fartinmartin
fartinmartin
PostsComments
CCConvex Community
Created by fartinmartin on 3/2/2025 in #support-community
Add access token from OAuth provider
If you console.log every arguments of callback createOrUpdateUser() do you see anything useful?
Ah! Now that I've updated the Provider's profile callback it looks like afterUserCreatedOrUpdated contains the access / refresh tokens, so perhaps here is where I could write to a authAccessTokens table rather than storing on the user's document? Edit: hmm, what ever you return from profile() will be what Convex Auth uses to create a new user. This means if I plan on retrieving the tokens from there I must store them on the user table... 
'afterUserCreatedOrUpdated:args' {
  userId: 'k579cc56mfpds313371xmn2rrd7bb5c9',
  existingUserId: 'k579cc56mfpds313371xmn2rrd7bb5c9',
  type: 'oauth',
  provider: {
    id: 'spotify',
    name: 'Spotify',
    type: 'oauth',
    authorization: 'https://accounts.spotify.com/authorize?scope=user-read-email',
    token: 'https://accounts.spotify.com/api/token',
    userinfo: 'https://api.spotify.com/v1/me',
    profile: [Function: profile],
    style: {
      brandColor: '#1db954'
    },
    options: {
      profile: [Function: profile]
    },
    checks: [ 'pkce' ],
    account: [Function: defaultAccount],
    clientId: '...',
    clientSecret: '...',
    issuer: undefined
  },
  profile: {
    accessToken: '...',
    email: 'test@example.com',
    name: 'coolname',
    refreshToken: '...'
  }
}
'afterUserCreatedOrUpdated:args' {
  userId: 'k579cc56mfpds313371xmn2rrd7bb5c9',
  existingUserId: 'k579cc56mfpds313371xmn2rrd7bb5c9',
  type: 'oauth',
  provider: {
    id: 'spotify',
    name: 'Spotify',
    type: 'oauth',
    authorization: 'https://accounts.spotify.com/authorize?scope=user-read-email',
    token: 'https://accounts.spotify.com/api/token',
    userinfo: 'https://api.spotify.com/v1/me',
    profile: [Function: profile],
    style: {
      brandColor: '#1db954'
    },
    options: {
      profile: [Function: profile]
    },
    checks: [ 'pkce' ],
    account: [Function: defaultAccount],
    clientId: '...',
    clientSecret: '...',
    issuer: undefined
  },
  profile: {
    accessToken: '...',
    email: 'test@example.com',
    name: 'coolname',
    refreshToken: '...'
  }
}
Thanks for talking through this with me @Spioune !
13 replies
CCConvex Community
Created by fartinmartin on 3/2/2025 in #support-community
Add access token from OAuth provider
Oh! Found a spot to grab the access and refresh tokens! Inside the Provider's profile callback: https://github.com/get-convex/convex-auth/blob/2f77702b0e42fa705dfe2af623494682e6a21b49/src/server/implementation/index.ts#L332 If I add accessToken and refreshToken to returned obj + user schema I can store them on the user table—not sure if that's poor form? 
// convex/auth.ts
export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
  providers: [
    Spotify({
      profile(profile, tokens) {
        return {
          id: profile.id,
          email: profile.email,
          name: profile.display_name,
          image: profile.images[0]?.url,
          accessToken: tokens.access_token,
          refreshToken: tokens.refresh_token
        };
      }
    })
  ]
});

// convex/schema.ts
export default defineSchema({
  ...authTables,
  users: defineTable({
    name: v.optional(v.string()),
    image: v.optional(v.string()),
    email: v.optional(v.string()),
    emailVerificationTime: v.optional(v.number()),
    phone: v.optional(v.string()),
    phoneVerificationTime: v.optional(v.number()),
    isAnonymous: v.optional(v.boolean()),
    accessToken: v.optional(v.string()),
    refreshToken: v.optional(v.string())
  })
});
// convex/auth.ts
export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
  providers: [
    Spotify({
      profile(profile, tokens) {
        return {
          id: profile.id,
          email: profile.email,
          name: profile.display_name,
          image: profile.images[0]?.url,
          accessToken: tokens.access_token,
          refreshToken: tokens.refresh_token
        };
      }
    })
  ]
});

// convex/schema.ts
export default defineSchema({
  ...authTables,
  users: defineTable({
    name: v.optional(v.string()),
    image: v.optional(v.string()),
    email: v.optional(v.string()),
    emailVerificationTime: v.optional(v.number()),
    phone: v.optional(v.string()),
    phoneVerificationTime: v.optional(v.number()),
    isAnonymous: v.optional(v.boolean()),
    accessToken: v.optional(v.string()),
    refreshToken: v.optional(v.string())
  })
});
13 replies
CCConvex Community
Created by fartinmartin on 3/2/2025 in #support-community
Add access token from OAuth provider
Ah, fair point—so, best practices would be to store the token to the database and call Spotify API through actions, rather than sending token to the client and letting the client run fetch requests directly to the Spotify API? Would I want to create a new table rather than extending to session or user documents? But before I store the token I still need to figure out where I can access it within Convex Auth—I did see the callbacks you mentioned in the Auth.js docs, but they seem to be intentionally removed from the Convex Auth implementation. It looks like all of the Convex Auth callbacks occur before the provider sends back any access token? https://labs.convex.dev/auth/api_reference/server#callbacks
13 replies