downgrade userId

src/providers/Anonymous.ts

@@ -28,7 +28,13 @@ import { Value } from "convex/values";
 /**
  * The available options to an {@link Anonymous} provider for Convex Auth.
  */
-export interface AnonymousConfig<DataModel extends GenericDataModel> {
+export interface AnonymousConfig<
+  DataModel extends GenericDataModel,
+  UserDocument extends Record<string, Value> = DocumentByName<
+    DataModel,
+    "users"
+  >,
+> {
   /**
    * Uniquely identifies the provider, allowing to use
    * multiple different {@link Anonymous} providers.
@@ -48,7 +54,7 @@ export interface AnonymousConfig<DataModel extends GenericDataModel> {
      * the database.
      */
     ctx: GenericActionCtxWithAuthConfig<DataModel>,
-  ) => WithoutSystemFields<DocumentByName<DataModel, "users">> & {
+  ) => WithoutSystemFields<UserDocument> & {
     isAnonymous: true;
   };
 }
@@ -66,13 +72,13 @@ export function Anonymous<DataModel extends GenericDataModel>(
     id: "anonymous",
     authorize: async (params, ctx) => {
       const profile = config.profile?.(params, ctx) ?? { isAnonymous: true };
-      const { user } = await createAccount(ctx, {
+      const { account } = await createAccount(ctx, {
         provider,
         account: { id: crypto.randomUUID() },
         profile: profile as any,
       });
       // END
-      return { userId: user._id };
+      return { userId: account.userId as string };
     },
     ...config,
   });

src/providers/ConvexCredentials.ts

@@ -60,7 +60,7 @@ export interface ConvexCredentialsUserConfig<
     credentials: Partial<Record<string, Value | undefined>>,
     ctx: GenericActionCtxWithAuthConfig<DataModel>,
   ) => Promise<{
-    userId: GenericId<"users">;
+    userId: string;
     sessionId?: GenericId<"authSessions">;
   } | null>;
   /**
@@ -97,7 +97,7 @@ export interface ConvexCredentialsUserConfig<
  */
 export function ConvexCredentials<DataModel extends GenericDataModel>(
   config: ConvexCredentialsUserConfig<DataModel>,
-): ConvexCredentialsConfig {
+): ConvexCredentialsConfig<DataModel> {
   return {
     id: "credentials",
     type: "credentials",

