2 replies

Bug in httpAction, Authorization Bearer not working. Identity is null

Hello, im having the same trouble with auth through an http action

On the documentation https://docs.convex.dev/auth/functions-auth#http-actions
it says that if I put an Authorization token then ctx.auth.getUserIndentity should return the user, however this is broken.

Seems like it get stripped because its not even visible in the preflight

I'm using clerk as auth provider if that helps.

  const token = useAuthToken();
  useEffect(() => {
    const fetchData = async () => {
      const response = await fetch(`${CONVEX_SITE_URL}/api/chat`, {
        method: "POST",
        body: JSON.stringify({ messages: [] }),
        headers: {
          Authorization: `Bearer ${token}`,
        },
      });
      console.log(response);
    };
    fetchData();
  }, [token]);

  const token = useAuthToken();
  useEffect(() => {
    const fetchData = async () => {
      const response = await fetch(`${CONVEX_SITE_URL}/api/chat`, {
        method: "POST",
        body: JSON.stringify({ messages: [] }),
        headers: {
          Authorization: `Bearer ${token}`,
        },
      });
      console.log(response);
    };
    fetchData();
  }, [token]);

http.route({
  path: "/api/chat",
  method: "OPTIONS",
  handler: httpAction(async (ctx, request) => {
    console.log("ctx auth", await ctx.auth.getUserIdentity()); // NULL

    // Make sure the necessary headers are present
    // for this to be a valid pre-flight request
    const headers = request.headers;
    console.log("headers", JSON.stringify(headers, null, 2)); // Dont show the authorization header even
    return headers.get("Origin") !== null &&
      headers.get("Access-Control-Request-Method") !== null &&
      headers.get("Access-Control-Request-Headers") !== null
      ? new Response(null, {
          headers: new Headers({
            "Access-Control-Allow-Origin": "*",
            "Access-Control-Allow-Methods": "POST",
            "Access-Control-Allow-Headers": "Content-Type, Digest",
            "Access-Control-Max-Age": "86400",
            Vary: "origin",
          }),
        })
      : new Response();
  }),
});

http.route({
  path: "/api/chat",
  method: "OPTIONS",
  handler: httpAction(async (ctx, request) => {
    console.log("ctx auth", await ctx.auth.getUserIdentity()); // NULL

    // Make sure the necessary headers are present
    // for this to be a valid pre-flight request
    const headers = request.headers;
    console.log("headers", JSON.stringify(headers, null, 2)); // Dont show the authorization header even
    return headers.get("Origin") !== null &&
      headers.get("Access-Control-Request-Method") !== null &&
      headers.get("Access-Control-Request-Headers") !== null
      ? new Response(null, {
          headers: new Headers({
            "Access-Control-Allow-Origin": "*",
            "Access-Control-Allow-Methods": "POST",
            "Access-Control-Allow-Headers": "Content-Type, Digest",
            "Access-Control-Max-Age": "86400",
            Vary: "origin",
          }),
        })
      : new Response();
  }),
});

Auth in Functions | Convex Developer Hub

_If you're using Convex Auth, see the

Bug in httpAction, Authorization Bearer not working. Identity is null

Similar Threads