-
Fix bug in JWKS cache logic that caused a race condition resulting in no JWK being available. (#3321) by @BRKalow
-
Pass
devBrowserToken
tocreateRedirect()
to ensure methods fromauth()
that trigger redirects correctly pass the dev browser token for URL-based session syncing. (#3334) by @BRKalow -
Updated dependencies [
1662aaae9
,f70c885f7
,f5804a225
]:- @clerk/shared@2.0.2
-
Fix the following
@clerk/backend
methods to populate their paginated responses: (#3276) by @dimklclerkClient.allowListIndentifiers.getAllowlistIdentifierList()
clerkClient.clients.getClientList()
clerkClient.invitations.getInvitationList
clerkClient.redirectUrls.getRedirectUrlList()
clerkClient.sessions.getSessionList()
clerkClient.users.getUserOauthAccessToken()
-
Updated dependencies [
a78bc447c
,19cd42434
]:- @clerk/shared@2.0.1
-
Updated types for
orderBy
in OrganizationApi and UserApi (#3266) by @panteliselefOrganizationAPI.getOrganizationMembershipList
now acceptsorderBy
- Acceptable values
phone_number
,+phone_number
,-phone_number
,email_address
,+email_address
,-email_address
,created_at
,+created_at
,-created_at
,first_name
,+first_name
,-first_name
- Acceptable values
UserAPI.getUserList
expands the acceptable values of theorderBy
to:email_address
,+email_address
,-email_address
,web3wallet
,+web3wallet
,-web3wallet
,first_name
,+first_name
,-first_name
,last_name
,+last_name
,-last_name
,phone_number
,+phone_number
,-phone_number
,username
,+username
,-username
-
Export all Webhook event types and related JSON types. The newly exported types are:
DeletedObjectJSON
,EmailJSON
,OrganizationInvitationJSON
,OrganizationJSON
,OrganizationMembershipJSON
,SessionJSON
,SMSMessageJSON
,UserJSON
,UserWebhookEvent
,EmailWebhookEvent
,SMSWebhookEvent
,SessionWebhookEvent
,OrganizationWebhookEvent
,OrganizationMembershipWebhookEvent
,OrganizationInvitationWebhookEvent
(#3248) by @nikosdouvlis -
Added missing 'organizationId' parameter to UserListParams (#3240) by @royanger
Moved last_active_at_since from UserCountParams to UserListParams
-
3a2f13604: Drop
user
/organization
/session
from auth object on signed-out state (current value wasnull
). Eg// Backend import { createClerkClient } from '@clerk/backend'; const clerkClient = createClerkClient({...}); const requestState = clerkClient.authenticateRequest(request, {...}); - const { user, organization, session } = requestState.toAuth(); + const { userId, organizationId, sessionId } = requestState.toAuth(); // Remix import { getAuth } from '@clerk/remix/ssr.server'; - const { user, organization, session } = await getAuth(args); + const { userId, organizationId, sessionId } = await getAuth(args); // or rootAuthLoader( args, ({ request }) => { - const { user, organization, session } = request.auth; + const { userId, organizationId, sessionId } = request.auth; // ... }, { loadUser: true }, ); // NextJS import { getAuth } from '@clerk/nextjs/server'; - const { user, organization, session } = getAuth(args); + const { userId, organizationId, sessionId } = getAuth(req, opts); // Gatsby import { withServerAuth } from 'gatsby-plugin-clerk'; export const getServerData: GetServerData<any> = withServerAuth( async props => { - const { user, organization, session } = props; + const { userId, organizationId, sessionId } = props; return { props: { data: '1', auth: props.auth, userId, organizationId, sessionId } }; }, { loadUser: true }, );
-
c2a090513: Change the minimal Node.js version required by Clerk to
