downgrade userId

src/providers/Anonymous.ts

@@ -28,7 +28,13 @@ import { Value } from "convex/values";
 /**
  * The available options to an {@link Anonymous} provider for Convex Auth.
  */
-export interface AnonymousConfig<DataModel extends GenericDataModel> {
+export interface AnonymousConfig<
+  DataModel extends GenericDataModel,
+  UserDocument extends Record<string, Value> = DocumentByName<
+    DataModel,
+    "users"
+  >,
+> {
   /**
    * Uniquely identifies the provider, allowing to use
    * multiple different {@link Anonymous} providers.
@@ -48,7 +54,7 @@ export interface AnonymousConfig<DataModel extends GenericDataModel> {
      * the database.
      */
     ctx: GenericActionCtxWithAuthConfig<DataModel>,
-  ) => WithoutSystemFields<DocumentByName<DataModel, "users">> & {
+  ) => WithoutSystemFields<UserDocument> & {
     isAnonymous: true;
   };
 }
@@ -66,13 +72,13 @@ export function Anonymous<DataModel extends GenericDataModel>(
     id: "anonymous",
     authorize: async (params, ctx) => {
       const profile = config.profile?.(params, ctx) ?? { isAnonymous: true };
-      const { user } = await createAccount(ctx, {
+      const { account } = await createAccount(ctx, {
         provider,
         account: { id: crypto.randomUUID() },
         profile: profile as any,
       });
       // END
-      return { userId: user._id };
+      return { userId: account.userId as string };
     },
     ...config,
   });

src/providers/ConvexCredentials.ts

@@ -60,7 +60,7 @@ export interface ConvexCredentialsUserConfig<
     credentials: Partial<Record<string, Value | undefined>>,
     ctx: GenericActionCtxWithAuthConfig<DataModel>,
   ) => Promise<{
-    userId: GenericId<"users">;
+    userId: string;
     sessionId?: GenericId<"authSessions">;
   } | null>;
   /**
@@ -97,7 +97,7 @@ export interface ConvexCredentialsUserConfig<
  */
 export function ConvexCredentials<DataModel extends GenericDataModel>(
   config: ConvexCredentialsUserConfig<DataModel>,
-): ConvexCredentialsConfig {
+): ConvexCredentialsConfig<DataModel> {
   return {
     id: "credentials",
     type: "credentials",

src/providers/Password.ts

@@ -40,6 +40,7 @@ import {
 import {
   DocumentByName,
   GenericDataModel,
+  TableNamesInDataModel,
   WithoutSystemFields,
 } from "convex/server";
 import { Value } from "convex/values";
@@ -48,7 +49,10 @@ import { Scrypt } from "lucia";
 /**
  * The available options to a {@link Password} provider for Convex Auth.
  */
-export interface PasswordConfig<DataModel extends GenericDataModel> {
+export interface PasswordConfig<
+  DataModel extends GenericDataModel,
+  UsersTable extends TableNamesInDataModel<DataModel> = "users",
+> {
   /**
    * Uniquely identifies the provider, allowing to use
    * multiple different {@link Password} providers.
@@ -71,7 +75,7 @@ export interface PasswordConfig<DataModel extends GenericDataModel> {
      * the database.
      */
     ctx: GenericActionCtxWithAuthConfig<DataModel>,
-  ) => WithoutSystemFields<DocumentByName<DataModel, "users">> & {
+  ) => WithoutSystemFields<DocumentByName<DataModel, UsersTable>> & {
     email: string;
   };
   /**
@@ -112,9 +116,10 @@ export interface PasswordConfig<DataModel extends GenericDataModel> {
  * Email verification is not required unless you pass
  * an email provider to the `verify` option.
  */
-export function Password<DataModel extends GenericDataModel>(
-  config: PasswordConfig<DataModel> = {},
-) {
+export function Password<
+  DataModel extends GenericDataModel,
+  UsersTable extends TableNamesInDataModel<DataModel> = "users",
+>(config: PasswordConfig<DataModel, UsersTable> = {}) {
   const provider = config.id ?? "password";
   return ConvexCredentials<DataModel>({
     id: "password",
@@ -137,7 +142,6 @@ export function Password<DataModel extends GenericDataModel>(
       const { email } = profile;
       const secret = params.password as string;
       let account: GenericDoc<DataModel, "authAccounts">;
-      let user: GenericDoc<DataModel, "users">;
       if (flow === "signUp") {
         if (secret === undefined) {
           throw new Error("Missing `password` param for `signUp` flow");
@@ -149,7 +153,7 @@ export function Password<DataModel extends GenericDataModel>(
           shouldLinkViaEmail: config.verify !== undefined,
           shouldLinkViaPhone: false,
         });
-        ({ account, user } = created);
+        ({ account } = created);
       } else if (flow === "signIn") {
         if (secret === undefined) {
           throw new Error("Missing `password` param for `signIn` flow");
@@ -161,7 +165,7 @@ export function Password<DataModel extends GenericDataModel>(
         if (retrieved === null) {
           throw new Error("Invalid credentials");
         }
-        ({ account, user } = retrieved);
+        ({ account } = retrieved);
         // START: Optional, support password reset
       } else if (flow === "reset") {
         if (!config.reset) {
@@ -226,7 +230,7 @@ export function Password<DataModel extends GenericDataModel>(
         });
       }
       // END
-      return { userId: user._id };
+      return { userId: account.userId as string };
     },
     crypto: {
       async hashSecret(password: string) {

