What's the name of the cookie used by Convex Auth?
I would like to know what name convex auth uses to keep track of session tokens. I like knowing how tools I use work so I can make modifications at any time. By logging into
https://labs.convex.dev/auth-example
, I noticed that login state works even when there are no cookies, and later found out that Convex auth uses localStorage by default unless when using @convex-dev/auth/nextjs
. Anyways, I have something like the ff in localStorage:
1- Is there a documentation for the exact names used for the tokens similar to what Clerk has here: https://clerk.com/docs/deployments/clerk-cookies#strictly-necessary-application-cookies. It is always good to know about the magic done by the library, since I might want to read them and pass them around myself somewhere especially on the server. I know there are certain utilities for Next.js, but I still want to know. (Also, even though the chances of collision with my own set cookie/localstorage values is extremely low, it's not zero.) From the sample above, it's evident that the string is built from the cloud URL with some prefix.
2- Is there a documentation for how to verify such tokens manually similar to what clerk has here https://clerk.com/docs/backend-requests/handling/manual-jwt.
3- Are these names the same for localstorage and cookies (guess this can be answered by 1 above).3 Replies
These docs will improve some but for now your best bet is the code https://github.com/get-convex/convex-auth
GitHub
GitHub - get-convex/convex-auth: Library for built-in auth
Library for built-in auth. Contribute to get-convex/convex-auth development by creating an account on GitHub.
It's great to hear specific things to document, I'll put them on this list!
Thanks. Personally, I would like to see the following in the docs:
- How the keys used for storage are determined, and how to use them to read tokens manually from their storage source without the library. (Also, the list of the keys)
- How to manually validate tokens directly read from the source.
- More notes on the configuration of cookies (when cookies are used) e.g. what are the values for
samesite
, domain
, and other necessary ones for the cookies used.