how to make custom authorization?
#custom auth
quasi spindle
hybrid nacelleBOT
Hi @quasi spindle. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
To implement custom authorization in Convex, you have a few options:
-
Code-based authorization:
You can write custom authorization logic directly in your Convex functions. This allows for flexible rules but requires implementing checks in each relevant function.Row Level Security provides an example:
export default likePost = mutation(async ({db, auth}, {postId}) => { const post = await db.get(postId); if (!await connectedInGraph(db, await auth.getUserIdentity(), post.author)) { throw new Error("you can't like that"); } await db.patch(postId, {likes: post.likes + 1}); }); -
Row-level security:
This approach defines authorization rules at the document level, which are automatically applied when accessing data.Row Level Security shows how to implement this:
const rules = { messages: { read: async ({ auth }, message) => { if (identity === null) { return message.published; } return true; }, modify: async ({ auth }, message) => { if (identity === null) { return false; } return message.author === identity.tokenIdentifier; }, }, }; -
Custom authentication provider:
If you need a completely custom auth system, you can implement your own OAuth provider. This involves creating endpoints for OAuth configuration and JWT validation.Custom Auth Integration mentions that Convex supports custom OpenID Connect-compatible identity providers.
-
Convex Auth:
For client-side React and React Native apps, you can use the Convex Auth library to implement custom sign-up/sign-in flows.Authentication introduces Convex Auth as a beta feature for implementing auth directly in Convex.