src/providers/Password.ts

@@ -40,6 +40,7 @@ import {
 import {
   DocumentByName,
   GenericDataModel,
+  TableNamesInDataModel,
   WithoutSystemFields,
 } from "convex/server";
 import { Value } from "convex/values";
@@ -48,7 +49,10 @@ import { Scrypt } from "lucia";
 /**
  * The available options to a {@link Password} provider for Convex Auth.
  */
-export interface PasswordConfig<DataModel extends GenericDataModel> {
+export interface PasswordConfig<
+  DataModel extends GenericDataModel,
+  UsersTable extends TableNamesInDataModel<DataModel> = "users",
+> {
   /**
    * Uniquely identifies the provider, allowing to use
    * multiple different {@link Password} providers.
@@ -71,7 +75,7 @@ export interface PasswordConfig<DataModel extends GenericDataModel> {
      * the database.
      */
     ctx: GenericActionCtxWithAuthConfig<DataModel>,
-  ) => WithoutSystemFields<DocumentByName<DataModel, "users">> & {
+  ) => WithoutSystemFields<DocumentByName<DataModel, UsersTable>> & {
     email: string;
   };
   /**
@@ -112,9 +116,10 @@ export interface PasswordConfig<DataModel extends GenericDataModel> {
  * Email verification is not required unless you pass
  * an email provider to the `verify` option.
  */
-export function Password<DataModel extends GenericDataModel>(
-  config: PasswordConfig<DataModel> = {},
-) {
+export function Password<
+  DataModel extends GenericDataModel,
+  UsersTable extends TableNamesInDataModel<DataModel> = "users",
+>(config: PasswordConfig<DataModel, UsersTable> = {}) {
   const provider = config.id ?? "password";
   return ConvexCredentials<DataModel>({
     id: "password",
@@ -137,7 +142,6 @@ export function Password<DataModel extends GenericDataModel>(
       const { email } = profile;
       const secret = params.password as string;
       let account: GenericDoc<DataModel, "authAccounts">;
-      let user: GenericDoc<DataModel, "users">;
       if (flow === "signUp") {
         if (secret === undefined) {
           throw new Error("Missing `password` param for `signUp` flow");
@@ -149,7 +153,7 @@ export function Password<DataModel extends GenericDataModel>(
           shouldLinkViaEmail: config.verify !== undefined,
           shouldLinkViaPhone: false,
         });
-        ({ account, user } = created);
+        ({ account } = created);
       } else if (flow === "signIn") {
         if (secret === undefined) {
           throw new Error("Missing `password` param for `signIn` flow");
@@ -161,7 +165,7 @@ export function Password<DataModel extends GenericDataModel>(
         if (retrieved === null) {
           throw new Error("Invalid credentials");
         }
-        ({ account, user } = retrieved);
+        ({ account } = retrieved);
         // START: Optional, support password reset
       } else if (flow === "reset") {
         if (!config.reset) {
@@ -226,7 +230,7 @@ export function Password<DataModel extends GenericDataModel>(
         });
       }
       // END
-      return { userId: user._id };
+      return { userId: account.userId as string };
     },
     crypto: {
       async hashSecret(password: string) {

src/server/implementation/index.ts

@@ -10,6 +10,7 @@ import {
   queryGeneric,
   httpActionGeneric,
   internalMutationGeneric,
+  TableNamesInDataModel,
 } from "convex/server";
 import { ConvexError, GenericId, Value, v } from "convex/values";
 import { parse as parseCookies, serialize as serializeCookie } from "cookie";
@@ -100,7 +101,9 @@ export type IsAuthenticatedQuery = FunctionReferenceFromExport<
  * @returns An object with fields you should reexport from your
  *          `convex/auth.ts` file.
  */
-export function convexAuth(config_: ConvexAuthConfig) {
+export function convexAuth<UserId extends string = GenericId<"users">>(
+  config_: ConvexAuthConfig<UserId>,
+) {
   const config = configDefaults(config_ as any);
   const hasOAuth = config.providers.some(
     (provider) => provider.type === "oauth" || provider.type === "oidc",
@@ -147,7 +150,7 @@ export function convexAuth(config_: ConvexAuthConfig) {
         return null;
       }
       const [userId] = identity.subject.split(TOKEN_SUB_CLAIM_DIVIDER);
-      return userId as GenericId<"users">;
+      return userId;
     },
     /**
      * @deprecated - Use `getAuthSessionId` from "@convex-dev/auth/server":
@@ -490,13 +493,15 @@ export function convexAuth(config_: ConvexAuthConfig) {
  * @param ctx query, mutation or action `ctx`
  * @returns the user ID or `null` if the client isn't authenticated
  */
-export async function getAuthUserId(ctx: { auth: Auth }) {
+export async function getAuthUserId<
+  Id extends string = GenericId<"users">,
+>(ctx: { auth: Auth }) {
   const identity = await ctx.auth.getUserIdentity();
   if (identity === null) {
     return null;
   }
   const [userId] = identity.subject.split(TOKEN_SUB_CLAIM_DIVIDER);
-  return userId as GenericId<"users">;
+  return userId as Id;
 }
 
