12 replies

How OIDC with Convex Auth works with HTTP actions endpoints

So when using convex auth, the authorization URL is the convex site URL available via

CONVEX_SITE_URL

CONVEX_SITE_URL

system environment variable. From what I understand, specific endpoints defined by the OpenID spec are expected on such domain/URL (to conform to the spec). Examples of such endpoints are the

/token

/token

and the

/authorize

/authorize

. However, this same

CONVEX_SITE_URL

CONVEX_SITE_URL

is used for HTTP actions, such that if I have an HTTP action at

convex/token.ts

convex/token.ts

, then the action is accessible by

${CONVEX_SITE_URL}/token

${CONVEX_SITE_URL}/token

(assuming I have it configured to work that way).

Does this not conflict with the /token to be used for auth by convex auth as required by the OpenID spec?

How OIDC with Convex Auth works with HTTP actions endpoints

Similar Threads