#convex-auth server side token support or server components (not using nextjs)

im using remix js. when a user logs in, I want to take that token and provide it to the convex http client. how can I do so securely?

Hi @tight void. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:

To securely provide a user’s token to the Convex HTTP client in a Remix.js app (not using Next.js), you need to ensure that:

1. The token you provide is a valid JWT that Convex can verify, typically an ID token from your authentication provider.
2. You pass this token to the Convex client using the appropriate method.

How to Provide the Token

• When a user logs in and you obtain their JWT (ID token), you can pass it to the Convex client using the setAuth method (if using the JS client), or by including it in the token field of the options object when calling Convex functions like fetchQuery, fetchMutation, or fetchAction.

Example (using the Convex JS client):

import { ConvexHttpClient } from "convex/browser";

const convex = new ConvexHttpClient(process.env.CONVEX_URL);

convex.setAuth(async () => {
  // Retrieve the user's JWT from your session/cookies/wherever you store it
  return userJwtToken;
});

Or, when calling a function directly:

const result = await fetchQuery(api.myFunction, args, { token: userJwtToken });

Security Considerations

• Never expose the JWT to the client if it’s meant for server-side use only. Store it securely in your server session or cookies (with httpOnly and secure flags).
• Ensure your Convex backend is configured to accept and validate tokens from your auth provider. This usually means your auth.config.ts must have the correct provider domain and JWKS endpoint set up, so Convex can verify the JWT signature and claims (see this explanation).
• If you’re using a custom auth provider, you may need to implement the OpenID Connect endpoints (/.well-known/openid-configuration and /.well-known/jwks.json) so Convex can validate the tokens you issue. This is required if you want to use your own JWTs with Convex’s built-in authentication (details here).

Summary

• Obtain the user’s JWT after login.
• Store it securely on the server.
• Pass it to Convex via setAuth or as the token option in function calls.
• Make sure your Convex backend is configured to validate your JWTs.

If you’re not using Next.js, you don’t need any Next.js-specific helpers—just ensure you’re passing the token in the right place and that your backend is set up to trust it.

If you need a reference implementation, the Convex Auth library is a good starting point, even if you’re not using React, as it shows how to structure the backend for JWT validation.

If you need to implement your own OIDC endpoints, see the Stack Convex NextAuth Adapter guide for an example of how to expose JWKS and configure Convex to trust your tokens.

If you need more specific code for Remix, the knowledge sources do not provide a Remix-specific example, but the general approach above applies.

References:
Custom auth Discord thread
Convex Auth API Reference
Stack Convex NextAuth Adapter: Authenticating Convex function calls

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: