refactor: use betterauth instead of workos

2026-02-02 13:21:17 +00:00 · 2025-10-05 20:21:45 +00:00
parent b654f50ddd
commit 483aa19351
23 changed files with 4141 additions and 273 deletions
--- a/packages/convex/_generated/api.d.ts
+++ b/packages/convex/_generated/api.d.ts
--- a/packages/convex/_generated/api.js
+++ b/packages/convex/_generated/api.js
@@ -8,7 +8,7 @@
 * @module
 */

-import { anyApi } from "convex/server";
+import { anyApi, componentsGeneric } from "convex/server";

 /**
 * A utility for referencing Convex functions in your app's API.
@@ -20,3 +20,4 @@ import { anyApi } from "convex/server";
 */
 export const api = anyApi;
 export const internal = anyApi;
+export const components = componentsGeneric();
--- a/packages/convex/_generated/server.d.ts
+++ b/packages/convex/_generated/server.d.ts
@@ -10,6 +10,7 @@

 import {
  ActionBuilder,
+  AnyComponents,
  HttpActionBuilder,
  MutationBuilder,
  QueryBuilder,
@@ -18,9 +19,15 @@ import {
  GenericQueryCtx,
  GenericDatabaseReader,
  GenericDatabaseWriter,
+  FunctionReference,
 } from "convex/server";
 import type { DataModel } from "./dataModel.js";

+type GenericCtx =
+  | GenericActionCtx<DataModel>
+  | GenericMutationCtx<DataModel>
+  | GenericQueryCtx<DataModel>;
+
 /**
 * Define a query in this Convex app's public API.
 *
--- a/packages/convex/_generated/server.js
+++ b/packages/convex/_generated/server.js
@@ -16,6 +16,7 @@ import {
  internalActionGeneric,
  internalMutationGeneric,
  internalQueryGeneric,
+  componentsGeneric,
 } from "convex/server";

 /**
--- a/packages/convex/auth.config.ts
+++ b/packages/convex/auth.config.ts
@@ -1,20 +1,8 @@
-const clientId = process.env.WORKOS_CLIENT_ID
-
 const authConfig = {
 	providers: [
 		{
-			type: "customJwt",
-			issuer: `https://api.workos.com/`,
-			algorithm: "RS256",
-			jwks: `https://api.workos.com/sso/jwks/${clientId}`,
-			applicationID: clientId,
-		},
-		{
-			type: "customJwt",
-			issuer: `https://api.workos.com/user_management/${clientId}`,
-			algorithm: "RS256",
-			jwks: `https://api.workos.com/sso/jwks/${clientId}`,
-			applicationID: clientId,
+			domain: process.env.CONVEX_SITE_URL,
+			applicationID: "convex",
 		},
 	],
 }
--- a/packages/convex/auth.ts
+++ b/packages/convex/auth.ts
@@ -0,0 +1,47 @@
+import { createClient, type GenericCtx } from "@convex-dev/better-auth"
+import { convex, crossDomain } from "@convex-dev/better-auth/plugins"
+import { betterAuth } from "better-auth"
+import { components } from "./_generated/api"
+import type { DataModel } from "./_generated/dataModel"
+import { query } from "./_generated/server"
+
+const siteUrl = process.env.SITE_URL!
+
+// The component client has methods needed for integrating Convex with Better Auth,
+// as well as helper methods for general use.
+export const authComponent = createClient<DataModel>(components.betterAuth)
+
+export const createAuth = (
+	ctx: GenericCtx<DataModel>,
+	{ optionsOnly } = { optionsOnly: false },
+) => {
+	return betterAuth({
+		// disable logging when createAuth is called just to generate options.
+		// this is not required, but there's a lot of noise in logs without it.
+		logger: {
+			disabled: optionsOnly,
+		},
+		trustedOrigins: [siteUrl],
+		database: authComponent.adapter(ctx),
+		// Configure simple, non-verified email/password to get started
+		emailAndPassword: {
+			enabled: true,
+			requireEmailVerification: false,
+		},
+		plugins: [
+			// The cross domain plugin is required for client side frameworks
+			crossDomain({ siteUrl }),
+			// The Convex plugin is required for Convex compatibility
+			convex(),
+		],
+	})
+}
+
+// Example function for getting the current user
+// Feel free to edit, omit, etc.
+export const getCurrentUser = query({
+	args: {},
+	handler: async (ctx) => {
+		return authComponent.getAuthUser(ctx)
+	},
+})
--- a/packages/convex/convex.config.ts
+++ b/packages/convex/convex.config.ts
@@ -0,0 +1,7 @@
+import betterAuth from "@convex-dev/better-auth/convex.config"
+import { defineApp } from "convex/server"
+
+const app = defineApp()
+app.use(betterAuth)
+
+export default app
--- a/packages/convex/http.ts
+++ b/packages/convex/http.ts
@@ -0,0 +1,7 @@
+import { httpRouter } from "convex/server"
+import { authComponent, createAuth } from "./auth"
+
+const http = httpRouter()
+// CORS handling is required for client side frameworks
+authComponent.registerRoutes(http, createAuth, { cors: true })
+export default http
--- a/packages/convex/package.json
+++ b/packages/convex/package.json
@@ -7,6 +7,8 @@
 	},
 	"peerDependencies": {
 		"typescript": "^5",
-		"convex": "^1.27.0"
+		"better-auth": "1.3.8",
+		"convex": "^1.27.0",
+		"@convex-dev/better-auth": "^0.8.9"
 	}
 }