#OAuth error

Cannot authenticate users with convex at all

Hey, I set up twitter with convex auth as additional auth for linking the account atm. For primary auth I am using custom ConvexCredentials providers for eth/sol/ton wallet signin which works fine. However after signin with twitter I get the authorize screen but after authorizing it redirects back to previous path because I get the following error in the log at GET /api/auth/callback/twitter

'server responded with an error in the response body
    at checkOAuthBodyError (../../node_modules/oauth4webapi/src/index.ts:2656:8)
    at async processGenericAccessTokenResponse (../../node_modules/oauth4webapi/src/index.ts:3328:2)
    at async processAuthorizationCodeOAuth2Response (../../node_modules/oauth4webapi/src/index.ts:3868:17)
    at async handleOAuth (../../node_modules/@convex-dev/auth/src/server/oauth/callback.ts:163:21)
    at async <anonymous> (../../node_modules/@convex-dev/auth/src/server/implementation/index.ts:326:34)
    at async invokeFunction (../../node_modules/convex/src/server/impl/registration_impl.ts:80:11)
    at async invokeHttpAction (../../node_modules/convex/src/server/impl/registration_impl.ts:442:0)
    at async <anonymous> (../../node_modules/convex/src/server/router.ts:322:16)'

Here is the default provider setup from auth.ts I am using:

    Twitter({
      clientId: convexEnv.TWITTER_CLIENT_ID,
      clientSecret: convexEnv.TWITTER_CLIENT_SECRET,
    })

Any idea?

Hi @grizzled skiff. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:

The error you're seeing:

'server responded with an error in the response body
    at checkOAuthBodyError (../../node_modules/oauth4webapi/src/index.ts:2656:8)
    ...

indicates that the Twitter OAuth flow is failing at the point where Convex Auth tries to exchange the authorization code for an access token. This is a generic error from the underlying oauth4webapi library, which Convex Auth uses for OAuth flows.

Possible causes and troubleshooting steps:

1. Check for Additional Logs:
   The error message itself is generic. Trusted Support Staff have suggested looking for more detailed logs in your Convex dashboard, as the actual error from Twitter (such as invalid credentials, misconfigured callback URL, or missing permissions) might be present there. These details are crucial for diagnosing the root cause. If you haven't already, enable verbose logging as described in the Convex Auth debugging docs: Debugging Convex Auth Source.

2. Verify Twitter App Configuration:

   • Double-check that your Twitter app's callback URL matches the one expected by Convex Auth. For Convex, this should be:

     <https://<your-deployment>.convex.site/api/auth/callback/twitter>
     

     (Replace <your-deployment> with your actual deployment name.)
   • Ensure your Twitter app is set up for OAuth 2.0 and that the client ID and client secret are correct and set as environment variables in your Convex backend Source.

3. Provider Setup:
   Your provider setup in auth.ts looks correct:

   Twitter({
     clientId: convexEnv.TWITTER_CLIENT_ID,
     clientSecret: convexEnv.TWITTER_CLIENT_SECRET,
   })
   

   Make sure the environment variables are set and accessible to your Convex backend.

4. Check for Known Issues:
   There are known issues with some OAuth providers and the libraries they depend on. If you continue to see this error and your configuration is correct, it may be a compatibility issue between Convex Auth, Auth.js, and Twitter's OAuth implementation. In such cases, searching or opening an issue on the Convex Auth GitHub may help.

5. General OAuth Troubleshooting:

   • Try deleting cookies and local storage, or use a private/incognito browser window to rule out bad state.
   • Compare your setup to the Convex Auth example projects to ensure nothing is missing Source.

Summary:
The error is likely due to a misconfiguration (callback URL, credentials, or environment variables) or a provider/library compatibility issue. Check your logs for more details, verify your Twitter app and environment variable setup, and consult the debugging docs for further troubleshooting. If the problem persists, consider opening an issue with detailed logs for further support.

Source

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:

@steady ingot if I run a local convex instance what should the callback url be for GitHub oauth?

Let me check the knowledge base for you again. One moment! :books:

If you are running a local Convex instance, the callback URL for GitHub OAuth should be your Convex HTTP Actions URL with the path /api/auth/callback/github. For a typical local development setup, this will look like:

<https://<your-local-deployment>.convex.site/api/auth/callback/github>

You can find your HTTP Actions URL in the Convex dashboard under Settings -> URL & Deploy Key -> Show development credentials. The URL will end in .site (not .cloud). For example, if your deployment is named fast-horse-123, your callback URL would be:

<https://fast-horse-123.convex.site/api/auth/callback/github>

Use this as the Authorization callback URL when registering your GitHub OAuth app for local development GitHub OAuth instructions.

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:

@steady ingot

.convex.site isn’t local, why not http://localhost:3210

Let me check the knowledge base for you again. One moment! :books:

You're correct: .convex.site is not a local address. In the standard Convex cloud development flow, the callback URL for OAuth is set to the .convex.site domain because that's where the Convex backend is hosted.

However, if you are running a local Convex backend (for example, using the open-source backend or npx convex dev --local), the callback URL should point to your local server. According to the official Convex documentation, when running locally, you should use your local HTTP Actions URL, which would look like:

<http://localhost:<port>/api/auth/callback/github>

For example, if your local Convex backend is running on port 3210, the callback URL would be:

<http://localhost:3210/api/auth/callback/github>

This matches the pattern described in the manual setup instructions, where SITE_URL is set to your local address (e.g., <http://localhost:5173> for the frontend), and the backend would similarly use a localhost URL for callbacks.

Summary:

• For local Convex development, use <http://localhost:<port>/api/auth/callback/github> as your GitHub OAuth callback URL.
• The .convex.site domain is only for cloud deployments.

If you need more details on running the open-source backend and configuring local URLs, see the OSS backend guide.

If you do not see this working as expected, or if the Convex CLI or dashboard still suggests a .convex.site URL even in local mode, please note that the knowledge sources do not provide further details on this specific scenario.

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: