get-convex · dowski · Dec 3, 2024 · Dec 4, 2024 · Dec 10, 2024 · Dec 10, 2024
diff --git a/docs/pages/advanced.mdx b/docs/pages/advanced.mdx
@@ -34,7 +34,7 @@ Convex Auth follows this logic:
       import GitHub from "@auth/core/providers/github";
       import { convexAuth } from "@convex-dev/auth/server";
 
-      export const { auth, signIn, signOut, store } = convexAuth({
+      export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
         providers: [
           Resend,
           GitHub({ allowDangerousEmailAccountLinking: false }),
@@ -76,7 +76,7 @@ import GitHub from "@auth/core/providers/github";
 import Password from "@convex-dev/auth/providers/Password";
 import { MutationCtx } from "./_generated/server";
 
-export const { auth, signIn, signOut, store } = {
+export const { auth, signIn, signOut, store, isAuthenticated } = {
   providers: [GitHub, Password],
   callbacks: {
     // `args.type` is one of "oauth" | "email" | "phone" | "credentials" | "verification"
@@ -118,7 +118,7 @@ import GitHub from "@auth/core/providers/github";
 import Password from "@convex-dev/auth/providers/Password";
 import { MutationCtx } from "./_generated/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [GitHub, Password],
   callbacks: {
     // `args` are the same the as for `createOrUpdateUser` but include `userId`

diff --git a/docs/pages/api_reference/nextjs/server.mdx b/docs/pages/api_reference/nextjs/server.mdx
@@ -137,7 +137,7 @@ and [useAuthActions](/api_reference/react#useauthactions).
 
 <h3 className="nx-font-semibold nx-tracking-tight nx-text-slate-900 dark:nx-text-slate-100 nx-mt-8 nx-text-2xl">Defined in</h3>
 
-[src/nextjs/server/index.tsx:27](https://github.com/get-convex/convex-auth/blob/main/src/nextjs/server/index.tsx#L27)
+[src/nextjs/server/index.tsx:29](https://github.com/get-convex/convex-auth/blob/main/src/nextjs/server/index.tsx#L29)
 
 ***
 
@@ -155,7 +155,7 @@ The token if the the client is authenticated, otherwise `undefined`.
 
 <h3 className="nx-font-semibold nx-tracking-tight nx-text-slate-900 dark:nx-text-slate-100 nx-mt-8 nx-text-2xl">Defined in</h3>
 
-[src/nextjs/server/index.tsx:83](https://github.com/get-convex/convex-auth/blob/main/src/nextjs/server/index.tsx#L83)
+[src/nextjs/server/index.tsx:85](https://github.com/get-convex/convex-auth/blob/main/src/nextjs/server/index.tsx#L85)
 
 ***
 
@@ -174,7 +174,7 @@ since they won't stop nested pages from rendering.
 
 <h3 className="nx-font-semibold nx-tracking-tight nx-text-slate-900 dark:nx-text-slate-100 nx-mt-8 nx-text-2xl">Defined in</h3>
 
-[src/nextjs/server/index.tsx:94](https://github.com/get-convex/convex-auth/blob/main/src/nextjs/server/index.tsx#L94)
+[src/nextjs/server/index.tsx:96](https://github.com/get-convex/convex-auth/blob/main/src/nextjs/server/index.tsx#L96)
 
 ***
 
@@ -213,7 +213,7 @@ export function convexAuthNextjsMiddleware(handler, options) {
 
 <h3 className="nx-font-semibold nx-tracking-tight nx-text-slate-900 dark:nx-text-slate-100 nx-mt-8 nx-text-2xl">Defined in</h3>
 
-[src/nextjs/server/index.tsx:113](https://github.com/get-convex/convex-auth/blob/main/src/nextjs/server/index.tsx#L113)
+[src/nextjs/server/index.tsx:116](https://github.com/get-convex/convex-auth/blob/main/src/nextjs/server/index.tsx#L116)
 
 ***
 
@@ -371,7 +371,7 @@ A Next.js middleware.
 
