mrvdot
mrvdot
PostsComments
CCConvex Community
Created by mrvdot on 12/12/2023 in #support-community
How to setup Custom OIDC Auth (Logto)
Hi there, I'm not sure if I'm completely missing something or if something is misconfigured. I'm attempting to use Logto (OIDC fully compatible) to authenticate with Convex. I have setup the auth.config.js file as: 
export default {
  providers: [
    {
      domain: 'https://guq6sg.logto.app/', // have also tried just 'guq6sg.logto.app' but the docs are inconsistent on which it should be
      applicationID: 'yt3fw3sx5ea89tp6x27nb', // pulled from logto dashboard
    },
  ],
};
export default {
  providers: [
    {
      domain: 'https://guq6sg.logto.app/', // have also tried just 'guq6sg.logto.app' but the docs are inconsistent on which it should be
      applicationID: 'yt3fw3sx5ea89tp6x27nb', // pulled from logto dashboard
    },
  ],
};
(Don't worry, all these environments are purely for testing purposes, I'll swap them out before building anything "real") And have called setAuth (just using the BaseConvexClient as I'm in Angular, not React) with: 
this.#client.setAuth(
  async ({ forceRefreshToken }) => {
    if (forceRefreshToken) {
      // Will refresh id token
      await this.#logto.getAccessToken();
    }
    // Have also tried using `accessToken`, unclear which it should be
    const token = await this.#logto.getIdToken();
    return token;
  },
  (loggedIn) => {
    // This is always false
    console.log('[convex] now logged in?', loggedIn);
  }
);
this.#client.setAuth(
  async ({ forceRefreshToken }) => {
    if (forceRefreshToken) {
      // Will refresh id token
      await this.#logto.getAccessToken();
    }
    // Have also tried using `accessToken`, unclear which it should be
    const token = await this.#logto.getIdToken();
    return token;
  },
  (loggedIn) => {
    // This is always false
    console.log('[convex] now logged in?', loggedIn);
  }
);
And I've confirmed it's getting the token, but never logs in, nor do I see anyway to debug why it's not logging in (URL error, invalid token, ID10T error, something else??). Any suggestions on where I should look? Based on the audit logs in Logto, Convex doesn't seem to ever even try to validate the token (or hit the Logto server at all) Thanks! Really excited to try Convex for a new project, but need auth with Logto to work (their support for multi-tenancy and multi-organization is pretty key for what I'm building)
40 replies