 /**
@@ -510,6 +515,7 @@ export async function getAuthUserId(ctx: { auth: Auth }) {
  */
 export async function createAccount<
   DataModel extends GenericDataModel = GenericDataModel,
+  UserTable extends TableNamesInDataModel<DataModel> = "users",
 >(
   ctx: GenericActionCtx<DataModel>,
   args: {
@@ -534,7 +540,7 @@ export async function createAccount<
      * The profile data to store for the user.
      * These must fit the `users` table schema.
      */
-    profile: WithoutSystemFields<DocumentByName<DataModel, "users">>;
+    profile: WithoutSystemFields<DocumentByName<DataModel, UserTable>>;
     /**
      * If `true`, the account will be linked to an existing user
      * with the same verified email address.
@@ -552,7 +558,6 @@ export async function createAccount<
   },
 ): Promise<{
   account: GenericDoc<DataModel, "authAccounts">;
-  user: GenericDoc<DataModel, "users">;
 }> {
   const actionCtx = ctx as unknown as ActionCtx;
   return await callCreateAccountFromCredentials(actionCtx, args);
@@ -593,7 +598,6 @@ export async function retrieveAccount<
   },
 ): Promise<{
   account: GenericDoc<DataModel, "authAccounts">;
-  user: GenericDoc<DataModel, "users">;
 }> {
   const actionCtx = ctx as unknown as ActionCtx;
   const result = await callRetreiveAccountWithCredentials(actionCtx, args);
@@ -643,7 +647,7 @@ export async function invalidateSessions<
 >(
   ctx: GenericActionCtx<DataModel>,
   args: {
-    userId: GenericId<"users">;
+    userId: string;
     except?: GenericId<"authSessions">[];
   },
 ): Promise<void> {

src/server/implementation/mutations/createAccountFromCredentials.ts

@@ -14,7 +14,9 @@ export const createAccountFromCredentialsArgs = v.object({
   shouldLinkViaPhone: v.optional(v.boolean()),
 });
 
-type ReturnType = { account: Doc<"authAccounts">; user: Doc<"users"> };
+type ReturnType = {
+  account: Doc<"authAccounts">;
+};
 
 export async function createAccountFromCredentialsImpl(
   ctx: MutationCtx,
@@ -56,16 +58,14 @@ export async function createAccountFromCredentialsImpl(
     }
     return {
       account: existingAccount,
-      // TODO: Ian removed this,
-      user: (await ctx.db.get(existingAccount.userId))!,
     };
   }
 
   const secret =
     account.secret !== undefined
       ? await Provider.hash(provider, account.secret)
       : undefined;
-  const { userId, accountId } = await upsertUserAndAccount(
+  const { accountId } = await upsertUserAndAccount(
     ctx,
     await getAuthSessionId(ctx),
     { providerAccountId: account.id, secret },
@@ -81,7 +81,6 @@ export async function createAccountFromCredentialsImpl(
 
   return {
     account: (await ctx.db.get(accountId))!,
-    user: (await ctx.db.get(userId))!,
   };
 }
 

src/server/implementation/mutations/invalidateSessions.ts

@@ -4,7 +4,7 @@ import { ActionCtx, MutationCtx } from "../types.js";
 import { LOG_LEVELS, logWithLevel } from "../utils.js";
 
 export const invalidateSessionsArgs = v.object({
-  userId: v.id("users"),
+  userId: v.string(),
   except: v.optional(v.array(v.id("authSessions"))),
 });
 

src/server/implementation/mutations/retrieveAccountWithCredentials.ts

@@ -17,7 +17,7 @@ type ReturnType =
   | "InvalidAccountId"
   | "TooManyFailedAttempts"
   | "InvalidSecret"
-  | { account: Doc<"authAccounts">; user: Doc<"users"> };
+  | { account: Doc<"authAccounts"> };
 
 export async function retrieveAccountWithCredentialsImpl(
   ctx: MutationCtx,
@@ -60,8 +60,6 @@ export async function retrieveAccountWithCredentialsImpl(
   }
   return {
     account: existingAccount,
-    // TODO: Ian removed this
-    user: (await ctx.db.get(existingAccount.userId))!,
   };
 }
 