18.17.0
. -
deac67c1c: Drop default exports from all packages. Migration guide:
- use
import { Clerk } from '@clerk/backend';
- use
import { clerkInstance } from '@clerk/clerk-sdk-node';
- use
import { Clerk } from '@clerk/clerk-sdk-node';
- use
import { Clerk } from '@clerk/clerk-js';
- use
import { Clerk } from '@clerk/clerk-js/headless';
- use
import { IsomorphicClerk } from '@clerk/clerk-react'
- use
-
244de5ea3: Make all listing API requests to return consistent
{ data: Resource[], totalCount: number }
.Support pagination request params
{ limit, offset }
to:sessions.getSessionList({ limit, offset })
clients.getClientList({ limit, offset })
Since the
users.getUserList()
does not return thetotal_count
as a temporary solution that method will perform 2 BAPI requests:- retrieve the data
- retrieve the total count (invokes
users.getCount()
internally)
-
a9fe242be: Change return value of
verifyToken()
from@clerk/backend
to{ data, error}
. To replicate the current behaviour use this:import { verifyToken } from '@clerk/backend' const { data, error } = await verifyToken(...); if(error){ throw error; }
-
799abc281: Change
SessionApi.getToken()
to return consistent{ data, errors }
return value and fix thegetToken()
from requestState to have the same return behavior as v4 (return Promise or throw error). This change fixes issues withgetToken()
in@clerk/nextjs
/@clerk/remix
/@clerk/fastify
/@clerk/sdk-node
/gatsby-plugin-clerk
:Example:
import { getAuth } from '@clerk/nextjs/server'; const { getToken } = await getAuth(...); const jwtString = await getToken(...);
The change in
SessionApi.getToken()
return value is a breaking change, to keep the existing behavior use the following:import { ClerkAPIResponseError } from '@clerk/shared/error'; const response = await clerkClient.sessions.getToken(...); if (response.errors) { const { status, statusText, clerkTraceId } = response; const error = new ClerkAPIResponseError(statusText || '', { data: [], status: Number(status || ''), clerkTraceId, }); error.errors = response.errors; throw error; } // the value of the v4 `clerkClient.sessions.getToken(...)` const jwtString = response.data.jwt;
-
71663c568: Internal update default apiUrl domain from clerk.dev to clerk.com
-
02976d494: Remove the named
Clerk
import from@clerk/backend
and importcreateClerkClient
instead. The latter is a factory method that will create a Clerk client instance for you. This aligns usage across our SDKs and will enable us to better ship DX improvements in the future.Inside your code, search for occurrences like these:
import { Clerk } from '@clerk/backend'; const clerk = Clerk({ secretKey: '...' });
You need to rename the import from
Clerk
tocreateClerkClient
and change its usage:import { createClerkClient } from '@clerk/backend'; const clerk = createClerkClient({ secretKey: '...' });
-
8e5c881c4: The following paginated APIs now return
{ data, totalCount }
instead of simple arrays, in order to make building paginated UIs easier:clerkClient.users.getOrganizationMembershipList(...)
clerkClient.organization.getOrganizationList(...)
clerkClient.organization.getOrganizationInvitationList(...)
Revert changing the
{ data, errors }
return value of the following helpers to throw theerrors
or return thedata
(keep v4 format):import { verifyToken } from '@clerk/backend'
import { signJwt, hasValidSignature, decodeJwt, verifyJwt } from '@clerk/backend/jwt'
- BAPI
clerkClient
methods eg (clerkClient.users.getUserList(...)
