Skip to main content

Custom JWT Provider

Note: This is an advanced feature! We recommend sticking with the supported third-party authentication providers.

If your custom auth provider implements the OIDC protocol, it's easiest to configure it as a Custom OIDC Provider. However, some auth providers only issue JWTs and don't participate in the full OIDC protocol. For example, OpenAuth implements the OAuth 2.0 spec but not OIDC, so to use it with Convex you'll need to set it up as a Custom JWT provider.

Server-side integration

Use type: "customJwt" to configure a Custom JWT auth provider:

convex/auth.config.js
export default {
providers: [
{
type: "customJwt",
applicationID: "your-application-id",
issuer: "https://your.issuer.url.com",
jwks: "https://your.issuer.url.com/.well-known/jwks.json",
algorithm: "RS256",
},
],
};
  • applicationID (optional): If provided, Convex will verify that JWTs have this value in the aud claim.
  • issuer: The issuer URL of the JWT.
  • jwks: The URL for fetching the JWKS (JSON Web Key Set) from the auth provider.
  • algorithm: The algorithm used to sign the JWT. Only RS256 and ES256 are currently supported. See RFC 7518 for more details.

Client-side integration

See the instructions for Custom OIDC Providers.