Skip to content

Commit c78c4d8

Browse files
thomasballingerConvex, Inc.
thomasballinger
authored and
Convex, Inc.
committed
More docs about custom auth (#37592)
GitOrigin-RevId: 55064392845527de703894d19fd55af62e11d915
1 parent 068f373 commit c78c4d8

File tree

2 files changed

+36
-1
lines changed

2 files changed

+36
-1
lines changed

npm-packages/docs/docs/auth/advanced/custom-jwt.mdx

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,36 @@ specified the `applicationID` property must exactly match the `aud` field. If
4747
your JWT doesn't match, use a tool like [jwt.io](https://jwt.io/) to view an JWT
4848
and confirm these fields match exactly.
4949

50+
When adding a custom JWT provider it is your responsibility to ensure the fields
51+
uniquely identify a user; for example, if the `iss` field and `issuer` property
52+
do not uniquely identify your app, it's very important to use the
53+
`applicationID` field as well to require the `aud` field to match as well.
54+
55+
### Custom claims
56+
57+
In addition to `subject`, `issuer`, and `tokenIdentifier`, subfields of the
58+
nested fields of the JWT will be accessible in the auth data returned from
59+
`const authInfo = await ctx.auth.getUserIdentity()` like
60+
`authInfo["properties.id"]` and `authInfo["properties.favoriteColor"]` for a JWT
61+
structured like this:
62+
63+
```json
64+
{
65+
"properties": {
66+
"id": "123",
67+
"favColor": "asdf"
68+
},
69+
"iss": "http://localhost:3000",
70+
"sub": "user:8fa2be73c2229e85",
71+
"exp": 1750968478
72+
}
73+
```
74+
5075
## Client-side integration
5176

77+
Your user's browser needs a way to obtain an initial JWT and to request updated
78+
JWTs, ideally before the previous one expires.
79+
5280
See the instructions for
53-
[Custom OIDC Providers](/auth/advanced/custom-auth#client-side-integration).
81+
[Custom OIDC Providers](/auth/advanced/custom-auth#client-side-integration) for
82+
how to do this.

npm-packages/docs/docs/auth/functions-auth.mdx

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,12 @@ If you're using Clerk, the fields returned by `getUserIdentity` are determined
5353
by your JWT template's _Claims_ config. If you've set custom claims, they will
5454
be returned by `getUserIdentity` as well.
5555

56+
### Custom JWT Auth
57+
58+
If you're using [Custom JWT auth](/auth/advanced/custom-jwt.mdx) instead of
59+
OpenID standard fields you'll find each nested field available at
60+
dot-containing-string field names like `identity["properties.email"]`.
61+
5662
## HTTP Actions
5763

5864
You can also access the user identity from an HTTP action

0 commit comments

Comments
 (0)