src/server/implementation/index.ts

@@ -10,6 +10,7 @@ import {
   queryGeneric,
   httpActionGeneric,
   internalMutationGeneric,
+  TableNamesInDataModel,
 } from "convex/server";
 import { ConvexError, GenericId, Value, v } from "convex/values";
 import { parse as parseCookies, serialize as serializeCookie } from "cookie";
@@ -49,7 +50,10 @@ import {
 import { signInImpl } from "./signIn.js";
 import { redirectAbsoluteUrl, setURLSearchParam } from "./redirects.js";
 import { getAuthorizationUrl } from "../oauth/authorizationUrl.js";
-import { defaultCookiesOptions, oAuthConfigToInternalProvider } from "../oauth/convexAuth.js";
+import {
+  defaultCookiesOptions,
+  oAuthConfigToInternalProvider,
+} from "../oauth/convexAuth.js";
 import { handleOAuth } from "../oauth/callback.js";
 export { getAuthSessionId } from "./sessions.js";
 
@@ -88,7 +92,9 @@ export type IsAuthenticatedQuery = FunctionReferenceFromExport<
  * @returns An object with fields you should reexport from your
  *          `convex/auth.ts` file.
  */
-export function convexAuth(config_: ConvexAuthConfig) {
+export function convexAuth<UserId extends string = GenericId<"users">>(
+  config_: ConvexAuthConfig<UserId>,
+) {
   const config = configDefaults(config_ as any);
   const hasOAuth = config.providers.some(
     (provider) => provider.type === "oauth" || provider.type === "oidc",
@@ -135,7 +141,7 @@ export function convexAuth(config_: ConvexAuthConfig) {
         return null;
       }
       const [userId] = identity.subject.split(TOKEN_SUB_CLAIM_DIVIDER);
-      return userId as GenericId<"users">;
+      return userId;
     },
     /**
      * @deprecated - Use `getAuthSessionId` from "@convex-dev/auth/server":
@@ -240,12 +246,10 @@ export function convexAuth(config_: ConvexAuthConfig) {
                 providerId,
               ) as OAuthConfig<any>;
               const { redirect, cookies, signature } =
-                await getAuthorizationUrl(
-                  {
-                    provider: await oAuthConfigToInternalProvider(provider),
-                    cookies: defaultCookiesOptions(providerId),
-                  },
-                );
+                await getAuthorizationUrl({
+                  provider: await oAuthConfigToInternalProvider(provider),
+                  cookies: defaultCookiesOptions(providerId),
+                });
 
               await callVerifierSignature(ctx, {
                 verifier,
@@ -295,10 +299,11 @@ export function convexAuth(config_: ConvexAuthConfig) {
             });
 
             const params = url.searchParams;
-            
+
             // Handle OAuth providers that use formData (such as Apple)
             if (
-              request.headers.get("Content-Type") === "application/x-www-form-urlencoded"
+              request.headers.get("Content-Type") ===
+              "application/x-www-form-urlencoded"
             ) {
               const formData = await request.formData();
               for (const [key, value] of formData.entries()) {
@@ -441,15 +446,18 @@ export function convexAuth(config_: ConvexAuthConfig) {
         return storeImpl(ctx, args, getProviderOrThrow, config);
       },
     }),
-    
+
     /**
      * Utility function for frameworks to use to get the current auth state
      * based on credentials that they've supplied separately.
      */
-    isAuthenticated: queryGeneric({args: {}, handler: async (ctx, _args): Promise<boolean> => {
-      const ident = await ctx.auth.getUserIdentity();
-      return ident !== null;
-    }}),
+    isAuthenticated: queryGeneric({
+      args: {},
+      handler: async (ctx, _args): Promise<boolean> => {
+        const ident = await ctx.auth.getUserIdentity();
+        return ident !== null;
+      },
+    }),
   };
 }
 
@@ -476,13 +484,15 @@ export function convexAuth(config_: ConvexAuthConfig) {
  * @param ctx query, mutation or action `ctx`
  * @returns the user ID or `null` if the client isn't authenticated
  */
-export async function getAuthUserId(ctx: { auth: Auth }) {
+export async function getAuthUserId<
+  Id extends string = GenericId<"users">,
+>(ctx: { auth: Auth }) {
   const identity = await ctx.auth.getUserIdentity();
   if (identity === null) {
     return null;
   }
   const [userId] = identity.subject.split(TOKEN_SUB_CLAIM_DIVIDER);
-  return userId as GenericId<"users">;
+  return userId as Id;
 }
 