src/server/implementation/mutations/signIn.ts

@@ -8,7 +8,7 @@ import {
 import { LOG_LEVELS, logWithLevel } from "../utils.js";
 
 export const signInArgs = v.object({
-  userId: v.id("users"),
+  userId: v.string(),
   sessionId: v.optional(v.id("authSessions")),
   generateTokens: v.boolean(),
 });

src/server/implementation/mutations/signOut.ts

@@ -3,7 +3,7 @@ import { ActionCtx, MutationCtx } from "../types.js";
 import { deleteSession, getAuthSessionId } from "../sessions.js";
 
 type ReturnType = {
-  userId: GenericId<"users">;
+  userId: string;
   sessionId: GenericId<"authSessions">;
 } | null;
 

src/server/implementation/sessions.ts

@@ -21,7 +21,7 @@ const DEFAULT_SESSION_TOTAL_DURATION_MS = 1000 * 60 * 60 * 24 * 30; // 30 days
 export async function maybeGenerateTokensForSession(
   ctx: MutationCtx,
   config: ConvexAuthConfig,
-  userId: GenericId<"users">,
+  userId: string,
   sessionId: GenericId<"authSessions">,
   generateTokens: boolean,
 ): Promise<SessionInfo> {
@@ -42,7 +42,7 @@ export async function maybeGenerateTokensForSession(
 export async function createNewAndDeleteExistingSession(
   ctx: MutationCtx,
   config: ConvexAuthConfig,
-  userId: GenericId<"users">,
+  userId: string,
 ) {
   const existingSessionId = await getAuthSessionId(ctx);
   if (existingSessionId !== null) {
@@ -58,7 +58,7 @@ export async function generateTokensForSession(
   ctx: MutationCtx,
   config: ConvexAuthConfig,
   args: {
-    userId: GenericId<"users">;
+    userId: string;
     sessionId: GenericId<"authSessions">;
     issuedRefreshTokenId: GenericId<"authRefreshTokens"> | null;
     parentRefreshTokenId: GenericId<"authRefreshTokens"> | null;
@@ -86,7 +86,7 @@ export async function generateTokensForSession(
 
 async function createSession(
   ctx: MutationCtx,
-  userId: GenericId<"users">,
+  userId: string,
   config: ConvexAuthConfig,
 ) {
   const expirationTime =

src/server/implementation/tokens.ts

@@ -8,7 +8,7 @@ const DEFAULT_JWT_DURATION_MS = 1000 * 60 * 60; // 1 hour
 
 export async function generateToken(
   args: {
-    userId: GenericId<"users">;
+    userId: string;
     sessionId: GenericId<"authSessions">;
   },
   config: ConvexAuthConfig,

src/server/implementation/types.ts

@@ -54,7 +54,7 @@ export const authTables = {
    * See [Session document lifecycle](https://labs.convex.dev/auth/advanced#session-document-lifecycle).
    */
   authSessions: defineTable({
-    userId: v.id("users"),
+    userId: v.string(),
     expirationTime: v.number(),
   }).index("userId", ["userId"]),
   /**
@@ -63,7 +63,7 @@ export const authTables = {
    * A single user can have multiple accounts linked.
    */
   authAccounts: defineTable({
-    userId: v.id("users"),
+    userId: v.string(),
     provider: v.string(),
     providerAccountId: v.string(),
     secret: v.optional(v.string()),
@@ -144,12 +144,12 @@ export type Doc<T extends TableNamesInDataModel<AuthDataModel>> = GenericDoc<
 
 export type Tokens = { token: string; refreshToken: string };
 export type SessionInfo = {
-  userId: GenericId<"users">;
+  userId: string;
   sessionId: GenericId<"authSessions">;
   tokens: Tokens | null;
 };
 export type SessionInfoWithTokens = {
-  userId: GenericId<"users">;
+  userId: string;
   sessionId: GenericId<"authSessions">;
   tokens: Tokens;
 };