Auth token is not a valid JWT, cannot refetch the token on upgrade from Convex 1.15 -> 1.16.3
40 Replies
Thanks for posting in <#1088161997662724167>.
Reminder: If you have a Convex Pro account, use the Convex Dashboard to file support tickets.
- Provide context: What are you trying to achieve, what is the end-user interaction, what are you seeing? (full error message, command output, etc.)
- Use search.convex.dev to search Docs, Stack, and Discord all at once.
- Additionally, you can post your questions in the Convex Community's <#1228095053885476985> channel to receive a response from AI.
- Avoid tagging staff unless specifically instructed.
Thank you!
I suspect that https://github.com/get-convex/convex-js/commit/cfcf79c8efb383957d23370ecd23adeddb0f094a might've unintentionally broken things here.
Curious if you're able to grab your JWT (in a browser you can inspect local storage / cookies, in React Native you can add some log lines in the storage getters / setters) and pass it in to https://jwt.io/#debugger-io and see if there's anything surprising there.
But also skimming some of the issues in the jwt-decode library looks like there could be some bundling issues / import issues, so I will also try and reproduce this
GitHub
Upgrade jwt-decode dependency (#29870) · get-convex/convex-js@cfcf79c
GitOrigin-RevId: 800ce33e1d031d8a3c7a1d942e269318817fd23e
JWT.IO
JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
(cc @adam )
Oh if this is React Native, looks like https://github.com/auth0/jwt-decode/issues/241 is relevant -- if you're on a react native version before
0.74 I believe the updated version of jwt-decode needs a polyfill (or a bump to react native 0.74)GitHub
v4.0.0 React Native support - property atob doesn't exist · Issue #...
Checklist I have looked into the Readme and have not found a suitable solution or answer. I have searched the issues and have not found a suitable solution or answer. I have searched the Auth0 Comm...
Great, thank you @sshader. I'll try with an updated version of React Native in the coming weeks.
@sshader I can confirm the same issue after upgrading Convex from
1.16.0 to 1.16.4. I also updated @convex-dev/authfrom 0.0.67 to 0.0.71.
My React Native version is 0.74.5 and I am still getting the same error:
Auth token is not a valid JWT, cannot refetch the token
The authentication as such is seemingly working fine, it is just throwing this error and I cannot debug it, where exactly is happening.
(cc: @adam)On 1.16.4, if you can turn on verbose logs for your client, (
new ConvexReactClient(<url>, { verbose: true })), it should now print the error message to the console now.
I'd also love to see what the decoded JWT (via https://jwt.io/#debugger-io) looks like in case there's something in particular that this library doesn't handle well.JWT.IO
JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
For instance, here's one of my JWTs decoded that seems to work fine even with React Native
Hi @sshader I have turned on the verbose logging and this is what I'm getting now in my console logs (see screenshot):
Error decoding token: 0, require(_dependencyMap[3], "jwt-decode").jwtDecode is not a function (it is undefined) [v5]
ERROR Auth token is not a valid JWT, cannot refetch the token
The tool from the website is saying that the token has an invalid signature - see screenshot.
The authentication (signing in) is seemingly working fine. It's only that this error is being thrown every time.
@sshader perhaps any update on this issue?
So workaround for now is using Convex 1.16.0 (or earlier). Seems like us bumping the version of
jwt-decode broke something (https://github.com/auth0/jwt-decode/issues/140 sounds similar but doesn't really include a fix) so we'll probably undo that and push a new release soonGitHub
jwtDecode is not a function · Issue #140 · auth0/jwt-decode
Please do not report security vulnerabilities here. The Responsible Disclosure Program details the procedure for disclosing security issues. Thank you in advance for helping us to improve this libr...
Ok, thank you for the update! 🙏
At least the issue is known and is going to be fixed in the future
Hi, facing the same problem as of now
(NOBRIDGE) DEBUG 2025-01-19T21:07:05.608Z Error decoding token: 0, import_jwt_decode.default is not a function (it is Object) [v2]
(NOBRIDGE) ERROR Auth token is not a valid JWT, cannot refetch the token
GitHub
jwtDecode is not a function · Issue #140 · auth0/jwt-decode
Please do not report security vulnerabilities here. The Responsible Disclosure Program details the procedure for disclosing security issues. Thank you in advance for helping us to improve this libr...
What version of
jwt-decode do you have installed?
im not importing jwt decode directly so solutions here don't apply
You could try overriding https://docs.npmjs.com/cli/v9/configuring-npm/package-json#overrides the version that a dependency uses, but it sounds like there's an issue here
@AlphaOmega are you using Convex Auth?
yes, hence me not calling jwt-decode directly, i got the version from node_modules
We moved back to pre-4.0.0 being the supported version of jwt-decode for convex a while ago https://github.com/get-convex/convex-js/blob/main/package.json#L237
so this is not a supported configuration to use 4.0 or greater
but if there's something that makes it difficult to use <4 we can look into it
What package manager, it must be using the same version of jwt-decode for Convx Auth and for convex
Yes I saw that and updated my packages to latest version but it still installed ver. 4.0 for jwt-decode
despite convex requiring
"jwt-decode": "^3.1.2", and Convex Auth requiring "jwt-decode": "^3.1.2",let me check if I have something else forcing that
you have it in
yeah
@convex-dev/auth requires 4 and convex requires 3
typically package manager manage this by sticking these in node_modules/@convex-dev/auth/node_modules/jwt-decode and node_modules/convex/node_modules/jwt-decode
what package manager are you using?bun
sounds like https://github.com/oven-sh/bun/issues/6850
it has done that though as i can see convex/node_modules/jwt-decode ver 3.1.2, but the /auth package has no node_modules and the root node_module has jwt-decode ver 4.0
huh yeah that sounds right
ok let me install it using npm and ill get back to you
You might try installing from scratch wiht bun (removing lockfile and node_modules) too, it's possible it's a path-dependent thing
ill stick with npm if it fixes this, ive tried to do that previously with bun and have had the same error come up again and again
Also what's the framework/bundler you're using where you have this issue? Could be bun does this fine for its own module resolution but when combined with that bundler the behavior doesn't work out
im getting this error in a turbo repo monorepo, specifically inside a expo app
might be this to, turborepo has no support for bun yet
gotcha, cool I wonder about the expo part too, expo has its own bundler and module resolution
with npm install, instead of the 4.0 version being in the root node_modules, i have the 3.1.2 and iinstead of convex having the node_modules with the specific jwt-decode version in it, now convex-auth does
which is not what I expected
I'd think that either way would work, but apparently I'm wrong
im opening up the app and Ill see if i still get the error
yeah it would make sense
ok we won't change anything for now, but noted that if we can it's helpful for these to match when possible to account for issues like this
still getting it, I think you guys should prioritize getting shared libraries up to the same version so such issues dont arise
still getting this with npm-installed libraries? Ok yeah sounds like an issue
could you file this at https://github.com/get-convex/convex-auth with a repro, or rough steps for creating a repro?