2 replies

Receiving JWT fields beyond what UserIdentity provides

Hi team, we tried to implement RLS with clerk provided auth fields, I wanted to know is there any plans extending

auth.getUserIdentity()

auth.getUserIdentity()

to receive fields other than what

UserIdentity

UserIdentity

provides? Passing

org_id

org_id

gender

gender

field sounds like a hack but I suppose there should be a better way?

export const { withQueryRLS, withMutationRLS } = RowLevelSecurity<
  { auth: Auth; db: DatabaseReader },
  DataModel
>({
  chats: {
    read: async ({ auth }, chat) => {
      const identity = await auth.getUserIdentity()
      if (!identity) {
        throw new Error('Unauthenticated call to mutation')
      }
      const { gender: org } = identity
      return chat.org === org
    },
    modify: async ({ auth }, chat) => {
      const identity = await auth.getUserIdentity()
      if (!identity) {
        throw new Error('Unauthenticated call to mutation')
      }
      const { gender: org } = identity
      return chat.org === org
    },
  },
})

export const { withQueryRLS, withMutationRLS } = RowLevelSecurity<
  { auth: Auth; db: DatabaseReader },
  DataModel
>({
  chats: {
    read: async ({ auth }, chat) => {
      const identity = await auth.getUserIdentity()
      if (!identity) {
        throw new Error('Unauthenticated call to mutation')
      }
      const { gender: org } = identity
      return chat.org === org
    },
    modify: async ({ auth }, chat) => {
      const identity = await auth.getUserIdentity()
      if (!identity) {
        throw new Error('Unauthenticated call to mutation')
      }
      const { gender: org } = identity
      return chat.org === org
    },
  },
})

Also we've found that when passing whatever clerk values to

address

address

fields like

address: {{org.id}}

address: {{org.id}}

the auth will crash, not sure if there is any bug associated with clerk or convex.

Receiving JWT fields beyond what UserIdentity provides

Similar Threads