convex auth session across subdomains
Is there a way to make a convex auth session valid across subdomains of a same domain like it is for clerk by default?
4 Replies
Thanks for posting in <#1088161997662724167>.
Reminder: If you have a Convex Pro account, use the Convex Dashboard to file support tickets.
- Provide context: What are you trying to achieve, what is the end-user interaction, what are you seeing? (full error message, command output, etc.)
- Use search.convex.dev to search Docs, Stack, and Discord all at once.
- Additionally, you can post your questions in the Convex Community's <#1228095053885476985> channel to receive a response from AI.
- Avoid tagging staff unless specifically instructed.
Thank you!
Could you file this as an issue at https://github.com/get-convex/convex-auth? Sure it's possible, it's just about what domain is used on the cookie in cookie situat cookie is written to. Or for localstorage, this gets more complicated. Would be helpful to hear more about your use case.
Also @sbkl consider using Clerk instead, they do a great job! Convex Auth is convenient because it's one less thing to sign up for but Clerk is hard to beat for all these features.
The use case is to provide a custom subdomain or domain feature in a multi-tenant app. Using vercel for this. Created an issue. Clerk is definitely a great product but I am at the beginning of the project and want to keep it simple. So if I can do it with convex-auth, I've got the current need pretty well covered.
@ballingt did this ever get resolved, I'm attempting to do the same thing and running into trickiness...
Architecture:
- Main marketing app at website.com handles unified authentication
- 8 separate Next.js apps on subdomains: app.website.com, admin.website.com,
work.website.com, etc.
- All apps share the same Convex backend instance
- Users authenticate once on main domain, should access all subdomains without re-auth
Current Flow:
1. User visits app.website.com/dashboard
2. Consumer app middleware redirects to website.com/login
3. User authenticates with Google OAuth via Convex Auth
4. Marketing app redirects to app.website.com/dashboard
5. Problem: Consumer app middleware shows isAuthenticated: false and redirects back to
login (infinite loop)
Investigation Results:
- Cookie convex-auth exists with domain .website.com ✅
- Cookie is accessible on subdomain ✅
- BUT cookie has no value when read on subdomain ❌
- Logs show: allCookies: [ { name: 'convex-auth', hasValue: false } ]
Code Setup:
// Both apps use convexAuthNextjsMiddleware
const isAuthenticated = await convexAuth.isAuthenticated(); // false on subdomain
Question:
Is there a way to make Convex Auth sessions work across subdomains? I found issue #162
where @thomasballinger mentioned "wouldn't be hard to make work for cookies" but no
solution was provided.
Environment:
- Next.js 14
- @convex-dev/auth latest
- Production deployment on Vercel
- Verified all apps use same NEXT_PUBLIC_CONVEX_URL
Any guidance on subdomain auth or workarounds would be greatly appreciated!