M Zeeshan
M Zeeshan4mo ago

Clerk auth session in Convex functions

i know i can get user object like this by configuring auth.config.ts
const user = await ctx.auth.getUserIdentity();
const user = await ctx.auth.getUserIdentity();
and in httpActions
await fetch(url, {
headers: {
Authorization: `Bearer ${token}`,
},
});
await fetch(url, {
headers: {
Authorization: `Bearer ${token}`,
},
});
but how to get clerk active session in any function or httpAction ?
26 Replies
M Zeeshan
M ZeeshanOP4mo ago
I have successfully implemented web push notifications, and they are working perfectly. However, I am receiving notifications on devices that are subscribed but signed out. To address this, I can utilize active user sessions to determine which devices the user is currently signed in to and has not signed out of. I can achieve this by checking the session status, specifically looking for session.status === 'active'. I have stored the active session ID alongside the PushSubscription in my database, which enables me to perform this check
Wayne
Wayne4mo ago
Hi have you tried the #ask-ai channel? Also a lot of Developers using Convex are having great success with Cursor.
M Zeeshan
M ZeeshanOP4mo ago
@Wayne ai said use convex auth And its very simple with convex auth if it store user session in db alongside at which device user is currently signned in and if user is not signedout either session has been expired or not
ballingt
ballingt4mo ago
@M Zeeshan
but how to get clerk active session in any function or httpAction ?
I think the clerk active session would only be available if you pass the JWT or the cookie into the function you are calling. Then you can use the Clerk SDK in the Convex action to get it.
M Zeeshan
M ZeeshanOP4mo ago
Is it possible..? How…? i dont need active session. I want all sessions related to user as clerk store them
ballingt
ballingt4mo ago
I don't understand your setup, are you using Clerk? Are you getting webhook notifications and storing these in teh Convex DB? Does the Clerk SDK allow fetching these?
M Zeeshan
M ZeeshanOP4mo ago
Yrp Yep But i need token auth token
ballingt
ballingt4mo ago
Do you have the Clerk SDK set up in COnvex so you can make calls to it from Convex actions? Got it, and this isn't in the request path, so you can't send the JWT or cookie in from the browser?
M Zeeshan
M ZeeshanOP4mo ago
I dont need clerk setup as clerk provides direct api routes for all purposes but i must provide with bearer token that convex functions have as convex verify this token by sending request to issuer domain
ballingt
ballingt4mo ago
In addition to the configured convex.setAuth(), can you send in the JWT along with the Convex action you call from the client? This JWT is not currently exposed, you can't ask for with auth.getJWT() or similar — that's a feature request that makes sense but that we need to think about re security
M Zeeshan
M ZeeshanOP4mo ago
Yeah i send clerk session.getToken() which returns the active session token to http actions
ballingt
ballingt4mo ago
Ah you're already sending it as an argument to the Convex function your'e calling?
M Zeeshan
M ZeeshanOP4mo ago
Yeah as bearer token But i need it in internalAction not http action
ballingt
ballingt4mo ago
You'll have to pass it along, how is the internalAction called?
M Zeeshan
M ZeeshanOP4mo ago
InternalActions gets scheduled and called after 10 seconds on mutation Maybe i can use custom query builder to pass auth token as args coz convex client already send it to for getUserIdentitiy to work
ballingt
ballingt4mo ago
Yeah or just send it as an argument
M Zeeshan
M ZeeshanOP4mo ago
Does it break security by Sending as agr Coz by default convex double check token by send request to issuer as configured in auth.config.ts I think i must request feature as convex has verified auth token it can give au as arg
ballingt
ballingt4mo ago
Makes sense The security of these two is pretty much the same, in both cases you'll have access to it from a Convex function and seems fine for both
M Zeeshan
M ZeeshanOP4mo ago
I think I should pass token as arg and use it without any verification as request was made from authenticated vomponent
ballingt
ballingt4mo ago
that makes sense, at least with the token that was current at the time the function was called. Maybe also with the new refreshed token, but in a scheduled function it's hard to know which WebSocket connection you're talking about
M Zeeshan
M ZeeshanOP4mo ago
Does convex auth store user session in db? If it is, does convex keeps track of at which device user is currently logged and if user is not logged in either session has been expired or not
ballingt
ballingt4mo ago
Each live WebSocket connection can have a JWT, which needs to be checked every time a query is re-evaluated for that connection. Beyond that, no Convex has no notion of "users" by default, just which JWT was sent in over which WebSocket connection, whether it's valid, and when it expires Oh if you mean Convex Auth the library in beta for running auth on your Convex backend https://labs.convex.dev/auth, yeah it does this
Does convex auth store user session in db?
Convex Auth is a library that adds users, sessions, etc.
M Zeeshan
M ZeeshanOP4mo ago
@ballingt I got solution I will send current auth token as arg, request clerk backend for all user sessions if it throws unauthenticated i can refresh token by creating new token directly in convex internalAction by requesting clerk backend with private key
Wayne
Wayne4mo ago
@ballingt thank you!
M Zeeshan
M ZeeshanOP4mo ago
@ballingt @Wayne My bad. I didn’t read carefully in clerk docs. I dont need auth token to get all sessions instead i need bearer token with clerk private key And its very simple i can send web push notifications to only sessions which are currently active its mean they didn’t signed out and are fresh its mean i dont need to worry about auth token expiration at all ❤️ clerk endpoint https://api.clerk.com/v1/sessions
ballingt
ballingt4mo ago
Nice, thanks for the update for others!

Did you find this page helpful?