 <h3 className="nx-font-semibold nx-tracking-tight nx-text-slate-900 dark:nx-text-slate-100 nx-mt-8 nx-text-2xl">Defined in</h3>
 
-[src/nextjs/server/index.tsx:124](https://github.com/get-convex/convex-auth/blob/main/src/nextjs/server/index.tsx#L124)
+[src/nextjs/server/index.tsx:127](https://github.com/get-convex/convex-auth/blob/main/src/nextjs/server/index.tsx#L127)
 
 ***
 
@@ -435,7 +435,7 @@ The route path to redirect to.
 
 <h3 className="nx-font-semibold nx-tracking-tight nx-text-slate-900 dark:nx-text-slate-100 nx-mt-8 nx-text-2xl">Defined in</h3>
 
-[src/nextjs/server/index.tsx:272](https://github.com/get-convex/convex-auth/blob/main/src/nextjs/server/index.tsx#L272)
+[src/nextjs/server/index.tsx:275](https://github.com/get-convex/convex-auth/blob/main/src/nextjs/server/index.tsx#L275)
 
 ***
 

diff --git a/docs/pages/api_reference/providers/Anonymous.mdx b/docs/pages/api_reference/providers/Anonymous.mdx
@@ -6,7 +6,7 @@ Configure [Anonymous](Anonymous.mdx#anonymous) provider given an [AnonymousConfi
 import Anonymous from "@convex-dev/auth/providers/Anonymous";
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [Anonymous],
 });
 ```

diff --git a/docs/pages/api_reference/providers/ConvexCredentials.mdx b/docs/pages/api_reference/providers/ConvexCredentials.mdx
@@ -9,7 +9,7 @@ use the [`Password`](/api_reference/providers/Password) provider instead.
 import ConvexCredentials from "@convex-dev/auth/providers/ConvexCredentials";
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [
     ConvexCredentials({
       authorize: async (credentials, ctx) => {

diff --git a/docs/pages/api_reference/providers/Email.mdx b/docs/pages/api_reference/providers/Email.mdx
@@ -19,7 +19,7 @@ you can override the `authorize` method to skip the check:
 import Email from "@convex-dev/auth/providers/Email";
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [
     Email({ authorize: undefined }),
   ],

diff --git a/docs/pages/api_reference/providers/Password.mdx b/docs/pages/api_reference/providers/Password.mdx
@@ -16,7 +16,7 @@ by the `flow` parameter:
 import Password from "@convex-dev/auth/providers/Password";
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [Password],
 });
 ```

diff --git a/docs/pages/api_reference/server.mdx b/docs/pages/api_reference/server.mdx
@@ -18,7 +18,7 @@ from `convex/auth.ts` to make them callable:
 ```ts filename="convex/auth.ts"
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [],
 });
 ```
@@ -131,9 +131,15 @@ Action called by the client to invalidate the current session.
 Internal mutation used by the library to read and write
 to the database during signin and signout.
 
+#### isAuthenticated
+
+
+Utility function for frameworks to use to get the current auth state
+based on credentials that they've supplied separately.
+
 <h3 className="nx-font-semibold nx-tracking-tight nx-text-slate-900 dark:nx-text-slate-100 nx-mt-8 nx-text-2xl">Defined in</h3>
 
-[src/server/implementation/index.ts:82](https://github.com/get-convex/convex-auth/blob/main/src/server/implementation/index.ts#L82)
+[src/server/implementation/index.ts:91](https://github.com/get-convex/convex-auth/blob/main/src/server/implementation/index.ts#L91)
 
 ***
 
@@ -211,7 +217,7 @@ the user ID or `null` if the client isn't authenticated
 
 <h3 className="nx-font-semibold nx-tracking-tight nx-text-slate-900 dark:nx-text-slate-100 nx-mt-8 nx-text-2xl">Defined in</h3>
 
-[src/server/implementation/index.ts:440](https://github.com/get-convex/convex-auth/blob/main/src/server/implementation/index.ts#L440)
+[src/server/implementation/index.ts:479](https://github.com/get-convex/convex-auth/blob/main/src/server/implementation/index.ts#L479)
 
 ***
 
@@ -411,7 +417,7 @@ or throws an error.
 
 <h3 className="nx-font-semibold nx-tracking-tight nx-text-slate-900 dark:nx-text-slate-100 nx-mt-8 nx-text-2xl">Defined in</h3>
 
-[src/server/implementation/index.ts:458](https://github.com/get-convex/convex-auth/blob/main/src/server/implementation/index.ts#L458)
+[src/server/implementation/index.ts:497](https://github.com/get-convex/convex-auth/blob/main/src/server/implementation/index.ts#L497)
 
 ***
 
@@ -554,7 +560,7 @@ secret does not match.
 
