerk's auth template

Did you find this page helpful?