From get-convex-agent-skills-2
Sets up Convex authentication with providers (Convex Auth, Clerk, Auth0, WorkOS), identity mapping, users tables, and access control for login flows and protected functions.
npx claudepluginhub joshuarweaver/cascade-code-general-misc-3 --plugin get-convex-agent-skills-2This skill uses the workspace's default tool permissions.
Implement secure authentication in Convex with user management and access control.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Checks Next.js compilation errors using a running Turbopack dev server after code edits. Fixes actionable issues before reporting complete. Replaces `next build`.
Implement secure authentication in Convex with user management and access control.
Convex supports multiple authentication approaches. Do not assume a provider.
Before writing setup code:
Common options:
Look for signals in the repo before asking:
@clerk/*, @workos-inc/*, @auth0/*, or Convex Auth packagesconvex/auth.config.ts, auth middleware, provider wrappers, or login componentsRead the provider's official guide and the matching local reference file:
references/convex-auth.mdreferences/clerk.mdreferences/workos-authkit.mdreferences/auth0.mdThe local reference files contain the concrete workflow, expected files and env vars, gotchas, and validation checks.
Use those sources for:
convex/auth.config.ts setupFor shared auth behavior, use the official Convex docs as the source of truth:
ctx.auth.getUserIdentity()Prefer official docs over recalled steps, because provider CLIs and Convex Auth internals change between versions. Inventing setup from memory risks outdated patterns.
For third-party providers, only add app-level user storage if the app actually needs user documents in Convex. Not every app needs a users table.
For Convex Auth, follow the Convex Auth docs and built-in auth tables rather than adding a parallel users table plus storeUser flow, because Convex Auth already manages user records internally.
After running provider initialization commands, verify generated files and complete the post-init wiring steps the provider reference calls out. Initialization commands rarely finish the entire integration.
The most common auth task is checking identity in Convex functions.
// Bad: trusting a client-provided userId
export const getMyProfile = query({
args: { userId: v.id("users") },
handler: async (ctx, args) => {
return await ctx.db.get(args.userId);
},
});
// Good: verifying identity server-side
export const getMyProfile = query({
args: {},
handler: async (ctx) => {
const identity = await ctx.auth.getUserIdentity();
if (!identity) throw new Error("Not authenticated");
return await ctx.db
.query("users")
.withIndex("by_tokenIdentifier", (q) =>
q.eq("tokenIdentifier", identity.tokenIdentifier),
)
.unique();
},
});
If the flow blocks on interactive provider or deployment setup, ask the user explicitly for the exact human step needed, then continue after they complete it. For UI-facing auth flows, offer to validate the real sign-up or sign-in flow after setup is done. If the environment has browser automation tools, you can use them. If it does not, give the user a short manual validation checklist instead.
references/convex-auth.mdreferences/clerk.mdreferences/workos-authkit.mdreferences/auth0.mdusers table or storeUser flow for Convex Auth