I am in the process of trying to manage

I am in the process of trying to manage access tokens for a user across different providers. Wondering if anyone has already went through this process using

convex auth

convex auth

? Specifically, the process of storing the access tokens and refresh token flow. Currently, I have a process where the access token is just saved to the

users

users

table, but this is not a long term solution. I think I would have to probably store the tokens in the

authAccounts

authAccounts

table. If you have solved this issue or have a working solution, I am hoping for guidance on an approach I can take!

ballingt•12/9/24, 11:14 PM

Have you been through this account linking docs? https://labs.convex.dev/auth/advanced#account-linking

Advanced: Details - Convex Auth

Authentication library for your Convex backend

MezOP•12/9/24, 11:29 PM

Yes I did read that doc! So I understand the use of the callback. A topic I don't understand yet; how does decide what data about the account to save to the

authAccounts

authAccounts

table. If the access token & refresh token information is available, why doesn't it add to the document being saved? Is this responsibility designated to userland?

MezOP•12/9/24, 11:32 PM

fyi I did try to define the option in the Google provider as a test. My guess was this info would be what is store in the

authAccounts

authAccounts

table. So I updated the schema to added the new fields for the token info, but it didn't update them.

ballingt•12/9/24, 11:42 PM

how does convexAuth decide what data about the account to save to the authAccounts

It's always the same information: provider, providerAccountId, and userId. Here's the code:

https://github.com/get-convex/convex-auth/blob/10b4924e0b8e0a97d2130c01eaf02c8dd2b25fb6/src/server/implementation/users.ts#L184-L203

ballingt•12/9/24, 11:42 PM

@Mez What are you trying to do?

ballingt•12/9/24, 11:44 PM

If the access token & refresh token information is available, why doesn't it add to the document being saved?

Do you want to use this for something? refresh tokens go in a different table

ballingt•12/9/24, 11:45 PM

I am in the process of trying to manage access tokens for a user across different providers.

What does this mean, you want to have users with mutiple ways to sign in? that sounds like account liniking

MezOP•12/9/24, 11:46 PM

ah I see. thanks for linking the code!
My goal are the following:

I needed access token from different providers for things like making API requests and callback hooks etc.
Wanted to see if I can just use to handle that follow for me.

ballingt•12/9/24, 11:47 PM

Ah, got it! So the access token you get from Google, GitHub, etc. is one that you'd like to use on the server to make calls, so it's not just an identity token in the JWT, that token provides access to other resources too?

ballingt•12/9/24, 11:48 PM

This is not supported, it'd be a great think to write up in an issue on https://github.com/get-convex/convex-auth/issues

ballingt•12/9/24, 11:49 PM

These are pretty different kinds of tokens though

MezOP•12/9/24, 11:49 PM

something like this: https://clerk.com/docs/references/backend/user/get-user-oauth-access-token

JS Backend SDK: getUserOauthAccessToken()

Use Clerk's Backend SDK to retrieve the corresponding OAuth access token for a user.

ballingt•12/9/24, 11:49 PM

they'd need ot be refreshed differently

MezOP•12/9/24, 11:50 PM

yes, that brings me back to my post. I was hoping for guidance on how to handle this.

MezOP•12/9/24, 11:52 PM

Exactly, yes.

ballingt•12/9/24, 11:53 PM

deleted because I'm still trying to understand this

ballingt•12/9/24, 11:55 PM

ok that makes sense

ballingt•12/9/24, 11:56 PM

so the idea is the Convex Auth library is continuously refreshing the oauth token, or more likely does this on demand, whenever the server code needs this token

MezOP•12/9/24, 11:56 PM

Let's take google as an example.

I configure the provider with the following
This will return in the profile callback, token access and refresh token in the Tokenset
I want to have that token info saved in the
```
authAccounts
```
```
authAccounts
```
table.
it'll be my responsibility to make sure refreshing is happening I am guessing. Auth.js doesn't handle this.

ballingt•12/9/24, 11:58 PM

Cool! Yeah please open an issue, and include this specific information in the request, it's helpful

MezOP•12/9/24, 11:59 PM

OK! I'll move it to an issue on github.

ballingt•12/10/24, 12:09 AM

Just to understand the issue, is saving these on the users table a problem because you have too many different types to manage? Because you want help refreshing them? feel free to answer on the issue

MezOP•12/10/24, 12:11 AM

Ah yes that is the issue. It'll be a multiple providers and I'd keep adding them to the user table

MezOP•12/10/24, 12:12 AM

when authAccounts table was made for this purpose

MezOP•12/10/24, 12:12 AM

https://github.com/get-convex/convex-auth/issues/135

GitHub

convexAuth handling of Access Token and Refresh Token · Issue #135 ...

TL;DR version is asking if we can get convexAuth to support something like this: https://clerk.com/docs/references/backend/user/get-user-oauth-access-token I am currently using convexAuth for user ...