Roast of the convex client and authentication.
What I want to achieve without crying out loud:
1. Call an endpoint that checks the cookie and returns the session
2. Use that session cookie when calling fetchAccessToken
3. Authenticate into convex server using the JWT so that i can use ctx.auth.
Simple right? It's all that really matters when building auth and connecting to convex server.
In the current state STEP 3 is terror. Who's the culprit?
Convex Client - a nice block of concrete with cracks.
First of all... It doesn't clear the scheduled fetchAccessToken calls when transition to unauthenticated state, but you probably didn't notice that, because who's testing 10s access tokens or waits after signing out.
Ok I will opt-out from refreshing and add it myself. Yeah you bet it's baked in.
You have no access to the internal state and you cannot observe and react to events like authentication.sent authentication.success and so on.
I mean you have
Yes and no. You are signing out clearing the auth, but you won't receive the callback... It just sends the message over websocket and doesn't notify you back when it's done, if it's done.
In the current state you cannot treat client as a source of truth as you should be!
This is the root cause of component unmounting hacks and layers of setState, useEffect everywhere. Great example of that is FirstEffect and LastEffect in one of the convex providers. You can follow the provider guide and just use tanstack suspense query in the authenticated part, sign out and you will find another one despite all of the efforts.
The more you dig in the more problems you find.
Integrating custom provider and extending auth should be simple and reliable as the rest of the convex environment but it is a nightmare.
I do really love the rest of the product but it is super frustrating when you are unable to work around the problems because of the software limits.
Are there any improvement plans?
1. Call an endpoint that checks the cookie and returns the session
2. Use that session cookie when calling fetchAccessToken
3. Authenticate into convex server using the JWT so that i can use ctx.auth.
Simple right? It's all that really matters when building auth and connecting to convex server.
In the current state STEP 3 is terror. Who's the culprit?
Convex Client - a nice block of concrete with cracks.
First of all... It doesn't clear the scheduled fetchAccessToken calls when transition to unauthenticated state, but you probably didn't notice that, because who's testing 10s access tokens or waits after signing out.
Ok I will opt-out from refreshing and add it myself. Yeah you bet it's baked in.
You have no access to the internal state and you cannot observe and react to events like authentication.sent authentication.success and so on.
I mean you have
onChangeonChange callback right? Yes and no. You are signing out clearing the auth, but you won't receive the callback... It just sends the message over websocket and doesn't notify you back when it's done, if it's done.
In the current state you cannot treat client as a source of truth as you should be!
This is the root cause of component unmounting hacks and layers of setState, useEffect everywhere. Great example of that is FirstEffect and LastEffect in one of the convex providers. You can follow the provider guide and just use tanstack suspense query in the authenticated part, sign out and you will find another one despite all of the efforts.
The more you dig in the more problems you find.
Integrating custom provider and extending auth should be simple and reliable as the rest of the convex environment but it is a nightmare.
I do really love the rest of the product but it is super frustrating when you are unable to work around the problems because of the software limits.
Are there any improvement plans?
