uma•4w ago

callback, 3rd party authentication, convexAuth

I am running into a problem with Figma Oauth 2.0 callback which returns with ?code=&state= appended to the return URL. Now, the ?code part of it is getting consumed by ConvexAuth. I'd love some help on getting around it. I edited my middleware.ts to do the following:

export default convexAuthNextjsMiddleware((request) => {
  const url = new URL(request.url)
  console.log('Middleware full URL:', url.href)
  // Intercept the Figma callback route to rewrite "code" as "figmaCode"
  if (url.pathname.startsWith('/settings/profile/figma-auth-callback') && url.searchParams.has('code')) {
    const code = url.searchParams.get('code')!
    url.searchParams.delete('code')
    url.searchParams.set('figmaCode', code)
    // Redirect to the same URL with the renamed query parameter.
    return NextResponse.redirect(url)
  }
  if (!isPublicPage(request as NextRequest) && !isAuthenticatedNextjs()) {
    return nextjsMiddlewareRedirect(request as NextRequest, '/auth')
  }
})

export default convexAuthNextjsMiddleware((request) => {
  const url = new URL(request.url)
  console.log('Middleware full URL:', url.href)
  // Intercept the Figma callback route to rewrite "code" as "figmaCode"
  if (url.pathname.startsWith('/settings/profile/figma-auth-callback') && url.searchParams.has('code')) {
    const code = url.searchParams.get('code')!
    url.searchParams.delete('code')
    url.searchParams.set('figmaCode', code)
    // Redirect to the same URL with the renamed query parameter.
    return NextResponse.redirect(url)
  }
  if (!isPublicPage(request as NextRequest) && !isAuthenticatedNextjs()) {
    return nextjsMiddlewareRedirect(request as NextRequest, '/auth')
  }
})

But that doesn't fix it either. I couldn't use this workaround because I am not using tanstack server: https://github.com/get-convex/convex-auth/issues/145 The work around would be to break out a chunk of code out from ConvexAuthNextjsServerProvider and that is painful. Integration with a third party is common, so what could I be missing? This has to be solved elegantly. A movement on this thread: https://github.com/get-convex/convex-auth/issues/145 as suggested by @ballingt and @sshader would work.

GitHub

Convex Auth consumes pages that have "code" as search param · Issu...

Came across this curious case recently: A user is created and authenticated through Convex Auth, no problem, no sweat. As a business rule, that user needs to be able to connect a Mailchimp account ...

14 Replies

erquhart•4w ago

@uma I'm going to see about providing some kind of escape hatch for this, will update. Proposal: Handle custom OAuth flows If you have custom OAuth flows that use the code query parameter (like Figma OAuth), you can prevent Convex Auth from handling those codes by providing a shouldHandleCode callback:

ts filename="middleware.ts"
export default convexAuthNextjsMiddleware(
  (request, { convexAuth }) => {
    // ...
  },
  {
    shouldHandleCode: (request) => {
      // Don't handle code parameter for Figma OAuth callback
      if (
        request.nextUrl.pathname.startsWith(
          "/settings/profile/figma-auth-callback",
        )
      ) {
        return false;
      }
      // Handle all other code parameters
      return true;
    },
  },
);

ts filename="middleware.ts"
export default convexAuthNextjsMiddleware(
  (request, { convexAuth }) => {
    // ...
  },
  {
    shouldHandleCode: (request) => {
      // Don't handle code parameter for Figma OAuth callback
      if (
        request.nextUrl.pathname.startsWith(
          "/settings/profile/figma-auth-callback",
        )
      ) {
        return false;
      }
      // Handle all other code parameters
      return true;
    },
  },
);

The callback receives the request object and should return true if Convex Auth should handle the code parameter, or false if it should be left alone for your custom OAuth flow to handle.

umaOP•4w ago

I can use this, yes!!!

erquhart•4w ago

I'm going to publish a fork with this included, can you test? cool, that'll be quicker than setting up a repro. just a minute Alright you can do:

npm i @convex-dev/auth@npm:@erquhart/convex-auth@0.0.82-beta.1

npm i @convex-dev/auth@npm:@erquhart/convex-auth@0.0.82-beta.1

That will install the fork under the alias of the original package name so you don't have to update your imports

umaOP•4w ago

Never done this: installing fork under same alias, so this feels cool. Will report back. Broke something..fixing. Issues are on my end. I am on it.

