Waffleophagus
Explore posts from serversCCConvex Community
•Created by Waffleophagus on 5/1/2025 in #support-community
Logging into new user "doesn't work" on react native since I store state?
A new user record (along with an authAccount) is created upon first hitting the first of the two OTP endpoints
9 replies
CCConvex Community
•Created by Waffleophagus on 5/1/2025 in #support-community
Logging into new user "doesn't work" on react native since I store state?
New user record is the flow that the auth library does currently, hence the necessity of the migration
9 replies
CCConvex Community
•Created by Waffleophagus on 5/1/2025 in #support-community
Logging into new user "doesn't work" on react native since I store state?
That said, yea, got the migration running super smoothly now, thanks again for the help on that part!
9 replies
CCConvex Community
•Created by Waffleophagus on 5/1/2025 in #support-community
Logging into new user "doesn't work" on react native since I store state?
I will happily share any code you wanna see on this, and honestly if we find a good solution I’ll happily open source it even, but I won’t be able to access the code till I’m home
9 replies
CCConvex Community
•Created by Waffleophagus on 5/1/2025 in #support-community
Logging into new user "doesn't work" on react native since I store state?
User goes through the OTP process, if they are logging into an existing account, it appears that nothing happens, they are kicked to the Home Screen and it looks like nothing changed. I logged the hell out of the flow and it also appears that it even refreshes the anonymous token? If you leave/kill the app and come back, the login takes effect. The worst case scenario is if you go in, add a bunch of data, then sign up, the migration we talked about DOES take effect immediately and all the data vanishes. It’s safely on the new account, but you have to leave/kill the app and come back to see it.
I fully acknowledge this very well be a “skill issue” this is the first time I’ve messed with auth from this side of the isle (I’ve done the server jwt auth at previous jobs)
9 replies
CCConvex Community
•Created by Waffleophagus on 4/27/2025 in #support-community
"Upgrading" Anonymous accounts to "real" accounts with email
Ohhhh I see what you’re saying. That’s a really good point. You’ve been wildly helpful @erquhart! thank you so much. I have a good path forward now I think
24 replies
CCConvex Community
•Created by Waffleophagus on 4/27/2025 in #support-community
"Upgrading" Anonymous accounts to "real" accounts with email
It’s a react native app, I actually have it refreshing the token on app re-launch, so you can effectively use the app for a while without “signing up” the idea here would be to let them figure out how to use the app and get a good taste before requiring it.
24 replies
CCConvex Community
•Created by Waffleophagus on 4/27/2025 in #support-community
"Upgrading" Anonymous accounts to "real" accounts with email
But I don’t see a way to do that
24 replies
CCConvex Community
•Created by Waffleophagus on 4/27/2025 in #support-community
"Upgrading" Anonymous accounts to "real" accounts with email
My main concern is that some how in this process you make an anon account and do this process and hijack my account somehow
24 replies
CCConvex Community
•Created by Waffleophagus on 4/27/2025 in #support-community
"Upgrading" Anonymous accounts to "real" accounts with email
Fwiw, my app isn’t really one where security is a huge concern to begin with, it’s gonna be like a miles per gallon tracker on steroids
24 replies
CCConvex Community
•Created by Waffleophagus on 4/27/2025 in #support-community
"Upgrading" Anonymous accounts to "real" accounts with email
Ok, would love a sanity check, cause I think this is the path forward:
1. Before login, client calls the back end with their current anon userID and email they intend to link
2. That endpoint checks if the email exists in the system, if it doesn’t it creates the pivot table as mentioned. If it does it just returns doing nothing (since this is a user logging in, not signing up)
3. Using the above mentioned afterUserCreated call, query the pivot table for the freshly added email, if it exists in the table, move all user data from that anonymous account to the newly created one and delete the entry in the table.
That’s…. Safe right? I don’t see a clear way to exploit this
24 replies
CCConvex Community
•Created by Waffleophagus on 4/27/2025 in #support-community
"Upgrading" Anonymous accounts to "real" accounts with email
I’m half tempted to not use anon accounts for now sadly
24 replies
CCConvex Community
•Created by Waffleophagus on 4/27/2025 in #support-community
"Upgrading" Anonymous accounts to "real" accounts with email
So like
1. Make a call to an email/userID pivot table, (add logic if the email already exists in the system but let’s assume not for now)
2. Normal auth flow
3. Move user data from ID stored in 1 to the newly formed user.
4. Be really careful to not give a user the ability to hijack an account this way (oh buddy this one will be a doozy)
24 replies
CCConvex Community
•Created by Waffleophagus on 4/27/2025 in #support-community
"Upgrading" Anonymous accounts to "real" accounts with email
Thanks for the response! Instead of replying to every one and @ing you like 4 times I’ll just do it in one go.
I found that doc, and saw the vague upgrade path, and hand waves “do it custom” I guess my question at this point is what is the cleanest way to do that?
That said, this specific callout I totally missed and makes a ton of sense. The “won’t be linked if insecure” thing. That explains a lot. I think, for now, especially if the test for how to do this is a “todo” state is make a second call to associate the anon userID in an unofficial manner to the email, so I can go through and move all the user data from the old to the new, cause where I’m sitting, once you start the auth process any link to the anon account kinda dies?
24 replies
CCConvex Community
•Created by Waffleophagus on 4/27/2025 in #support-community
"Upgrading" Anonymous accounts to "real" accounts with email
Or, as an alternative, if swapping out the raw _id is a bad idea (it’s probably a real bad idea isn’t it?)
Changing the userID on the authAccount table
Update the anon user table to change the email, email verification time, and isAnon field
Delete the NEW account
24 replies
CCConvex Community
•Created by Waffleophagus on 4/27/2025 in #support-community
"Upgrading" Anonymous accounts to "real" accounts with email
Ok, I just had an idea and wanted to know how dumb it is:
1. Call hook that takes in email + anon user id
2. Check if email is in use, if so, normal auth flow. If not in use, store in an anon userID+email table
3. Pass off to normal OTP flow
4. When OTP is complete, if email is in pivot table, replace userID. Reference: https://labs.convex.dev/auth/api_reference/server#callbacksafterusercreatedorupdated
24 replies
CCConvex Community
•Created by jamwt on 4/25/2025 in #general
Convex IOU List Feedback
Going better auth and local/offline seems awesome, a scale to zero plan also sounds nice! Honestly it all sounds great, but auth and offline get my top two picks easily
8 replies