adelin-b
adelin-b4w ago

Bug in httpAction, Authorization Bearer not working. Identity is null

Hello, im having the same trouble with auth through an http action On the documentation https://docs.convex.dev/auth/functions-auth#http-actions it says that if I put an Authorization token then ctx.auth.getUserIndentity should return the user, however this is broken. Seems like it get stripped because its not even visible in the preflight I'm using clerk as auth provider if that helps. 
  const token = useAuthToken();
  useEffect(() => {
    const fetchData = async () => {
      const response = await fetch(`${CONVEX_SITE_URL}/api/chat`, {
        method: "POST",
        body: JSON.stringify({ messages: [] }),
        headers: {
          Authorization: `Bearer ${token}`,
        },
      });
      console.log(response);
    };
    fetchData();
  }, [token]);
  const token = useAuthToken();
  useEffect(() => {
    const fetchData = async () => {
      const response = await fetch(`${CONVEX_SITE_URL}/api/chat`, {
        method: "POST",
        body: JSON.stringify({ messages: [] }),
        headers: {
          Authorization: `Bearer ${token}`,
        },
      });
      console.log(response);
    };
    fetchData();
  }, [token]);
http.route({
  path: "/api/chat",
  method: "OPTIONS",
  handler: httpAction(async (ctx, request) => {
    console.log("ctx auth", await ctx.auth.getUserIdentity()); // NULL

    // Make sure the necessary headers are present
    // for this to be a valid pre-flight request
    const headers = request.headers;
    console.log("headers", JSON.stringify(headers, null, 2)); // Dont show the authorization header even
    return headers.get("Origin") !== null &&
      headers.get("Access-Control-Request-Method") !== null &&
      headers.get("Access-Control-Request-Headers") !== null
      ? new Response(null, {
          headers: new Headers({
            "Access-Control-Allow-Origin": "*",
            "Access-Control-Allow-Methods": "POST",
            "Access-Control-Allow-Headers": "Content-Type, Digest",
            "Access-Control-Max-Age": "86400",
            Vary: "origin",
          }),
        })
      : new Response();
  }),
});
http.route({
  path: "/api/chat",
  method: "OPTIONS",
  handler: httpAction(async (ctx, request) => {
    console.log("ctx auth", await ctx.auth.getUserIdentity()); // NULL

    // Make sure the necessary headers are present
    // for this to be a valid pre-flight request
    const headers = request.headers;
    console.log("headers", JSON.stringify(headers, null, 2)); // Dont show the authorization header even
    return headers.get("Origin") !== null &&
      headers.get("Access-Control-Request-Method") !== null &&
      headers.get("Access-Control-Request-Headers") !== null
      ? new Response(null, {
          headers: new Headers({
            "Access-Control-Allow-Origin": "*",
            "Access-Control-Allow-Methods": "POST",
            "Access-Control-Allow-Headers": "Content-Type, Digest",
            "Access-Control-Max-Age": "86400",
            Vary: "origin",
          }),
        })
      : new Response();
  }),
});
Auth in Functions | Convex Developer Hub
_If you're using Convex Auth, see the
2 Replies
Convex Bot
Convex Bot4w ago
Thanks for posting in <#1088161997662724167>. Reminder: If you have a Convex Pro account, use the Convex Dashboard to file support tickets. - Provide context: What are you trying to achieve, what is the end-user interaction, what are you seeing? (full error message, command output, etc.) - Use search.convex.dev to search Docs, Stack, and Discord all at once. - Additionally, you can post your questions in the Convex Community's <#1228095053885476985> channel to receive a response from AI. - Avoid tagging staff unless specifically instructed. Thank you!
erquhart
erquhart4w ago

Did you find this page helpful?