fawwaz
fawwazโ€ข16mo ago

getting user currently active organization and metadata with clerk auth?

Hello all ๐Ÿ‘‹ , I tried to follow the documentations to setup clerk with convex and got it working, however, the token data doesn't not include currently active organization nor the user metadata. is there is a working example on how to do that?
9 Replies
jamwt
jamwtโ€ข16mo ago
hey @fawwaz . a few others have run into this before, and have solved this using clerk webhooks to get richer data syncing between clerk and convex. @Michal Srb has done a ton of great work on the convex <-> clerk bridge. he might remember more about this or remember a link to some sample somewhere I can't seem to find it right now I know some of our customers have done this
sshader
sshaderโ€ข16mo ago
https://www.convex.dev/templates/clerk might be what you're thinking of?
Templates
The backend application platform with everything you need to build your product.
jamwt
jamwtโ€ข16mo ago
GitHub
convex-clerk-users-table/convex/http.ts at main ยท thomasballinger/c...
Contribute to thomasballinger/convex-clerk-users-table development by creating an account on GitHub.
fawwaz
fawwazOPโ€ข16mo ago
Thanks guys will check it out ๐Ÿ™‚ hey @jamwt so the enriching our convex db through a web-hooks went a long way, but there is still one issue that I'm not sure about. a Single user could belong to multiple organizations but when a user where make a request we need to know what organization is currently active for that user. According to clerk the easiest way to handle this is to customize the session toke to include the orgId claim. However, doing doesn't seem to change the return shape from ctx.auth.getUserIdentity(), WDYT?
Michal Srb
Michal Srbโ€ข16mo ago
Hey @fawwaz , you'll need to stick the org id in one of the valid OpenID Connect claims, which are listed here: https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims I think some folks used the "gender" claim, for example.
Final: OpenID Connect Core 1.0 incorporating errata set 1
OpenID Connect Core 1.0 incorporating errata set 1
fawwaz
fawwazOPโ€ข16mo ago
but I think I did that already through the clerk dashboard, but the return value from ctx.auth.getUserIdentity() doesn't reflect that, am I doing it wrong?
{
tokenIdentifier: '...',
issuer: 'https://lasting-stork-48.clerk.accounts.dev',
subject: '...',
name: 'Fawwaz Alharbi',
givenName: 'Fawwaz',
familyName: 'Alharbi',
pictureUrl: '...',
email: '...',
emailVerified: true,
phoneNumberVerified: false,
updatedAt: '2023-09-09T14:55:53+00:00'
}
{
tokenIdentifier: '...',
issuer: 'https://lasting-stork-48.clerk.accounts.dev',
subject: '...',
name: 'Fawwaz Alharbi',
givenName: 'Fawwaz',
familyName: 'Alharbi',
pictureUrl: '...',
email: '...',
emailVerified: true,
phoneNumberVerified: false,
updatedAt: '2023-09-09T14:55:53+00:00'
}
No description
Michal Srb
Michal Srbโ€ข16mo ago
You want
{
"gender": "{{org.id}}"
}
{
"gender": "{{org.id}}"
}
The left side is the Claim name, and that one needs to be one of the ones I linked (this is a current Convex limitation). You also probably want to leave the other claims in the template, and make sure to hit SAVE on the Clerk dashboard, otherwise the template doesn't update.
fawwaz
fawwazOPโ€ข16mo ago
ohhh, I see what you mean, thanks @Michal Srb , but I think for now I'll require the frontend to send the orgId and verify on the backend,
Michal Srb
Michal Srbโ€ข5mo ago
Custom claims are now supported with convex@1.14.0

Did you find this page helpful?