Tanstack Start protected routes with Convex-Auth
Here’s a concise message you can post in Discord:
Hey all — I’m using TanStack Start with Convex + Convex Auth and I’m trying to:
Protect routes server-side (beforeLoad) and redirect unauthenticated users.
Run authenticated Convex queries from TanStack Start server loaders/createServerFn during SSR.
But the missing piece is: how to get a server-readable auth token/session from the TanStack Start request so I can call ctx.context.convexQueryClient.serverHttpClient?.setAuth(token) in beforeLoad. The Clerk guide shows this pattern with auth.getToken({ template: "convex" }), but I don’t see the Convex Auth equivalent for TanStack Start yet. Is there a recommended way to surface a Convex Auth token to the server (cookie/header) and wire it into beforeLoad so SSR loaders run authenticated?
4 Replies
Thanks for posting in <#1088161997662724167>.
Reminder: If you have a Convex Pro account, use the Convex Dashboard to file support tickets.
- Provide context: What are you trying to achieve, what is the end-user interaction, what are you seeing? (full error message, command output, etc.)
- Use search.convex.dev to search Docs, Stack, and Discord all at once.
- Additionally, you can post your questions in the Convex Community's <#1228095053885476985> channel to receive a response from AI.
- Avoid tagging staff unless specifically instructed.
Thank you!
This might be entirely unhelpful, but I did see one of the founders recommending using better-auth if you're just starting out at the moment.
thanks, the project is fairly big and already using convex-auth... I may look into switching to better-auth if thats the case, considering I only have 1 customer atm and shouldn't be that difficult to migrate them
Convex Auth has cookie handling support that's built for Next.js specifically, that's what allows server side authentication to work. I'm sure a TanStack version could be created based on that work, but it doesn't exist currently.