Have you had a chance to explore `better
Have you had a chance to explore
better-auth yet?
I'm using this adapter @better-auth-kit/convex and its instructions (https://www.better-auth-kit.com/docs/adapters/convex, https://github.com/ping-maxwell/better-auth-kit/tree/main/packages/adapters/convex)
and these instructions too https://www.better-auth.com/docs/installation
and then set up Github OAuth, as the simplest way to get started: https://www.better-auth.com/docs/basic-usage
But running into various issues.
Convex Auth was seamless and easy. But I've concluded that better-auth is what I want to bet on long term b/c it seems to be an emerging standard in the JS ecosystem imo, is fully featured, not tied to any specific provider, etc.
Blocked on integrating convex further now.51 Replies
1. First issue was getting it to build. I created an issue for @Ping 's repo for that: https://github.com/ping-maxwell/better-auth-kit/issues/5 Editing the built files in node_modules just to keep going with this, so they used
.js extensions on imports, allowed the project to build without errors.
2. Now, getting a runtime error when trying to use better auth's authClient to sign in with Github OAuth, and it's like my Convex URL cannot be found anymore, but I've had Convex working on this project prior to better auth
Thanks for this - I'm looking into another integration approach now
š awesome
Update: I got past the first build error:
1. Ping pushed an update to address it, so use this version or newer
"@better-auth-kit/convex": "^1.1.4",
2. And I also needed to update my convex/tsconfig.json from "moduleResolution": "Bundler", to "moduleResolution": "bundler",. I don't recall setting this, so a default might need to be updated in Convex's code generation b/c TypeScript indicates that only lowercase is valid.
Progress! Now the runtime error listed as #2 in my previous post still occurs trying to use the Github OAuth method to sign in. So, that's the next hurdle.
Just noticed I have no better auth tables in Convex either. I might be messing this up, but I assume the tables are created after running npx convex dev --once as long as convex/betterAuth.ts exists.Yes that's right.
Looking forward for this :convexspin:
šš
Hi,
Did you use the JWT plugin of better-auth ?
Did Convex recognize it ?
Sorry for pinging you, but any chance we get a native adapter any time soon? I really would like to use betterauth together with convex in my tanstack start project and looking forward to it
No problem - too early to say for sure, but will update here.
For anyone following this, would it be useful to have pretty standard auth working with Convex and BetterAuth or are you hoping to use specific plugins?
Just a heads up, has been some discussion with @ballingt and @Wayne about integrating Better Auth with Convex. Not sure if you knew that already, but just wanted to throw that out there.
Was literally just about to @ you lol
yeah I'm aware, been thinking about whether our work would end up converging or something, but we should talk
When I saw you wrote a tokenizer for this my head exploded lol, mad respect
haha, thanks
Yeah, it would be really great if we can have some sort of native integration.
Might be worth if I get Bekacru in here and we can chat about this
Convex just doesn't handle arbitrary queries, so it's going to be a different integration than the others. The approach I'm looking at is basically a BetterAuth Convex Component that wraps BetterAuth and provides specific functionality (and more support for specific plugins can be added ongoing).
specific functionality as in predefined functions for specific DB interactions?
Exactly. There can be a lot of sharing I think, but yeah a good number of functions and predefined tables/indexes.
Hmm. That might be challenging. Better Auth Adapter model allows our internal code & any plugins to call the adapter to do mutations or queries any way they like, could be a little unpredictable depending on the situation..
I'm wondering if that varies depending on the functionality supported. Like BetterAuth does a lot - but if the initial support model is just auth, and we pin the Convex component to a specific version, that narrows how many queries can occur
Yeah I think this is our most recent conclusion from @ballingt , but there might be more to discuss
I have basic sign / sign out with oidc (required for Convex custom auth integration) working right now
cc @bekacru
I see
I fully agree w/ Tom's conclusion and your approach - if dynamic queries can be made to work in Convex, that's ideal. I just don't know if it's fully doable, just based on the caveats in the integration docs alone. Convex is really built for schema, indexes, and queries to be predefined in code, and everything is optimized for that. That said, having built the integration so far you may have a different outlook on the challenges?
For feasibility on predefined queries, having a BetterAuth Convex component that exposes certain configs to the user and pins a specific BetterAuth version is definitely required. Not ideal, but the integration can feel very Convex native. And the adapters in the better auth source do provide a nice set of indicators for what queries to expect for a given provider or plugin.