 <h3 className="nx-font-semibold nx-tracking-tight nx-text-slate-900 dark:nx-text-slate-100 nx-mt-8 nx-text-2xl">Defined in</h3>
 
-[src/server/implementation/index.ts:518](https://github.com/get-convex/convex-auth/blob/main/src/server/implementation/index.ts#L518)
+[src/server/implementation/index.ts:557](https://github.com/get-convex/convex-auth/blob/main/src/server/implementation/index.ts#L557)
 
 ***
 
@@ -685,7 +691,7 @@ The new secret credential to store for this account.
 
 <h3 className="nx-font-semibold nx-tracking-tight nx-text-slate-900 dark:nx-text-slate-100 nx-mt-8 nx-text-2xl">Defined in</h3>
 
-[src/server/implementation/index.ts:558](https://github.com/get-convex/convex-auth/blob/main/src/server/implementation/index.ts#L558)
+[src/server/implementation/index.ts:597](https://github.com/get-convex/convex-auth/blob/main/src/server/implementation/index.ts#L597)
 
 ***
 
@@ -757,7 +763,7 @@ Use this function to invalidate existing sessions.
 
 <h3 className="nx-font-semibold nx-tracking-tight nx-text-slate-900 dark:nx-text-slate-100 nx-mt-8 nx-text-2xl">Defined in</h3>
 
-[src/server/implementation/index.ts:588](https://github.com/get-convex/convex-auth/blob/main/src/server/implementation/index.ts#L588)
+[src/server/implementation/index.ts:627](https://github.com/get-convex/convex-auth/blob/main/src/server/implementation/index.ts#L627)
 
 ***
 
@@ -847,7 +853,7 @@ or `null`.
 
 <h3 className="nx-font-semibold nx-tracking-tight nx-text-slate-900 dark:nx-text-slate-100 nx-mt-8 nx-text-2xl">Defined in</h3>
 
-[src/server/implementation/index.ts:610](https://github.com/get-convex/convex-auth/blob/main/src/server/implementation/index.ts#L610)
+[src/server/implementation/index.ts:649](https://github.com/get-convex/convex-auth/blob/main/src/server/implementation/index.ts#L649)
 
 ***
 
@@ -1125,7 +1131,7 @@ and for magic links:
 import GitHub from "@auth/core/providers/github";
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [GitHub],
   callbacks: {
     async redirect({ redirectTo }) {

diff --git a/docs/pages/config/anonymous.mdx b/docs/pages/config/anonymous.mdx
@@ -31,7 +31,7 @@ You can import the `Anonymous` provider from
 import { Anonymous } from "@convex-dev/auth/providers/Anonymous";
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [Anonymous],
 });
 ```
@@ -101,7 +101,7 @@ This example matches the Cloudflare Turnstile API:
 import { Anonymous } from "@convex-dev/auth/providers/Anonymous";
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [
     Anonymous({
       profile({ token }) {

diff --git a/docs/pages/config/email.mdx b/docs/pages/config/email.mdx
@@ -71,7 +71,7 @@ Import Auth.js providers from `@auth/core/providers`. For example for _Resend_:
 import Resend from "@auth/core/providers/resend";
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [Resend],
 });
 ```

diff --git a/docs/pages/config/oauth.mdx b/docs/pages/config/oauth.mdx
@@ -97,7 +97,7 @@ Import Auth.js providers from `@auth/core/providers`. For example for _GitHub_:
 import GitHub from "@auth/core/providers/github";
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [GitHub],
 });
 ```
@@ -190,7 +190,7 @@ example:
 import GitHub from "@auth/core/providers/github";
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [GitHub],
   callbacks: {
     async redirect({ redirectTo }) {
@@ -246,7 +246,7 @@ config:
 import GitHub from "@auth/core/providers/github";
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [
     GitHub({
       profile(githubProfile, tokens) {

diff --git a/docs/pages/config/oauth/apple.mdx b/docs/pages/config/oauth/apple.mdx
@@ -181,7 +181,7 @@ written will be retained.
 import Apple from "@auth/core/providers/apple";
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [
     Apple({
       profile: (appleInfo) => {

diff --git a/docs/pages/config/oauth/github.mdx b/docs/pages/config/oauth/github.mdx
@@ -90,7 +90,7 @@ environment variables above.
 import GitHub from "@auth/core/providers/github";
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [GitHub],
 });
 ```