Sheng•4w ago

How about this? It will check the pathname first, if matched then no need to go through the convex auth middleware.

export const middleware = async (req: NextRequest, event: NextFetchEvent) => {
  if (req.nextUrl.pathname.startsWith("/settings/profile/figma-auth-callback")) {
    // Do something here if needed
    return NextResponse.next()
  }

  return convexAuthNextjsMiddleware(
    async (request, { convexAuth }) => {
      // ...
    },
  )(req, event)
}

export const middleware = async (req: NextRequest, event: NextFetchEvent) => {
  if (req.nextUrl.pathname.startsWith("/settings/profile/figma-auth-callback")) {
    // Do something here if needed
    return NextResponse.next()
  }

  return convexAuthNextjsMiddleware(
    async (request, { convexAuth }) => {
      // ...
    },
  )(req, event)
}

umaOP•4w ago

This works - I had some outdated packages, installed them and now I receive the callback 'code' and my middleware.ts code that is replacing code with figmaCode as query param - that's successful too! Whoa! Super happy. Didn't try your suggestion, Sheng, but that should work too - saying this from reading the code only.

Sheng•4w ago

Yes, basically is just run some code before reaching the convex auth middleware

umaOP•4w ago

@erquhart i also get some warnings because of the new code. Is there a github thread where I should be tabulating them?

erquhart•4w ago

Here is fine for now

umaOP•3w ago

I will send some reports tonight - have to prepare for a demo going to take place at Convex this evening! 😎 Hi Shawn, here are some warnings/errors I see in my terminal:

     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
 ⨯ unhandledRejection: Error: Server Error: could not find api.auth.isAuthenticated. convex-auth 0.0.76 introduced a new export in convex/auth.ts. Add `isAuthenticated` to the list of functions returned from convexAuth(). See convex-auth changelog for more https://github.com/get-convex/convex-auth/blob/main/CHANGELOG.md
    at isAuthenticated (webpack-internal:///(middleware)/./node_modules/.pnpm/@erquhart+convex-auth@0.0.82-beta.1_@auth+core@0.37.4_convex@1.17.0_react-dom@18.3.1_react@18_wxvxbogbwybgxysh7jrykisbni/node_modules/@erquhart/convex-auth/dist/nextjs/server/index.js:182:19)

     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
 ⨯ unhandledRejection: Error: Server Error: could not find api.auth.isAuthenticated. convex-auth 0.0.76 introduced a new export in convex/auth.ts. Add `isAuthenticated` to the list of functions returned from convexAuth(). See convex-auth changelog for more https://github.com/get-convex/convex-auth/blob/main/CHANGELOG.md
    at isAuthenticated (webpack-internal:///(middleware)/./node_modules/.pnpm/@erquhart+convex-auth@0.0.82-beta.1_@auth+core@0.37.4_convex@1.17.0_react-dom@18.3.1_react@18_wxvxbogbwybgxysh7jrykisbni/node_modules/@erquhart/convex-auth/dist/nextjs/server/index.js:182:19)

Sheng•3w ago

Does your convex/auth.ts file have the isAuthenticated exported like this?

import { convexAuth } from "@convex-dev/auth/server";
 
export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
  providers: [],
});

import { convexAuth } from "@convex-dev/auth/server";
 
export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
  providers: [],
});

umaOP•3w ago

No. We do this: export const { auth, signIn, signOut, store } = convexAuth({..

Sheng•3w ago

Yea, probably the issue is due to missing isAuthenticated from your export there

umaOP•3w ago

@Sheng that has fixed all of my warnings so far. Going to test out more stuff tomorrow. Just updating.

callback, 3rd party authentication, convexAuth

Did you find this page helpful?