 /**
@@ -496,6 +506,7 @@ export async function getAuthUserId(ctx: { auth: Auth }) {
  */
 export async function createAccount<
   DataModel extends GenericDataModel = GenericDataModel,
+  UserTable extends TableNamesInDataModel<DataModel> = "users",
 >(
   ctx: GenericActionCtx<DataModel>,
   args: {
@@ -520,7 +531,7 @@ export async function createAccount<
      * The profile data to store for the user.
      * These must fit the `users` table schema.
      */
-    profile: WithoutSystemFields<DocumentByName<DataModel, "users">>;
+    profile: WithoutSystemFields<DocumentByName<DataModel, UserTable>>;
     /**
      * If `true`, the account will be linked to an existing user
      * with the same verified email address.
@@ -538,7 +549,6 @@ export async function createAccount<
   },
 ): Promise<{
   account: GenericDoc<DataModel, "authAccounts">;
-  user: GenericDoc<DataModel, "users">;
 }> {
   const actionCtx = ctx as unknown as ActionCtx;
   return await callCreateAccountFromCredentials(actionCtx, args);
@@ -579,7 +589,6 @@ export async function retrieveAccount<
   },
 ): Promise<{
   account: GenericDoc<DataModel, "authAccounts">;
-  user: GenericDoc<DataModel, "users">;
 }> {
   const actionCtx = ctx as unknown as ActionCtx;
   const result = await callRetreiveAccountWithCredentials(actionCtx, args);
@@ -629,7 +638,7 @@ export async function invalidateSessions<
 >(
   ctx: GenericActionCtx<DataModel>,
   args: {
-    userId: GenericId<"users">;
+    userId: string;
     except?: GenericId<"authSessions">[];
   },
 ): Promise<void> {

src/server/implementation/mutations/createAccountFromCredentials.ts

@@ -14,7 +14,7 @@ export const createAccountFromCredentialsArgs = v.object({
   shouldLinkViaPhone: v.optional(v.boolean()),
 });
 
-type ReturnType = { account: Doc<"authAccounts">; user: Doc<"users"> };
+type ReturnType = { account: Doc<"authAccounts"> };
 
 export async function createAccountFromCredentialsImpl(
   ctx: MutationCtx,
@@ -56,16 +56,14 @@ export async function createAccountFromCredentialsImpl(
     }
     return {
       account: existingAccount,
-      // TODO: Ian removed this,
-      user: (await ctx.db.get(existingAccount.userId))!,
     };
   }
 
   const secret =
     account.secret !== undefined
       ? await Provider.hash(provider, account.secret)
       : undefined;
-  const { userId, accountId } = await upsertUserAndAccount(
+  const { accountId } = await upsertUserAndAccount(
     ctx,
     await getAuthSessionId(ctx),
     { providerAccountId: account.id, secret },
@@ -81,7 +79,6 @@ export async function createAccountFromCredentialsImpl(
 
   return {
     account: (await ctx.db.get(accountId))!,
-    user: (await ctx.db.get(userId))!,
   };
 }
 

src/server/implementation/mutations/invalidateSessions.ts

@@ -4,7 +4,7 @@ import { ActionCtx, MutationCtx } from "../types.js";
 import { LOG_LEVELS, logWithLevel } from "../utils.js";
 
 export const invalidateSessionsArgs = v.object({
-  userId: v.id("users"),
+  userId: v.string(),
   except: v.optional(v.array(v.id("authSessions"))),
 });
 

src/server/implementation/mutations/retrieveAccountWithCredentials.ts

@@ -17,7 +17,7 @@ type ReturnType =
   | "InvalidAccountId"
   | "TooManyFailedAttempts"
   | "InvalidSecret"
-  | { account: Doc<"authAccounts">; user: Doc<"users"> };
+  | { account: Doc<"authAccounts"> };
 
 export async function retrieveAccountWithCredentialsImpl(
   ctx: MutationCtx,
@@ -60,8 +60,6 @@ export async function retrieveAccountWithCredentialsImpl(
   }
   return {
     account: existingAccount,
-    // TODO: Ian removed this
-    user: (await ctx.db.get(existingAccount.userId))!,
   };
 }
 

src/server/implementation/mutations/signIn.ts

@@ -8,7 +8,7 @@ import {
 import { LOG_LEVELS, logWithLevel } from "../utils.js";
 
 export const signInArgs = v.object({
-  userId: v.id("users"),
+  userId: v.string(),
   sessionId: v.optional(v.id("authSessions")),
   generateTokens: v.boolean(),
 });

src/server/implementation/mutations/signOut.ts

@@ -3,7 +3,7 @@ import { ActionCtx, MutationCtx } from "../types.js";
 import { deleteSession, getAuthSessionId } from "../sessions.js";
 
 type ReturnType = {
-  userId: GenericId<"users">;
+  userId: string;
   sessionId: GenericId<"authSessions">;
 } | null;