Clerk logo

Clerk Docs

Ctrl + K
Go to clerkstage.dev

Convex

Learn how to integrate Clerk into your Convex application

Getting started

Navigate to the JWT Templates screen from the Clerk Dashboard and click on the button to create a New Template based on Convex.

This will pre-populate the default audience (aud) claim required by Convex. You can include additional claims as necessary. Shortcodes are available to make adding dynamic user values easy.

By default, Clerk will sign the JWT with a private key automatically generated for your application, which is what most developers use for Convex. If you so choose, you can customize this key.

Before clicking apply changes make sure you copy the issuer URL you will need this in the next step.

Configure Convex

The next step is to configure Convex with the issuer domain provided by Clerk. From your Clerk JWT template screen, find the Issuer input and click to Copy the URL.

In your terminal, run the following command from your Convex app directory:

npx convex auth add

Paste the Issuer URL you copied when it prompts you for the identity provider's URL.

The application/client ID will need to match the aud claim (default is convex).

? Enter the identity provider's Domain URL: https://your-issuer-url.clerk.accounts.dev/
? Enter your application/client ID with this identity provider: convex
? Would you like to add another provider? No
Configuration updated. Run `npx convex dev` or `npx convex deploy` to sync these changes.

Configure the providers

Both Clerk and Convex have Provider components that are required to wrap your React application to provide the authentication and client context.

1
import "../styles/globals.css";
2
import { useEffect } from "react";
3
import { ClerkProvider, useAuth } from "@clerk/nextjs";
4
import { ConvexProvider, ConvexReactClient } from "convex/react";
5


6
const convex = new ConvexReactClient(process.env.NEXT_PUBLIC_CONVEX_URL);
7


8
function ClerkConvexAdapter() {
9
  const { getToken, isSignedIn } = useAuth();
10


11
  useEffect(() => {
12
    if (isSignedIn) {
13
      convex.setAuth(async () =>
14
        getToken({ template: "convex", skipCache: true })
15
      );
16
    } else {
17
      convex.clearAuth();
18
    }
19
  }, [getToken, isSignedIn]);
20
  return null;
21
}
22


23
export default function MyApp({ Component, pageProps }) {
24
  return (
25
    <ClerkProvider
26
      publishableKey={process.env.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY}
27
    >
28
      <ConvexProvider client={convex}>
29
        <ClerkConvexAdapter />
30
        <Component {...pageProps} />
31
      </ConvexProvider>
32
    </ClerkProvider>
33
  );
34
}

Access user identity

In some cases you may need to access the user when using Convex queries and mutations, you can use the getUserIdentity() method provided on the auth property, which is passed to the context argument of every Convex function invocation.

convex/getUser.ts
1
import type { UserIdentity } from 'convex/server';
2
import { query } from './_generated/server';
3


4
export default query(async ({ auth }): Promise<UserIdentity | null> => {
5
  const identity = await auth.getUserIdentity();
6


7
  return identity;
8
});



The identity object should be match the openID spec, you can update the JWT template to include them for example:

1
{
2
"email": "{{user.primary_email_address}}",
3
"picture": "{{user.profile_image_url}}",
4
"given_name": "{{user.first_name}}",
5
"family_name": "{{user.last_name}}",
6
"email_verified": "{{user.email_verified}}"
7
}

Was this helpful?

Clerk © 2023