ConvexProviderWithClerk sends raw session tokens instead of JWT template tokens in v1.34.0

[anilmadhub]

Description

After upgrading from convex@1.32.0 to convex@1.34.0, ConvexProviderWithClerk sends raw Clerk session tokens instead of tokens generated via the "convex" JWT template. This causes ctx.auth.getUserIdentity() on the server to return an identity missing all custom template claims (e.g. role, name, email).

Root cause

In v1.34.0, ConvexProviderWithClerk added a conditional that skips the JWT template when sessionClaims?.aud === "convex":

// v1.34.0 — broken
if (sessionClaims?.aud === "convex") {
  return await getToken({ skipCache: forceRefreshToken }); // no template!
} else {
  return await getToken({ template: "convex", skipCache: forceRefreshToken });
}

When aud === "convex", it calls getToken() without template: "convex", returning the raw session token which lacks custom JWT template claims.

In v1.32.0, it always requested the template:

// v1.32.0 — correct
return await getToken({
  template: "convex",
  skipCache: forceRefreshToken
});

Reproduction

Setup:

• ConvexProviderWithClerk with useAuth from @clerk/clerk-react
• Clerk JWT template named "convex" configured with custom claims including role

With convex@1.32.0 — getUserIdentity() returns the full template token:

{
  "tokenIdentifier": "...",
  "name": "...",
  "email": "...",
}

With convex@1.34.0 — getUserIdentity() returns a raw session token:

{
  "tokenIdentifier": "...",
  "fva": [74, -1],
  "sid": "sess_...",
  "sts": "active",
  "v": 2
}

Same Clerk project, same Convex deployment, same JWT template — only the convex package version changed.

Impact

Any server-side code that reads custom claims from the identity (e.g. role-based access control via identity.role) breaks silently, since those fields are missing from the raw session token.

Workaround

Pin convex to 1.32.0 in package.json.

Environment

• convex: 1.34.0 (broken), 1.32.0 (working)
• @clerk/clerk-react: ^5.x
• convex/react-clerk: ConvexProviderWithClerk

[eliotgevers]

Some things regarding the clerk and convex implementation have changed. Make sure to check the latest docs and update to the latest versions of both. Also, turn on the convex integration in the clerk dashboard.

Check this issue #142

[indranildeveloper]

I am using Next.JS. The same is happening to me as well, I am not getting any of the fields of JWT Template while using the latest version of @clark/nextjs (v7.0.7) and the convex (v1.34.1). I have downgraded for the time.

Also not able to find any updated documentation for this. Please help.

[eliotgevers]

@indranildeveloper Did you enable the convex integration in the clerk dashboard? Check that it is enabled for both the development and production environments.

If you need additional fields in the JWT token, you can still edit the template. Turning on the integration will add the "aud" field by default, but you're free to add any additional fields you need.

[indranildeveloper]

Yes the convex integration is enabled (I followed the convex docs), but it looks like still I am not getting the JWT template fields in the convex side with this code:

const identity = await ctx.auth.getUserIdentity();

I have added the orgId in the JWT template but it is missing in the identity. e.g. If I want to get the orgId, I am getting undefined when I do:

const orgId = indentity.orgId as string;

So the orgId is undefined here.

[eliotgevers]

ConvexProviderWithClerk uses the Clerk session token rather than the old "convex" JWT template.

Can you check in Clerk Sessions -> Claims? I store my custom field "permissions" there, and that works.

Try logging both useAuth().sessionClaims on the client and ctx.auth.getUserIdentity() on the Convex side; that might give insights.

[indranildeveloper]

Ok, Thank you so much for your help. I was storing the values in the JWT templates, I will try to add the fields to the claims section.

[eliotgevers]

No worries! I suggest closing this issue

[eliotgevers]

@anilmadhub Can you close this issue