init

2026-01-25 02:05:23 +08:00
commit bc0a20679b
14 changed files with 504 additions and 0 deletions
--- a/readme.md
+++ b/readme.md
@@ -0,0 +1,53 @@
+## JWT Configuration
+
+### Convex auth.config.ts
+
+issuer: https://convex.kevisual.cn  
+applicationID: convex-app
+
+issuer必须与JWT中的iss字段匹配，applicationID必须与aud字段匹配。
+
+```ts
+import { AuthConfig } from 'convex/server';
+
+export default {
+  providers: [
+    {
+      type: 'customJwt',
+      applicationID: 'convex-app',
+      issuer: 'https://convex.kevisual.cn',
+      jwks: 'https://api-convex.kevisual.cn/root/convex/jwks.json',
+      algorithm: 'RS256',
+    },
+  ],
+};
+```
+
+### Payload 例子
+
+header必须包含kid字段以匹配jwks中的密钥ID。
+
+```ts
+import * as jose from "jose";
+// 加载测试私钥
+const keys = JSON.parse(await Bun.file("./jwt/privateKey.json").text());
+const privateKey = await jose.importJWK(keys, "RS256");
+
+// 生成 RS256 JWT
+const payload = {
+  iss: "https://convex.kevisual.cn",
+  sub: "user:8fa2be73c2229e85",
+  aud: "convex-app",
+  exp: Math.floor(Date.now() / 1000) + 3600,
+  name: "Test User AA",
+  email: "test@example.com",
+};
+const token = await new jose.SignJWT(payload)
+  .setProtectedHeader({
+    "alg": "RS256",
+    "typ": "JWT",
+    "kid": "kid-key-1"
+  })
+  .setIssuedAt()
+  .sign(privateKey);
+```