Automatic AuthKit Configuration
AuthKit configuration can be automated for cloud dev deployments: each Convex
deployment gets its own WorkOS environment configured and has local environment
variables added to .env.local
and Convex deployment environment variables set
for it.
This integration is in active development and will change as it continues to
improve. Today the integration works with the two AuthKit templates offered when
running npm create convex@latest
.
Creating WorkOS environments on-demand
Automatically provisioning a WorkOS environment for a Convex deployment is enabled by creating a new WorkOS account and team to associate with a Convex team. Once this account has been created, any member of the Convex team can create a WorkOS environment for their development deployments on each of the team's projects.
This happens automatically whenever the WORKOS_CLIENT_ID
environment variable
is read in the convex/auth.config.ts
file but not set on the deployment during
a convex dev
.
The CLI then makes AuthKit-related configuration changes that replace the manual configuration steps required to configure AuthKit for a development Convex deployment.
Currently this configures the following with the assumed local development domain:
- redirect endpoint URI
- CORS origin
The following local environment variables may be set in .env.local
:
VITE_WORKOS_CLIENT_ID
(Vite only)WORKOS_CLIENT_ID
(Next.js only)*_WORKOS_REDIRECT_URI
(e.g.VITE_WORKOS_REDIRECT_URI
)WORKOS_API_KEY
(Next.js only)WORKOS_COOKIE_PASSWORD
(Next.js only)
Limitations
WorkOS environments can currently only be created for cloud development deployments. Preview and production deployments must be manually configured.
To manually configure the production deployment, visit the WorkOS page for the production environment for this project and follow these steps. . Only one production deployment exists by default per WorkOS team so additional project may need to use separate WorkOS teams.