Auth for internal functions
When using the ConvexHttpClient in a node.js environment, if I need to use queries and mutations on behalf of users (given specific document IDs or query params) where I don't have access to auth tokens - as this is performed as part of background async jobs. What's the recommended pattern for performing those queries and mutations?
Here's two patterns:
1) Public queries and mutations, but instead of using ctx.auth.getUserIdentity() to validate users, it instead validates a shared environment variable. As recommended here: https://docs.convex.dev/auth.
2) Internal queries and mutations which can be accessed via the ConvexHttpClient by setting admin auth.
Personal bias, I prefer option 2 and that's the method I'm attempting, because I prefer the fact that the admin/system queries and mutations are never exposed publicly. However, when using option 2, I noticed in the github repo, https://github.com/get-convex/convex-js/blob/main/src/browser/http_client.ts, setAdminAuth is marked as @internal - meaning accessing it requires some type gymnastics ("(client as any).setAdminAuth(process.env.CONVEX_DEPLOY!);" to get it working). Does that mean it's not the recommended approach? Along with that, client.query() expects a public query, so additional type gymnastics is required to get that working with internal queries - such as // @ts-ignore - which unfortunately removes the implicit type.
To recap, what is the recommended / intended design pattern for solving the problem stated above? Which is running queries and mutations on an external service, where no auth token is available - but there's an obvious need to perform authentication for the system (It's my servers attempting to perform these admin level queries and mutations).
Is design pattern 1, 2 or an alternative pattern recommended?
Thanks!
2 Replies
The reason
setAdminAuth is marked as internal is that it's a very powerful key: besides allowing you to call internal functions, an admin key allows you to read and write arbitrary data to the deployment as well as deploy to it. The pattern I'd use is a scoped secret: an environment variable that is checked in just the (public) queries/mutations/actions that you want to be able to run from that server.
That said, setAdminAuth is great for something quick and dirty.Authentication | Convex Developer Hub
Add authentication to your Convex app.