diff --git a/docs/pages/config/oauth/google.mdx b/docs/pages/config/oauth/google.mdx
@@ -123,7 +123,7 @@ environment variables above.
 import Google from "@auth/core/providers/google";
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [Google],
 });
 ```

diff --git a/docs/pages/config/otps.mdx b/docs/pages/config/otps.mdx
@@ -101,7 +101,7 @@ Then use it in `convex/auth.ts`:
 import { convexAuth } from "@convex-dev/auth/server";
 import { ResendOTP } from "./ResendOTP";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [ResendOTP],
 });
 ```

diff --git a/docs/pages/config/passwords.mdx b/docs/pages/config/passwords.mdx
@@ -35,7 +35,7 @@ You can import the `Password` provider from
 import { Password } from "@convex-dev/auth/providers/Password";
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [Password],
 });
 ```
@@ -210,7 +210,7 @@ import { Password } from "@convex-dev/auth/providers/Password";
 import { convexAuth } from "@convex-dev/auth/server";
 import { ResendOTPPasswordReset } from "./ResendOTPPasswordReset";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [Password({ reset: ResendOTPPasswordReset })],
 });
 ```
@@ -333,7 +333,7 @@ import { Password } from "@convex-dev/auth/providers/Password";
 import { convexAuth } from "@convex-dev/auth/server";
 import { ResendOTP } from "./ResendOTP";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [Password({ verify: ResendOTP })],
 });
 ```

diff --git a/docs/pages/setup/manual.mdx b/docs/pages/setup/manual.mdx
@@ -105,7 +105,7 @@ export default {
 ```ts filename="convex/auth.ts"
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
   providers: [],
 });
 ```

diff --git a/src/cli/index.ts b/src/cli/index.ts
@@ -423,7 +423,7 @@ async function initializeAuth(config: ProjectConfig) {
   const sourceTemplate = `\
 import { convexAuth } from "@convex-dev/auth/server";
 
-export const { auth, signIn, signOut, store } = convexAuth({$$
+export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({$$
   providers: [$$],$$
 });
 `;

diff --git a/src/nextjs/server/index.tsx b/src/nextjs/server/index.tsx
@@ -1,5 +1,6 @@
 import "server-only";
 
+import { fetchQuery } from "convex/nextjs";
 import { NextMiddlewareResult } from "next/dist/server/web/types";
 import {
   NextFetchEvent,
@@ -20,6 +21,7 @@ import {
   setAuthCookies,
   setAuthCookiesInMiddleware,
 } from "./utils.js";
+import { IsAuthenticatedQuery } from "../../server/implementation/index.js";
 
 /**
  * Wrap your app with this provider in your root `layout.tsx`.
@@ -92,7 +94,8 @@ export async function convexAuthNextjsToken() {
  * since they won't stop nested pages from rendering.
  */
 export async function isAuthenticatedNextjs() {
-  return (await convexAuthNextjsToken()) !== undefined;
+  const cookies = await getRequestCookies();
+  return isAuthenticated(cookies.token);
 }
 
 /**
@@ -230,7 +233,7 @@ export function convexAuthNextjsMiddleware(
             },
             isAuthenticated: async () => {
               const cookies = await getRequestCookiesInMiddleware(request);
-              return (cookies.token ?? undefined) !== undefined;
+              return isAuthenticated(cookies.token);
             },
           },
         })) ??
@@ -294,3 +297,18 @@ async function convexAuthNextjsServerState(): Promise<ConvexAuthServerState> {
     _timeFetched: Date.now(),
   };
 }
+
+async function isAuthenticated(token: string | null): Promise<boolean> {
+  if (!token) {
+    return false;
+  }
+  try {
+    return await fetchQuery(
+      "auth:isAuthenticated" as any as IsAuthenticatedQuery,
+      {},
+      { token: token },
+    );
+  } catch {
+    return false;
+  }
+}