Convex Database Adapter + UI for Lucia Auth Library
This library enables authentication built entirely on top of Convex without any third-party platform. It uses Lucia for the authentication logic.
Features:
- Without any additional setup, you can sign in with an email+password combination
- Sign out button
- Session is preserved in
localStorage
- Passwords are securely hashed
This integration works! You can see a production deployment at this live site: https://get-convex.github.io/convex-lucia-auth-demo/.
Install
npm install @convex-dev/convex-lucia-auth
Checkout Docs for how to integrate the library into your app.
Deploying to production
In your production deployment's settings page configure this variable:
Note on CSRF protection
The React components use localStorage
for storing the secret sessionId
. This means that sessions are only preserved on pages served on the same subdomain, such as foo.example.com
or username.github.io
. This prevents CSRF attacks.
This does though invite an XSS attack. Make sure your app is not susceptable to XSS.
Convex currently doesn't support accessing cookies in queries and mutations, so cookie-based authentication can only be used in Convex HTTP actions.
What is Convex?
Convex is a hosted backend platform with a
built-in database that lets you write your
database schema and
server functions in
TypeScript. Server-side database
queries automatically
cache and
subscribe to data, powering a
realtime useQuery
hook in our
React client. There are also
Python,
Rust,
ReactNative, and
Node clients, as well as a straightforward
HTTP API.
The database support
NoSQL-style documents with
relationships and
custom indexes
(including on fields in nested objects).
The
query
and
mutation
server functions have transactional,
low latency access to the database and leverage our
v8
runtime with
determinism guardrails
to provide the strongest ACID guarantees on the market:
immediate consistency,
serializable isolation, and
automatic conflict resolution via
optimistic multi-version concurrency control (OCC / MVCC).
The action
server functions have
access to external APIs and enable other side-effects and non-determinism in
either our
optimized v8
runtime or a more
flexible node
runtime.
Functions can run in the background via
scheduling and
cron jobs.
Development is cloud-first, with
hot reloads for server function editing via the
CLI. There is a
dashbord UI to
browse and edit data,
edit environment variables,
view logs,
run server functions, and more.
There are built-in features for
reactive pagination,
file storage,
reactive search,
https endpoints (for webhooks),
streaming import/export, and
runtime data validation for
function arguments and
database data.
Everything scales automatically, and it’s free to start.