Auth token is not a valid JWT, cannot refetch the token on upgrade from Convex 1.15 -> 1.16.3
13 Replies
Thanks for posting in <#1088161997662724167>.
Reminder: If you have a Convex Pro account, use the Convex Dashboard to file support tickets.
- Provide context: What are you trying to achieve, what is the end-user interaction, what are you seeing? (full error message, command output, etc.)
- Use search.convex.dev to search Docs, Stack, and Discord all at once.
- Additionally, you can post your questions in the Convex Community's <#1228095053885476985> channel to receive a response from AI.
- Avoid tagging staff unless specifically instructed.
Thank you!
I suspect that https://github.com/get-convex/convex-js/commit/cfcf79c8efb383957d23370ecd23adeddb0f094a might've unintentionally broken things here.
Curious if you're able to grab your JWT (in a browser you can inspect local storage / cookies, in React Native you can add some log lines in the storage getters / setters) and pass it in to https://jwt.io/#debugger-io and see if there's anything surprising there.
But also skimming some of the issues in the jwt-decode library looks like there could be some bundling issues / import issues, so I will also try and reproduce this
GitHub
Upgrade jwt-decode dependency (#29870) · get-convex/convex-js@cfcf79c
GitOrigin-RevId: 800ce33e1d031d8a3c7a1d942e269318817fd23e
JWT.IO
JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
(cc @adam )
Oh if this is React Native, looks like https://github.com/auth0/jwt-decode/issues/241 is relevant -- if you're on a react native version before
0.74 I believe the updated version of jwt-decode needs a polyfill (or a bump to react native 0.74)GitHub
v4.0.0 React Native support - property atob doesn't exist · Issue #...
Checklist I have looked into the Readme and have not found a suitable solution or answer. I have searched the issues and have not found a suitable solution or answer. I have searched the Auth0 Comm...
Great, thank you @sshader. I'll try with an updated version of React Native in the coming weeks.
@sshader I can confirm the same issue after upgrading Convex from
1.16.0 to 1.16.4. I also updated @convex-dev/authfrom 0.0.67 to 0.0.71.
My React Native version is 0.74.5 and I am still getting the same error:
Auth token is not a valid JWT, cannot refetch the token
The authentication as such is seemingly working fine, it is just throwing this error and I cannot debug it, where exactly is happening.
(cc: @adam)On 1.16.4, if you can turn on verbose logs for your client, (
new ConvexReactClient(<url>, { verbose: true })), it should now print the error message to the console now.
I'd also love to see what the decoded JWT (via https://jwt.io/#debugger-io) looks like in case there's something in particular that this library doesn't handle well.JWT.IO
JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
For instance, here's one of my JWTs decoded that seems to work fine even with React Native
Hi @sshader I have turned on the verbose logging and this is what I'm getting now in my console logs (see screenshot):
Error decoding token: 0, require(_dependencyMap[3], "jwt-decode").jwtDecode is not a function (it is undefined) [v5]
ERROR Auth token is not a valid JWT, cannot refetch the token
The tool from the website is saying that the token has an invalid signature - see screenshot.
The authentication (signing in) is seemingly working fine. It's only that this error is being thrown every time.
@sshader perhaps any update on this issue?
So workaround for now is using Convex 1.16.0 (or earlier). Seems like us bumping the version of
jwt-decode broke something (https://github.com/auth0/jwt-decode/issues/140 sounds similar but doesn't really include a fix) so we'll probably undo that and push a new release soonGitHub
jwtDecode is not a function · Issue #140 · auth0/jwt-decode
Please do not report security vulnerabilities here. The Responsible Disclosure Program details the procedure for disclosing security issues. Thank you in advance for helping us to improve this libr...
Ok, thank you for the update! 🙏
At least the issue is known and is going to be fixed in the future