The ideal goal is to have everything done in 1 request, and make it support transactions.
Since right now, every req goes through a Convex action, then to the mutation/query call, this alone could be 1, 2 or maybe even 3 requests, and all of it is not transactionable as far as I'm aware
I think that if we want Better Auth to work with Convex "seamlessly", it may have to use external/special code specific for Better Auth to work, using the current Convex DB functionality will probably only get us as far as what I've done. š¤
Like a special Better-auth integrated Convex action sort of thing
Like platform level support you mean
And yeah having everything be a transaction would be awesome
Is your integration running better auth in an action or a mutation?
Yeah š
As far as I'm aware, Convex DB uses sqlite? So it would mean that we'd need a custom adapter that can do direct queries to the DB internally? Not too sure..
My platform knowledge is zilch, but I'd be surprised if that were possible without breaking the whole model given Convex databases are entirely transaction based
But again zilch is the important word there lol
Kind of both.
Since the mutations & queries are using internalMutation/internalQuery, so everything runs through a Convex action, parsed and whatever else, then goes to their respective internalMutation/internalQuery
Gotcha, and better auth itself is being run in the http action and calling queries/mutations from there
better auth would have to run in any of the current supported integrations, it doesn't work in http actions
If it were possible to pass an object representing the request instead of the actual request, it might be possible to run better auth in a mutation, although fetch is only supported in actions
So for example, BA would run in Nextjs, and Convex is just there for DB or whatever else the user is using it for.
Ahh hmm
I'm actually running it in an http action
But I'm testing with Vite, not a framework like Next.
Right now? You got it working?
Yeah it works in http actions fine
The OIDC plugin is š„
I haven't actually tested it, but I kind of made assumptions that things would break unexpectedly, as that's my experience in some other things in the Convex enviroment
The one thing that didn't work was jwks creation, as the convex runtime subtle crypto implementation doesn't have generateKeyPairs, so I just made a jwks record and stuck it in the jwks table
Otherwise it was good
Just what I was about to say..... š
the one thing I tested in HTTP action was using
jose to parse JWT
and it didn't work.
Okay.. so everything else works then...Parsing it can actually do fine
oohh
the alg, had to use rs256
ed25519 support has a bug in convex runtime, you may have run into that
I really wished I had asked you guys about this now, I just made the assumption that "things just don't work"
š¤¦āāļø
to be fair, there wasn't a clear answer on the stuff you ran into, I spent half of yesterday figuring these parts out
Yeah... literally exactly that.. How unlucky xD
Oh I see
the more you learn I guess
Anyway, back to HTTP action working with BA, that's really š„
I have some good progress on the Convex first approach, going to share something that works soon
Super awesome to hear. I might have to add this to my docs
Also making it a Convex Component will be a nice touch, separates auth tables from the user's app tables, and keeps the integration surface clear
What is a Convex Component?
Convex's integrations layer
Basically the components architecture means a Convex app is actually a component (the "root" component), and you can install other sort of sub-apps with their own sets of tables, functions, etc, and they expose functionality to your app (or other components) through a client api that the component itself defines.
okay... interesting.
Could you give me an example of how I can merge this with the Better auth adapter idea?
It doesn't change anything on the dynamic query support front, the challenges you've outlined would still be there
The approach I'm thinking of is a BetterAuth Convex Component would support a config similar to better auth, but limited to the things the component actually supports. But it'll feel super native and can be even simpler to set up than a standard db integration with BA
Have to say, BetterAuth is a very nice piece of software. API's are so well thought out, and it has so many things that just work
how dumb is it to just use better auth jwt and a pg db or something like that
i got it to work but i dont like having two dbs.
Not dumb, just preference.
Thank you @erquhart for working at this ! It would be awesome to have a Convex Component for that !
Update on my end: I have Better Auth's Email OTP plugin working, to create a user, create a session, and delete a session on logout. (Better Auth's OAuth still encounters runtime errors, so I'll just hide that option on my login page for now.)
Remaining to sort out: 1.) protecting private routes--i.e. to redirect to
/login if unauthenticated, 2.) writing a helper to require authentication for certain Convex mutations & queries, 3.) making user object available to all routes.
Do y'all have more clarity now on if a deeper integration between Convex & Better Auth is required? Asking b/c if so, that'd help me know to just pause my attempts for now.