Questions about Convex Auth
- If I want to add a
name field and customize the name of the user that gets authenticated, how do I do that? Is that via the createOrUpdateUser callback function?
- If I want to provide email/password sign up but you still need to click the confirmation link upon signing up (not when logging in again with email/password) how do I implement this? I see that email/password seems quite straight forward (https://labs.convex.dev/auth/config/passwords#email--password-setup), but how can I implement a mechanism to say "isVerified" in the database for each user to determine whether they've verified their email upon signing up?Passwords - Convex Auth
Relations, default values, unique fields and more for Convex
25 Replies
I'm gonna add my notes in here too
redirect happens via
redirectTo:
β Weird. Seems like
redirect of callback should return an array of strings instead?
For adding name, which authentication methods do you want to use?
Email verification for email+password is documented lower on the page you linked, and is all built-in.
redirectTo is important because you might want to redirect to different dynamic URL determined at runtime.
- If user is authenticated, but not verified, how do I check that in the app?
- I don't want to send OTP code.
Thereβs emailVerificationTime field on the users table
Do you want to send a magic link instead?
Should it not be different here? π€
- One for signing in with password, getting authenticated, then the second one is the same?
Yeah; the arguments are different.
I think that would be the simpler approach, which we'll go with if we can't get this to work.
but I was thinking
- email/password approach
- get verification email
- when you come back to the app, email/password authentication
The verification email has to be either magic link or otp
Otherwise you donβt know the user owns the email address, right?
simpler because you can just do magic link every time the person auth
if there, simply login
if first time, create the user
which i assume you handle for us
although we still need to set the name in that case, i guess we can use the
createOrUpdateUser callback function
Yes, it would then be magic link
indeed
email/pass
and ending it off with a magic link
would we then do signin with "resend" as the second stepsimilar to this one
Ok, magic link is doable, the docs might cover it a bit, you need some routing and custom link so your app handles it correctly.
Iβd start with OTP and then swap for magic link later
Why is profile typed as
any when configuring it in the google provider?
I'm not getting the name in the profile inside the callback function
i want first and last name, compose that to create full name for user as
name field on the user's docThe docs cover it here https://labs.convex.dev/auth/config/email
- if sign up, we'll create user with email/pass then send this email, is that possible?
so first we do
signIn("password") and then we do signIn("resend")Magic Links - Convex Auth
Relations, default values, unique fields and more for Convex
that's how im thinking about it
so if
emailVerificationTime is there, it means verification is done, if undefined, it means not verified yet?do i need to do this? π€
get google profile and annotate it
seems like it
even for the apple one
which is also different
as for knowing if some1 has verified
i can use emailVerified i think and have a isUserVerified field on the user
emailVerified is also a boolean, so yeah thatshould work
when youve time @Michal Srb
would appreciate if you could confirm some of the points above or if my understanding is incorrect β€οΈOAuth:
1. You have to extract fields vis the profile method, then theyβll be available in createOrUpdateUser. If you donβt override createOrUpdareUser the result of profile() is automatically inserted into the users table.
The builtin Password provider already supports immediate email verification. If requiring email verification on sign up is ok for you, Iβd use that. No need to provide custom createOrUpdateUser.
No need to provide custom createOrUpdateUser.im gonna have to see this in action, not sure but if i wanna check on the server or client whether user is email verified, how do i do that? so if i do the "resend" method how do i check if a user has verified their email also this will only happen on sign up to be clear 1. sign up 2. sign in with password 3. we call the resend method programmatically after the sign in method with password is through successfully
Might be easier if you give it a try π
Will do πβ€οΈ