Native auth (auth.config.ts) session duration with Apple Sign In on iOS | Convex Community | Page 1

hidden dewBOT Jan 23, 2026, 12:04 PM

Hi @ruby kayak. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:

I’m sorry, but the knowledge sources don’t describe the native / auth.config.ts Apple Sign In flow you’re using in enough detail to answer with certainty. They only cover:

Convex Auth’s own session model (via convexAuth) [Server config; Session validity]
Standard OAuth Apple setup for Convex Auth (web-based, not native) [Apple OAuth]

Given that limitation, here’s what is documented and how it maps to your questions:

1. When the Apple JWT expires, will users be logged out on next app open?

The docs do not state how a custom/native Apple JWT used outside Convex Auth’s convexAuth helpers is treated over time, so I can’t say for sure. There is no explicit description of a “native Apple provider” in auth.config.ts or how its token expiry affects Convex sessions.

2. Does Convex maintain its own session after initial JWT validation?

For Convex Auth (convexAuth), yes: it creates its own session documents and issues Convex JWTs with their own lifetimes, independent of the upstream provider’s token. [Server config; Session lifecycle; Session validity]

However, the sources don’t explain how your auth.config.ts “native” setup plugs into that machinery, so I can’t confirm that the same behavior applies to your current configuration.

3. Do you need `@convex-dev/auth` to get 30‑day sessions?

The only clearly documented way to configure session duration (e.g. 30 days) is via convexAuth’s session options:

export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
  providers: [/* ... */],
  session: {
    totalDurationMs: 1000 * 60 * 60 * 24 * 30,
    inactiveDurationMs: 1000 * 60 * 60 * 24 * 30,
  },
});

[Server config]

The docs do not show an equivalent session configuration mechanism for the auth.config.ts native setup you’re using, so I can’t confirm that you can get 30‑day sessions there without moving to @convex-dev/auth.

Because the knowledge sources don’t cover your exact `auth.config.ts` native Apple flow, I can’t definitively answer how expiry and session length behave in that mode. If you need guaranteed, configurable 30‑day sessions as documented, the only clearly supported path in the docs is via `@convex-dev/auth` and `convexAuth`.

#Native auth (auth.config.ts) session duration with Apple Sign In on iOS

1. When the Apple JWT expires, will users be logged out on next app open?

2. Does Convex maintain its own session after initial JWT validation?

3. Do you need `@convex-dev/auth` to get 30‑day sessions?

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:

#Native auth (auth.config.ts) session duration with Apple Sign In on iOS

1. When the Apple JWT expires, will users be logged out on next app open?

2. Does Convex maintain its own session after initial JWT validation?

3. Do you need @convex-dev/auth to get 30‑day sessions?

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:

3. Do you need `@convex-dev/auth` to get 30‑day sessions?