AConvex Auth Not Working Across Subdomains?
Question:
Is there a way to make Convex Auth sessions work across subdomains? I found issue #162 where @thomasballinger mentioned "wouldn't be hard to make work for cookies" but no solution was provided.
This is my setup:
Architecture:
- Main marketing app at datacrunch.site handles unified authentication
- 8 separate Next.js apps on subdomains: app.datacrunch.site, admin.datacrunch.site,
work.datacrunch.site, etc.
- All apps share the same Convex backend instance
- Users authenticate once on main domain, should access all subdomains without re-auth
Current Flow:
1. User visits app.datacrunch.site/dashboard
2. Consumer app middleware redirects to datacrunch.site/login
3. User authenticates with Google OAuth via Convex Auth
4. Marketing app redirects to app.datacrunch.site/dashboard
5. Problem: Consumer app middleware shows isAuthenticated: false and redirects back to
login (infinite loop)
Investigation Results:
- Cookie convex-auth exists with domain .datacrunch.site
- Cookie is accessible on subdomain
- BUT cookie has no value when read on subdomain
- Logs show: allCookies: [ { name: 'convex-auth', hasValue: false } ]
Code Setup:
// Both apps use convexAuthNextjsMiddleware
const isAuthenticated = await convexAuth.isAuthenticated(); // false on subdomain
Environment:
- Next.js 14
- @convex-dev/auth latest
- Production deployment on Vercel
- Verified all apps use same NEXT_PUBLIC_CONVEX_URL
Any guidance on subdomain auth or workarounds would be greatly appreciated!
Is there a way to make Convex Auth sessions work across subdomains? I found issue #162 where @thomasballinger mentioned "wouldn't be hard to make work for cookies" but no solution was provided.
This is my setup:
Architecture:
- Main marketing app at datacrunch.site handles unified authentication
- 8 separate Next.js apps on subdomains: app.datacrunch.site, admin.datacrunch.site,
work.datacrunch.site, etc.
- All apps share the same Convex backend instance
- Users authenticate once on main domain, should access all subdomains without re-auth
Current Flow:
1. User visits app.datacrunch.site/dashboard
2. Consumer app middleware redirects to datacrunch.site/login
3. User authenticates with Google OAuth via Convex Auth
4. Marketing app redirects to app.datacrunch.site/dashboard
5. Problem: Consumer app middleware shows isAuthenticated: false and redirects back to
login (infinite loop)
Investigation Results:
- Cookie convex-auth exists with domain .datacrunch.site
- Cookie is accessible on subdomain
- BUT cookie has no value when read on subdomain
- Logs show: allCookies: [ { name: 'convex-auth', hasValue: false } ]
Code Setup:
// Both apps use convexAuthNextjsMiddleware
const isAuthenticated = await convexAuth.isAuthenticated(); // false on subdomain
Environment:
- Next.js 14
- @convex-dev/auth latest
- Production deployment on Vercel
- Verified all apps use same NEXT_PUBLIC_CONVEX_URL
Any guidance on subdomain auth or workarounds would be greatly appreciated!