)
-
dd5703013: Change the response payload of Backend API requests to return
{ data, errors }
instead of return the data and throwing on error response. Code example to keep the same behavior:import { users } from '@clerk/backend'; import { ClerkAPIResponseError } from '@clerk/shared/error'; const { data, errors, clerkTraceId, status, statusText } = await users.getUser('user_deadbeef'); if (errors) { throw new ClerkAPIResponseError(statusText, { data: errors, status, clerkTraceId }); }
-
86d52fb5c: - Refactor the
authenticateRequest()
flow to use the new client handshake endpoint. This replaces the previous "interstitial"-based flow. This should improve performance and overall reliability of Clerk's server-side request authentication functionality.authenticateRequest()
now accepts two arguments, aRequest
object to authenticate and options:authenticateRequest(new Request(...), { secretKey: '...' })
-
a9fe242be: Change return values of
signJwt
,hasValidSignature
,decodeJwt
,verifyJwt
to return{ data, error }
. Example of keeping the same behavior using those utilities:import { signJwt, hasValidSignature, decodeJwt, verifyJwt } from '@clerk/backend/jwt'; const { data, error } = await signJwt(...) if (error) throw error; const { data, error } = await hasValidSignature(...) if (error) throw error; const { data, error } = decodeJwt(...) if (error) throw error; const { data, error } = await verifyJwt(...) if (error) throw error;
-
97407d8aa: Dropping support for Node 14 and 16 as they both reached EOL status. The minimal Node.js version required by Clerk is
18.18.0
now. -
9615e6cda: Enforce passing
request
param toauthenticateRequest
method of@clerk/backend
instead of passing each header or cookie related option that is used internally to determine the request state.Migration guide:
- use
request
param inclerkClient.authenticateRequest()
instead of:origin
host
forwardedHost
forwardedProto
referrer
userAgent
cookieToken
clientUat
headerToken
searchParams
Example
// // current // import { clerkClient } from '@clerk/backend' const requestState = await clerkClient.authenticateRequest({ secretKey: 'sk_....' publishableKey: 'pk_....' origin: req.headers.get('origin'), host: req.headers.get('host'), forwardedHost: req.headers.get('x-forwarded-host'), forwardedProto: req.headers.get('x-forwarded-proto'), referrer: req.headers.get('referer'), userAgent: req.headers.get('user-agent'), clientUat: req.cookies.get('__client_uat'), cookieToken: req.cookies.get('__session'), headerToken: req.headers.get('authorization'), searchParams: req.searchParams }); // // new // import { clerkClient, } from '@clerk/backend' // use req (if it's a fetch#Request instance) or use `createIsomorphicRequest` from `@clerk/backend` // to re-construct fetch#Request instance const requestState = await clerkClient.authenticateRequest({ secretKey: 'sk_....' publishableKey: 'pk_....' request: req });
- use
-
0ec3a146c: Changes in exports of
@clerk/backend
:- Expose the following helpers and enums from
@clerk/backend/internal
:import { AuthStatus, buildRequestUrl, constants, createAuthenticateRequest, createIsomorphicRequest, debugRequestState, makeAuthObjectSerializable, prunePrivateMetadata, redirect, sanitizeAuthObject, signedInAuthObject, signedOutAuthObject, } from '@clerk/backend/internal';
- Drop the above exports from the top-level api:
Dropping those exports results in also dropping the exports from
// Before import { AuthStatus, ... } from '@clerk/backend'; // After import { AuthStatus, ... } from '@clerk/backend/internal';
gatsby-plugin-clerk
,@clerk/clerk-sdk-node
,@clerk/backend
,@clerk/fastify
,@clerk/nextjs
,@clerk/remix
packages.
- Expose the following helpers and enums from
-
cace85374: Drop deprecated properties. Migration steps:
- use
createClerkClient
instead of__unstable_options
- use
publishableKey
instead offrontendApi
- use
clockSkewInMs
instead ofclockSkewInSeconds
- use
apiKey
instead ofsecretKey
- drop
httpOptions
- use
*.image
instead ofExternalAccount.picture
ExternalAccountJSON.avatar_url
Organization.logoUrl
OrganizationJSON.logo_url
User.profileImageUrl
UserJSON.profile_image_url
OrganizationMembershipPublicUserData.profileImageUrl
OrganizationMembershipPublicUserDataJSON.profile_image_url
- drop
pkgVersion
- use
Organization.getOrganizationInvitationList
withstatus
instead ofgetPendingOrganizationInvitationList
- drop
orgs
claim (if required, can be manually added by usinguser.organizations
in a jwt template) - use
localInterstitial
instead ofremotePublicInterstitial
/remotePublicInterstitialUrl
Internal changes:
- replaced error enum (and it's)
SetClerkSecretKeyOrAPIKey
withSetClerkSecretKey
- use
-
1ad910eb9: Changes in exports of
@clerk/backend
:- Drop the following internal exports from the top-level api:
Dropping those exports results in also dropping the exports from
// Before import { AllowlistIdentifier, Client, DeletedObject, Email, EmailAddress, ExternalAccount, IdentificationLink, Invitation, OauthAccessToken, ObjectType, Organization, OrganizationInvitation, OrganizationMembership, OrganizationMembershipPublicUserData, PhoneNumber, RedirectUrl, SMSMessage, Session, SignInToken, Token, User, Verification, } from '@clerk/backend'; // After : no alternative since there is no need to use those classes
gatsby-plugin-clerk
,@clerk/clerk-sdk-node
,@clerk/backend
,@clerk/fastify
,@clerk/nextjs
,@clerk/remix
packages. - Keep those 3 resource related type exports
import type { Organization, Session, User, WebhookEvent, WebhookEventType } from '@clerk/backend';
- Drop the following internal exports from the top-level api:
-
f58a9949b: Changes in exports of
@clerk/backend
:- Expose the following helpers and enums from
@clerk/backend/jwt
:import { decodeJwt, hasValidSignature, signJwt, verifyJwt } from '@clerk/backend/jwt';
- Drop the above exports from the top-level api:
Dropping those exports results in also dropping the exports from
// Before import { decodeJwt, ... } from '@clerk/backend'; // After import { decodeJwt, ... } from '@clerk/backend/jwt';
gatsby-plugin-clerk
,@clerk/clerk-sdk-node
,@clerk/backend
,@clerk/fastify
,@clerk/nextjs
,@clerk/remix
packages.
