mchisolm0
mchisolm02d ago

WorkOS/Convex `Authenticated` component not working

I have followed the two tutorials https://docs.convex.dev/auth/authkit/ and https://www.convex.dev/components/workos-authkit to get WorkOS and Convex working together. Sign in/Sign out works, and I confirmed Convex is getting the new user object in the WorkOS Authkit data for the component. However, the page loads and shows the content in the <Unauthenticated> component rather than the <Authenticated> component, despite having a valid signed in user. Why is this?
Convex & WorkOS AuthKit | Convex Developer Hub
Integrate WorkOS AuthKit authentication with Convex
Convex
WorkOS AuthKit
Integrate with AuthKit events and actions, and keep auth data synced in your Convex database.
17 Replies
Convex Bot
Convex Bot2d ago
Thanks for posting in <#1088161997662724167>. Reminder: If you have a Convex Pro account, use the Convex Dashboard to file support tickets. - Provide context: What are you trying to achieve, what is the end-user interaction, what are you seeing? (full error message, command output, etc.) - Use search.convex.dev to search Docs, Stack, and Discord all at once. - Additionally, you can post your questions in the Convex Community's <#1228095053885476985> channel to receive a response from AI. - Avoid tagging staff unless specifically instructed. Thank you!
Sara
Sara2d ago
I've been working on this today, and I've experienced the same problem, are using tanstack start by any chance?
mchisolm0
mchisolm0OP2d ago
It looks like the debugging section says...
Missing aud claim: WorkOS JWTs may not include the aud (audience) claim by default, which Convex requires for token validation. Check your WorkOS Dashboard JWT configuration to ensure the audience claim is properly set to your Client ID
However, the tutorial does not seem to discuss using the aud claim. Here is what the tutorial says should go in auth.config.ts for the JWT. 
const clientId = process.env.WORKOS_CLIENT_ID;

export default {
  providers: [
    {
      type: "customJwt",
      issuer: `https://api.workos.com/`,
      algorithm: "RS256",
      applicationID: clientId,
      jwks: `https://api.workos.com/sso/jwks/${clientId}`,
    },
    {
      type: "customJwt",
      issuer: `https://api.workos.com/user_management/${clientId}`,
      algorithm: "RS256",
      jwks: `https://api.workos.com/sso/jwks/${clientId}`,
    },
  ],
};
const clientId = process.env.WORKOS_CLIENT_ID;

export default {
  providers: [
    {
      type: "customJwt",
      issuer: `https://api.workos.com/`,
      algorithm: "RS256",
      applicationID: clientId,
      jwks: `https://api.workos.com/sso/jwks/${clientId}`,
    },
    {
      type: "customJwt",
      issuer: `https://api.workos.com/user_management/${clientId}`,
      algorithm: "RS256",
      jwks: `https://api.workos.com/sso/jwks/${clientId}`,
    },
  ],
};
Can you help me understand how to set up the aud claim for WorkOS and Convex? I tried tanstack start a few days ago and couldn't get it working. This is my 2nd attempt, this time with just React and vite. It seems like I was hitting different problems on my tanstack start version, though.
Sara
Sara2d ago
haven't tried other frameworks, but on while following the template I was getting something regarding "cookie" package not having parse in my browser, I didn't use the component though!
mchisolm0
mchisolm0OP2d ago
Yeah, I feel like I remember an error about a cookie, too. I also feel I saw something about a cookie password in...maybe the WorkOS docs? I don't know what that is, though. I will try to find it.
mchisolm0
mchisolm0OP2d ago
https://workos.com/docs/authkit/react/nodejs/3-handle-the-user-session/create-a-session-password But I don't think this is in the Convex docs, and...I guess I just skipped over this section of the WorkOS Quick Start? I am not sure.
AuthKit – WorkOS Docs
Easy to use authentication platform designed to provide a flexible, secure, and fast integration.
No description
mchisolm0
mchisolm0OP2d ago
Also, just realized I leaked my key. Going to switch them. Done. 😬
Sara
Sara2d ago
This is my error
No description
mchisolm0
mchisolm0OP2d ago
Is there anywhere in the code trying to access something called 'parse'?
Sara
Sara2d ago
https://github.com/workos/workos-node/issues/1352 mine is deff mentioned here
GitHub
cookie dep dependabot vulnerability · Issue #1352 · workos/workos...
Hi! We&#39;re required to clear all vulnerabilities on our repo. I noticed we got flagged for the cookie module and traced to auth/workos → @workos-inc/node@7.69.1 → iron-session@6.3.1 → cookie@0.5...
Sara
Sara2d ago
no, it's coming from iron-session that is used inside the workos enviroment it looks like sorry for hijacking your thread 😅
mchisolm0
mchisolm0OP2d ago
I literally laughed out loud. No worries 😁 I'm just here to learn, make friends, and build cool stuff. So hijacking the thread is perfectly fine.
mchisolm0
mchisolm0OP2d ago
It doesn't seem like this is related. https://github.com/get-convex/convex-backend/issues/259
GitHub
Stuck in permanent unauthenticated state after access token expiry ...
Summary When using WorkOS AuthKit with Convex in a Next.js App Router project, the Convex React client sometimes enters a permanent unauthenticated state after the access token expires. Even though...
Sara
Sara2d ago
It actually does.. I guess we just have to wait
mchisolm0
mchisolm0OP2d ago
I wasn't thinking it was related to mine because my <Authenticated> continues to give false even after a refresh. You are thinking it is the root of your problem, though? If you increase the token lifetime like they suggest, does that help with your problem?
Sara
Sara2d ago
yeah he mentions it stays false letme try
mchisolm0
mchisolm0OP18h ago
Any luck? I have been able to confirm that issue seems to be the same as my issue. I'm going to update the issue and reference thread. I think it might be helpful to see it may not be a framework related issue.

Did you find this page helpful?