Using Trigger dev with Convex | Convex Community | Page 1

halcyon shell Nov 9, 2024, 3:58 PM

#

I am trying to offload some image and video processing to a background task service like Trigger.dev. I'm thinking of using the ConvexHttpClient and my convex functions are secured with Convex Auth but am not sure how to go about authenticating these actions on trigger.dev. I can pass a JWT token as a function param but that may expire if my function on trigger.dev isn't ran for a long time. Any advice?

alpine cloakBOT Nov 9, 2024, 3:58 PM

#

Thanks for posting in #1088161997662724167.
Reminder: If you have a Convex Pro account, use the Convex Dashboard to file support tickets.

    - Provide context: What are you trying to achieve, what is the end-user interaction, what are you seeing? (full error message, command output, etc.)
    - Use [search.convex.dev](https://search.convex.dev) to search Docs, Stack, and Discord all at once.
    - Additionally, you can post your questions in the Convex Community's #1228095053885476985 channel to receive a response from AI.
    - Avoid tagging staff unless specifically instructed.

    Thank you!

gilded terrace Nov 9, 2024, 10:54 PM

#

@halcyon shell a simple shared secret may be sufficient

halcyon shell Nov 10, 2024, 2:24 AM

#

Thank you for the response! That's the conclusion I came up with as well. Do you think this looks ok to you or is it a security risk?

export const triggerDevQuery = customQuery(query, {
  args: {
    apiKey: v.string(),
  },
  input: async (ctx, args) => {
    if (args.apiKey !== process.env.CONVEX_API_KEY) {
      throw new Error("Invalid API Key");
    }

    return {
      ctx,
      args,
    };
  },
});

halcyon shell Nov 10, 2024, 2:55 AM

#

wondering is there a way to not have to pass the apiKey arg every time though

vague mountain Nov 10, 2024, 6:22 PM

#

Find a different way to authorize the request without requiring an api key as an arg, so the key can just be passed server to server.

#

I'd also expect that you'd be passing a trigger.dev api secret in the request to their service, so a convex api key wouldn't play a part. Unless I'm misunderstanding something about what you're doing here.

bleak zenith Nov 10, 2024, 9:39 PM

#

Add your convex dev api key to the trigger.dev env variables from the dashboard. If you need to trigger a task in convex add your trigger.dev key in your convex/s env section of your dashboard.

#

both services will read the env for the key if present.

halcyon shell Nov 11, 2024, 2:12 AM

#

ok thank you guys let me try your suggestions today and report back here!

halcyon shell Nov 11, 2024, 2:50 PM

#

@vague mountain @bleak zenith I had a look at your guys suggestions but basically I am trying to

trigger the task in a convex function - this is basically fine, trigger provides a secret i can use to auth that request √
in the trigger function, I have to call some convex APIs to feed the generated data back to convex after the task is completed. Eg. after the task is completed, I need to save the image back to the convex blob storage and also update some DB tables. This is the part I have issues with. How do I set up authentication when going from trigger -> convex? I see sth like client.setAuth but that is expecting a JWT, I don't see anywhere in the ConvexHttpClient i can pass metadata to convex's side that I can access in the functions

vague mountain Nov 11, 2024, 4:10 PM

#

I would use an http function on the convex side to receive the request from Trigger. The request from trigger would include the secret, probably as a bearer token in an auth header.

#

You won’t have actual auth on the convex side for any of this though, so you’ll want to write functions that can do the writes without auth, make them internal, and probably only use them from this http function.

#Using Trigger dev with Convex