- Expose the following helpers and enums from
-
d22e6164d: Rename property
members_count
tomembersCount
forOrganization
resource -
e1f7eae87: Limit TokenVerificationError exports to TokenVerificationError and TokenVerificationErrorReason
-
9b02c1aae: Changes in
@clerk/backend
exports:- Drop Internal
deserialize
helper - Introduce
/errors
subpath export, eg:import { TokenVerificationError, TokenVerificationErrorAction, TokenVerificationErrorCode, TokenVerificationErrorReason, } from '@clerk/backend/errors';
- Drop errors from top-level export
// Before import { TokenVerificationError, TokenVerificationErrorReason } from '@clerk/backend'; // After import { TokenVerificationError, TokenVerificationErrorReason } from '@clerk/backend/errors';
- Drop Internal
-
e602d6c1f: Drop unused SearchParams.AuthStatus constant
-
6fffd3b54: Replace return the value of the following jwt helpers to match the format of backend API client return values (for consistency).
import { signJwt } from '@clerk/backend/jwt'; - const { data, error } = await signJwt(...); + const { data, errors: [error] = [] } = await signJwt(...);
import { verifyJwt } from '@clerk/backend/jwt'; - const { data, error } = await verifyJwt(...); + const { data, errors: [error] = [] } = await verifyJwt(...);
import { hasValidSignature } from '@clerk/backend/jwt'; - const { data, error } = await hasValidSignature(...); + const { data, errors: [error] = [] } = await hasValidSignature(...);
import { decodeJwt } from '@clerk/backend/jwt'; - const { data, error } = await decodeJwt(...); + const { data, errors: [error] = [] } = await decodeJwt(...);
import { verifyToken } from '@clerk/backend'; - const { data, error } = await verifyToken(...); + const { data, errors: [error] = [] } = await verifyToken(...);
-
966b31205: Add
unbanUser
,lockUser
, andunlockUser
methods to the UserAPI class. -
ecb60da48: Implement token signature verification when passing verified token from Next.js middleware to the application origin.
-
448e02e93: Add fullName, primaryEmailAddress, primaryPhoneNumber, primaryWeb3Wallet to User class.
-
2671e7aa5: Add
external_account_id
to OAuth access token response -
8b6b094b9: Added prefers-color-scheme to interstitial
-
a6b893d28: - Added the
User.last_active_at
timestamp field which stores the latest date of session activity, with day precision. For further details, please consult the Backend API documentation.- Added the
last_active_at_since
filtering parameter for the Users listing request. The new parameter can be used to retrieve users that have displayed session activity since the given date. For further details, please consult the Backend API documentation. - Added the
last_active_at
available options for theorderBy
parameter of the Users listing request. For further details, please consult the Backend API documentation.
