Originally posted #1283351896765235230 message
#Auth token is not a valid JWT, cannot refetch the token on upgrade from Convex 1.15 -> 1.16.3
latent ridge
south depotBOT
latent ridge
I suspect that https://github.com/get-convex/convex-js/commit/cfcf79c8efb383957d23370ecd23adeddb0f094a might've unintentionally broken things here.
Curious if you're able to grab your JWT (in a browser you can inspect local storage / cookies, in React Native you can add some log lines in the storage getters / setters) and pass it in to https://jwt.io/#debugger-io and see if there's anything surprising there.
But also skimming some of the issues in the jwt-decode library looks like there could be some bundling issues / import issues, so I will also try and reproduce this
(cc @fickle topaz )
latent ridge
Oh if this is React Native, looks like https://github.com/auth0/jwt-decode/issues/241 is relevant -- if you're on a react native version before 0.74 I believe the updated version of jwt-decode needs a polyfill (or a bump to react native 0.74)
fickle topaz
Great, thank you @latent ridge. I'll try with an updated version of React Native in the coming weeks.
bronze jetty
@latent ridge I can confirm the same issue after upgrading Convex from 1.16.0 to 1.16.4. I also updated @convex-dev/authfrom 0.0.67 to 0.0.71.
My React Native version is 0.74.5 and I am still getting the same error:
Auth token is not a valid JWT, cannot refetch the token
The authentication as such is seemingly working fine, it is just throwing this error and I cannot debug it, where exactly is happening.
(cc: @fickle topaz)
latent ridge
On 1.16.4, if you can turn on verbose logs for your client, (new ConvexReactClient(<url>, { verbose: true })), it should now print the error message to the console now.
I'd also love to see what the decoded JWT (via https://jwt.io/#debugger-io) looks like in case there's something in particular that this library doesn't handle well.
For instance, here's one of my JWTs decoded that seems to work fine even with React Native
bronze jetty
On 1.16.4, if you can turn on verbose logs for your client, (`new ConvexReactCli...
Hi @latent ridge I have turned on the verbose logging and this is what I'm getting now in my console logs (see screenshot):
Error decoding token: 0, require(_dependencyMap[3], "jwt-decode").jwtDecode is not a function (it is undefined) [v5]
ERROR Auth token is not a valid JWT, cannot refetch the token
bronze jetty
For instance, here's one of my JWTs decoded that seems to work fine even with Re...
The tool from the website is saying that the token has an invalid signature - see screenshot.
The authentication (signing in) is seemingly working fine. It's only that this error is being thrown every time.
bronze jetty
@latent ridge perhaps any update on this issue?
latent ridge
So workaround for now is using Convex 1.16.0 (or earlier). Seems like us bumping the version of jwt-decode broke something (https://github.com/auth0/jwt-decode/issues/140 sounds similar but doesn't really include a fix) so we'll probably undo that and push a new release soon
bronze jetty
Ok, thank you for the update! 🙏
At least the issue is known and is going to be fixed in the future
vagrant void
Hi, facing the same problem as of now
"convex": "^1.18.2"
(NOBRIDGE) DEBUG 2025-01-19T21:07:05.608Z Error decoding token: 0, import_jwt_decode.default is not a function (it is Object) [v2]
(NOBRIDGE) ERROR Auth token is not a valid JWT, cannot refetch the token
react-native: 0.76.6
lucid prism
Did any of the fixes in https://github.com/auth0/jwt-decode/issues/140 work for you?
oblique bane
Hi, facing the same problem as of now
```"convex": "^1.18.2"```
What version of jwt-decode do you have installed?
vagrant void
What version of `jwt-decode` do you have installed?
"version": "4.0.0",
vagrant void
Did any of the fixes in https://github.com/auth0/jwt-decode/issues/140 work for ...
im not importing jwt decode directly so solutions here don't apply
oblique bane
im not importing jwt decode directly so solutions here don't apply
You could try overriding https://docs.npmjs.com/cli/v9/configuring-npm/package-json#overrides the version that a dependency uses, but it sounds like there's an issue here
@vagrant void are you using Convex Auth?
vagrant void
<@599279592489877504> are you using Convex Auth?
yes, hence me not calling jwt-decode directly, i got the version from node_modules
oblique bane
We moved back to pre-4.0.0 being the supported version of jwt-decode for convex a while ago https://github.com/get-convex/convex-js/blob/main/package.json#L237
so this is not a supported configuration to use 4.0 or greater
but if there's something that makes it difficult to use <4 we can look into it
What package manager, it must be using the same version of jwt-decode for Convx Auth and for convex
vagrant void
Yes I saw that and updated my packages to latest version but it still installed ver. 4.0 for jwt-decode
oblique bane
despite convex requiring "jwt-decode": "^3.1.2", and Convex Auth requiring "jwt-decode": "^3.1.2",
vagrant void
let me check if I have something else forcing that
you have it in @convex-dev/auth
"name": "@convex-dev/auth",
"version": "0.0.80",
...
"dependencies": {
"arctic": "^1.2.0",
"cookie": "^1.0.1",
"jose": "^5.2.2",
"jwt-decode": "^4.0.0",
"lucia": "^3.2.0",
"oslo": "^1.1.2",
"path-to-regexp": "^6.3.0",
"server-only": "^0.0.1",
"oauth4webapi": "^3.1.2"
},```yeah @convex-dev/auth requires 4 and convex requires 3
typically package manager manage this by sticking these in node_modules/@convex-dev/auth/node_modules/jwt-decode and node_modules/convex/node_modules/jwt-decode
what package manager are you using?
vagrant void
bun
oblique bane
sounds like https://github.com/oven-sh/bun/issues/6850
vagrant void
it has done that though as i can see convex/node_modules/jwt-decode ver 3.1.2, but the /auth package has no node_modules and the root node_module has jwt-decode ver 4.0
oblique bane
huh yeah that sounds right
vagrant void
ok let me install it using npm and ill get back to you
oblique bane
You might try installing from scratch wiht bun (removing lockfile and node_modules) too, it's possible it's a path-dependent thing
vagrant void
ill stick with npm if it fixes this, ive tried to do that previously with bun and have had the same error come up again and again
oblique bane
Also what's the framework/bundler you're using where you have this issue? Could be bun does this fine for its own module resolution but when combined with that bundler the behavior doesn't work out
vagrant void
im getting this error in a turbo repo monorepo, specifically inside a expo app
might be this to, turborepo has no support for bun yet
oblique bane
gotcha, cool I wonder about the expo part too, expo has its own bundler and module resolution
vagrant void
with npm install, instead of the 4.0 version being in the root node_modules, i have the 3.1.2 and iinstead of convex having the node_modules with the specific jwt-decode version in it, now convex-auth does
which is not what I expected
oblique bane
I'd think that either way would work, but apparently I'm wrong
vagrant void
im opening up the app and Ill see if i still get the error
vagrant void
I'd think that either way would work, but apparently I'm wrong
yeah it would make sense
oblique bane
ok we won't change anything for now, but noted that if we can it's helpful for these to match when possible to account for issues like this
vagrant void
still getting it, I think you guys should prioritize getting shared libraries up to the same version so such issues dont arise
oblique bane
still getting it, I think you guys should prioritize getting shared libraries up...
still getting this with npm-installed libraries? Ok yeah sounds like an issue