Convex Auth + OAuth + Tauri
I'm hoping to integrate Convex into a desktop app I'm building with Tauri, so it has a frontend written in React but bundled with a rust foundation that manages the webview. I would love to also be able to use Convex Auth, it looks so simple and elegant, but I need to have OAuth support. The problem is that, it being a bundled desktop app and not a web app, it doesn't have an address so I can't redirect in-place and then provide a URL to navigate back to the app. I have a working OAuth flow that opens the auth URL in a new browser window and starts a small localhost server to handle the callback, but I don't know how to replicate this with convex auth. Is it possible to configure the OAuth flow like this, or do I need to look into a different auth integration?
5 Replies
The final state of a Convex Auth login is a token that keeps refreshing via fetch requests, so if you can get to that state you'd be good.
You might look at the React Native flow which has similar restrictions
This isn't a supported use case though, I don't know of anyone who has done this yet.
The React Native flow looks very much like what I’m looking for in a working Tauri flow. Unfortunately It seems like that flow hinges on the
signIn method not performing the redirect if window.location is undefined, not under my control
But I think it would be trivial to add an optional parameter to the signIn method to put that behavior under manual control
do you think that’d be reasonable? I’d be happy to make a PRI'm working on this; The auth story for tauri is quite barebones in general. You can't use the standard convex auth context provider as it uses cookies and so on, so you must handle the entire flow on the rust side, including storing the tokens and providing it to the frontend. You can do that with a custom auth provider, there is a section in the docs.
I've only managed to make it work with open id connect from auth0 as that's the correct flow for native apps from my understanding (including pkce challenge, validation and so on) at the end you get a token which is what will work with Convex.
I haven't yet signed / notarized the app nor tested in production, and I'm sure there are several holes still, but in principle it's possible. But so far I think it needs OIDC flows specifically
I just finished setting up my app with the modified version of the
convex-auth library I mentioned above, so I blocked the automatic redirect and instead used tauri-plugin-opener to open the OAuth link in an external browser and tauri-plugin-oauth to catch the callback and then emit an event to the frontend, which finally calls the Convex auth signIn method a second time, and it works just like I'd hopedAwesome, would love to see if there's a version you publish of this