- Added the
-
a605335e1: Add support for NextJS 14
-
2964f8a47: Expose debug headers in response for handshake / signed-out states from SDKs using headers returned from
authenticateRequest()
-
7af0949ae: Add missing
createdAt
param inUser#createUser()
of@clerk/backend
. FixclerkClient.verifyToken()
signature to support a singletoken: string
parameter. -
d08ec6d8f: Improve ESM support in
@clerk/backend
for Node by using .mjs for #crypto subpath import -
03079579d: Expose
totalCount
from@clerk/backend
client responses for responses containing pagination information or for responses with type{ data: object[] }
.Example:
import { Clerk } from '@clerk/backend'; const clerkClient = Clerk({ secretKey: '...' }); // current const { data } = await clerkClient.organizations.getOrganizationList(); console.log('totalCount: ', data.length); // new const { data, totalCount } = await clerkClient.organizations.getOrganizationList(); console.log('totalCount: ', totalCount);
-
c7e6d00f5: Experimental support for
<Gate/>
with role checks. -
12962bc58: Re-use common pagination types for consistency across types.
Types introduced in
@clerk/types
:ClerkPaginationRequest
: describes pagination related props in request payloadClerkPaginatedResponse
: describes pagination related props in response bodyClerkPaginationParams
: describes pagination related props in api client method params
-
4bb57057e: Breaking Changes:
- Drop
isLegacyFrontendApiKey
from@clerk/shared
- Drop default exports from
@clerk/clerk-js
- on headless Clerk type
- on ui and ui.retheme
Portal
- Use
isProductionFromSecretKey
instead ofisProductionFromApiKey
- Use
isDevelopmentFromSecretKey
instead ofisDevelopmentFromApiKey
Changes:
- Rename
HeadlessBrowserClerkConstrutor
/HeadlessBrowserClerkConstructor
(typo) - Use
isomorphicAtob
/isomorhpicBtoa
to replacebase-64
in@clerk/expo
- Refactor merging build-time and runtime props in
@clerk/backend
clerk client - Drop
node-fetch
dependency from@clerk/backend
- Drop duplicate test in
@clerk/backend
- Drop
-
46040a2f3: Introduce Protect for authorization. Changes in public APIs:
- Rename Gate to Protect
- Support for permission checks. (Previously only roles could be used)
- Remove the
experimental
tags and prefixes - Drop
some
from thehas
utility and Protect. Protect now accepts acondition
prop where a function is expected with thehas
being exposed as the param. - Protect can now be used without required props. In this case behaves as
<SignedIn>
, if no authorization props are passed. has
will throw an error if neitherpermission
orrole
is passed.auth().protect()
for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.- inside a page or layout file it will render the nearest
not-found
component set by the developer - inside a route handler it will return empty response body with a 404 status code
- inside a page or layout file it will render the nearest
-
4aaf5103d: Deprecate
createSMSMessage
andSMSMessageApi
fromclerkClient
.The equivalent
/sms_messages
Backend API endpoint will also be dropped in the future, since this feature will no longer be available for new instances.For a brief period it will still be accessible for instances that have used it in the past 7 days (13-11-2023 to 20-11-2023).
New instances will get a 403 forbidden response if they try to access it.
-
7f751c4ef: Add support for X/Twitter v2 OAuth provider
-
4fced88ac: Add
banUser
method to the User operations (accessible underclerkClient.users
). Executes the Ban a user backend API call. -
e7e2a1eae: Add
createOrganizationEnabled
param in@clerk/backend
methodUser.updateUser()
Example:import { createClerkClient } from '@clerk/backend'; const clerkClient = createClerkClient({...}); await clerkClient.users.updateUser('user_...', { createOrganizationEnabled: true })
-
b4e79c1b9: Replace the
Clerk-Backend-SDK
header withUser-Agent
in BAPI requests and update it's value to contain both the package name and the package version of the clerk package executing the request. Eg request from@clerk/nextjs
to BAPI with appendUser-Agent: @clerk/nextjs@5.0.0-alpha-v5.16
using the latest version.Miscellaneous changes: The backend test build changed to use tsup.
