Clerk auth session in Convex functions
i know i can get user object like this by configuring
auth.config.ts
and in httpActions
but how to get clerk active session in any function or httpAction ?26 Replies
I have successfully implemented web push notifications, and they are working perfectly. However, I am receiving notifications on devices that are subscribed but signed out. To address this, I can utilize active user sessions to determine which devices the user is currently signed in to and has not signed out of. I can achieve this by checking the session status, specifically looking for session.status === 'active'. I have stored the active session ID alongside the PushSubscription in my database, which enables me to perform this check
Hi have you tried the #ask-ai channel? Also a lot of Developers using Convex are having great success with Cursor.
@Wayne ai said use convex auth
And its very simple with convex auth if it store user session in db alongside at which device user is currently signned in and if user is not signedout either session has been expired or not
@M Zeeshan
but how to get clerk active session in any function or httpAction ?I think the clerk active session would only be available if you pass the JWT or the cookie into the function you are calling. Then you can use the Clerk SDK in the Convex action to get it.
Is it possible..?
How…?
i dont need active session. I want all sessions related to user as clerk store them
I don't understand your setup, are you using Clerk? Are you getting webhook notifications and storing these in teh Convex DB?
Does the Clerk SDK allow fetching these?
Yrp
Yep
But i need token auth token
Do you have the Clerk SDK set up in COnvex so you can make calls to it from Convex actions?
Got it, and this isn't in the request path, so you can't send the JWT or cookie in from the browser?
I dont need clerk setup as clerk provides direct api routes for all purposes but i must provide with bearer token that convex functions have as convex verify this token by sending request to issuer domain
In addition to the configured convex.setAuth(), can you send in the JWT along with the Convex action you call from the client?
This JWT is not currently exposed, you can't ask for with
auth.getJWT()
or similar — that's a feature request that makes sense but that we need to think about re securityYeah i send clerk session.getToken() which returns the active session token to http actions
Ah you're already sending it as an argument to the Convex function your'e calling?
Yeah as bearer token
But i need it in internalAction not http action
You'll have to pass it along, how is the internalAction called?
InternalActions gets scheduled and called after 10 seconds on mutation
Maybe i can use custom query builder to pass auth token as args coz convex client already send it to for getUserIdentitiy to work
Yeah or just send it as an argument
Does it break security by Sending as agr
Coz by default convex double check token by send request to issuer as configured in auth.config.ts
I think i must request feature as convex has verified auth token it can give au as arg
Makes sense
The security of these two is pretty much the same, in both cases you'll have access to it from a Convex function
and seems fine for both
I think I should pass token as arg and use it without any verification as request was made from authenticated vomponent
that makes sense, at least with the token that was current at the time the function was called. Maybe also with the new refreshed token, but in a scheduled function it's hard to know which WebSocket connection you're talking about
Does convex auth store user session in db?
If it is, does convex keeps track of at which device user is currently logged and if user is not logged in either session has been expired or not
Each live WebSocket connection can have a JWT, which needs to be checked every time a query is re-evaluated for that connection.
Beyond that, no Convex has no notion of "users" by default, just which JWT was sent in over which WebSocket connection, whether it's valid, and when it expires
Oh if you mean Convex Auth the library in beta for running auth on your Convex backend https://labs.convex.dev/auth, yeah it does this
Does convex auth store user session in db?Convex Auth is a library that adds users, sessions, etc.
@ballingt I got solution
I will send current auth token as arg, request clerk backend for all user sessions if it throws unauthenticated i can refresh token by creating new token directly in convex internalAction by requesting clerk backend with private key
@ballingt thank you!
@ballingt @Wayne
My bad. I didn’t read carefully in clerk docs.
I dont need auth token to get all sessions instead i need bearer token with clerk private key
And its very simple i can send web push notifications to only sessions which are currently active its mean they didn’t signed out and are fresh
its mean i dont need to worry about auth token expiration at all ❤️
clerk endpoint
https://api.clerk.com/v1/sessions
Nice, thanks for the update for others!