-
142ded732: Add support for the
orderBy
parameter to thegetOrganizationList()
function
-
8c23651b8: Introduce
clerkClient.samlConnections
to exposegetSamlConnectionList
,createSamlConnection
,getSamlConnection
,updateSamlConnection
anddeleteSamlConnection
endpoints. IntroduceSamlConnection
resource for BAPI.Example:
import { clerkClient } from '@clerk/nextjs/server'; const samlConnection = await clerkClient.samlConnections.getSamlConnectionList();
-
f4f99f18d:
OrganizationMembershipRole
should respect authorization types provided by the developer if those exist. -
9272006e7: Export the JSON types for clerk resources.
-
a8901be64: Expose resources types
-
7b200af49: The
auth().redirectToSignIn()
helper no longer needs to be explicitly returned when called within the middleware. The following examples are now equivalent:// Before export default clerkMiddleware(auth => { if (protectedRoute && !auth.user) { return auth().redirectToSignIn() } }) // After export default clerkMiddleware(auth => { if (protectedRoute && !auth.user) { auth().redirectToSignIn() } })
Calling
auth().protect()
from a page will now automatically redirect back to the same page by settingredirect_url
to the request url before the redirect to the sign-in URL takes place. -
988a299c0: Fix typo in
jwk-remote-missing
error message -
b3a3dcdf4: Add OrganizationRoleAPI for CRUD operations regarding instance level organization roles.
-
935b0886e: The
emails
endpoint helper and the correspondingcreateEmail
method have been removed from the@clerk/backend
SDK andapiClint.emails.createEmail
will no longer be available.We will not be providing an alternative method for creating and sending emails directly from our JavaScript SDKs with this release. If you are currently using
createEmail
and you wish to update to the latest SDK version, please reach out to our support team (https://clerk.com/support) so we can assist you. -
93d05c868: Drop the introduction of
OrganizationRole
andOrganizationPermission
resources fro BAPI. -
4aaf5103d: Remove createSms functions from @clerk/backend and @clerk/sdk-node.
The equivalent /sms_messages Backend API endpoint will also dropped in the future, since this feature will no longer be available for new instances.
For a brief period it will still be accessible for instances that have used it in the past 7 days (13-11-2023 to 20-11-2023).
New instances will get a 403 forbidden response if they try to access it.
-
2de442b24: Rename beta-v5 to beta
-
15af02a83: Remove
__dev_session
legacy query param used to pass the Dev Browser token in previous major version. This param will be visible only when using Account Portal with "Core 1" version. -
de6519daa: Added missing types for
clerkClient.invitations.createInvitation
-
e6ecbaa2f: Fix an error in the handshake flow where the request would throw an unhandled error when verification of the handshake payload fails.
-
6a769771c: Update README for v5
-
9e99eb727: Update
@clerk/nextjs
error messages to refer toclerkMiddleware()
and deprecatedauthMiddleware()
and fix a typo incannotRenderSignUpComponentWhenSessionExists
error message. -
034c47ccb: Fix
clerkClient.organizations.getOrganizationMembershipList()
return type to be{ data, totalCount }
-
90aa2ea9c: Add
sha256
hasher support to PasswordHasher as described inUsers#CreateUser
-
1e98187b4: Update the handshake flow to only trigger for document requests.
-
2e77cd737: Set correct information on required Node.js and React versions in README
-
63dfe8dc9: Resolve Vercel edge-runtime "TypeError: Failed to parse URL" when
@clerk/remix
is used -
e921af259: Replace enums with
as const
objects so@clerk/backend
is consistent with the other packages -
c22cd5214: Fix type inferance for auth helper.
-
7cb1241a9: Trigger the handshake when no dev browser token exists in development.
-
bad4de1a2: Fixed an issue where errors returned from backend api requests are not converted to camelCase.
-
66b283653: Fix infinite redirect loops for production instances with incorrect secret keys'
-
f5d55bb1f: Add clerkTraceId to ClerkBackendApiResponse and ClerkAPIResponseError to allow for better tracing and debugging API error responses. Uses
clerk_trace_id
when available in a response and defaults tocf-ray
identifier if missing. -
a6308c67e: Add the following properties to
users.updateUser(userId, params)
params:password_hasher
password_digest
publicMetadata
privateMetadata
unsafeMetadata
-
0ce0edc28: Add OrganizationPermissionAPI for CRUD operations regarding instance level organization permissions.
-
051833167: fix(backend): Align types based on FAPI/BAPI structs
-
e6fc58ae4: Introduce
debug: true
option for theclerkMiddleware
helper -
a6451aece: Strip
experimental__has
from the auth object inmakeAuthObjectSerializable()
. This fixes an issue in Next.js where an error is being thrown when this function is passed to a client component as a prop. -
987994909: Add support for
scrypt_werkzeug
inUserAPI
PasswordHasher
. -
40ac4b645: Introduces telemetry collection from Clerk's SDKs. Collected telemetry will be used to gain insights into product usage and help drive roadmap priority. For more information, see https://clerk.com/docs/telemetry.
-
1bea9c200: Add missing pagination params types for
clerkClient.invitations.getInvitationList()
-
c2b982749: Preserve url protocol when joining paths.
-
Updated dependencies [743c4d204]
-
Updated dependencies [4b8bedc66]
-
Updated dependencies [c2a090513]
-
Updated dependencies [1834a3ee4]
-
Updated dependencies [896cb6104]
-
Updated dependencies [64d3763ec]
-
Updated dependencies [8350109ab]
-
Updated dependencies [1dc28ab46]
-
Updated dependencies [83e9d0846]
-
Updated dependencies [791c49807]
-
Updated dependencies [ea4933655]
-
Updated dependencies [a68eb3083]
-
Updated dependencies [2de442b24]
-
Updated dependencies [db18787c4]
-
Updated dependencies [7f833da9e]
-
Updated dependencies [ef2325dcc]
-
Updated dependencies [fc3ffd880]
-
Updated dependencies [bab2e7e05]
-
Updated dependencies [71663c568]
-
Updated dependencies [492b8a7b1]
-
Updated dependencies [e5c989a03]
-
Updated dependencies [7ecd6f6ab]
-
Updated dependencies [12f3c5c55]
-
Updated dependencies [c776f86fb]
-
Updated dependencies [97407d8aa]
-
Updated dependencies [5f58a2274]
-
Updated dependencies [52ff8fe6b]
-
Updated dependencies [8cc45d2af]
-
Updated dependencies [97407d8aa]
-
Updated dependencies [4bb57057e]
-
Updated dependencies [d4ff346dd]
-
Updated dependencies [7644b7472]
-
Updated dependencies [2ec9f6b09]
-
Updated dependencies [8daf8451c]
-
Updated dependencies [75ea300bc]
-
Updated dependencies [f5d55bb1f]
-
Updated dependencies [0d1052ac2]
-
Updated dependencies [d30ea1faa]
-
Updated dependencies [1fd2eff38]
-
Updated dependencies [5471c7e8d]
-
Updated dependencies [38d8b3e8a]
-
Updated dependencies [be991365e]
-
Updated dependencies [8350f73a6]
-
Updated dependencies [e0e79b4fe]
-
Updated dependencies [fb794ce7b]
-
Updated dependencies [40ac4b645]
-
Updated dependencies [6f755addd]
-
Updated dependencies [6eab66050]
- @clerk/shared@2.0.0
- Updated dependencies [
bab2e7e05
]:- @clerk/shared@2.0.0-beta.23
- Add support for the
orderBy
parameter to thegetOrganizationList()
function (#3164) by @IGassmann
-
Introduce
debug: true
option for theclerkMiddleware
helper (#3189) by @nikosdouvlis -
Updated dependencies [
fb794ce7b
]:- @clerk/shared@2.0.0-beta.22
- Implement token signature verification when passing verified token from Next.js middleware to the application origin. (#3121) by @BRKalow
- Resolve Vercel edge-runtime "TypeError: Failed to parse URL" when
@clerk/remix
is used (#3129) by @nikosdouvlis
-
Add support for
scrypt_werkzeug
inUserAPI
PasswordHasher
. (#3060) by @Nikpolik -
Add missing pagination params types for
clerkClient.invitations.getInvitationList()
(#3079) by @dimkl -
Updated dependencies [
fc3ffd880
,1fd2eff38
]:- @clerk/shared@2.0.0-beta.21
- Updated dependencies [
8350109ab
]:- @clerk/shared@2.0.0-beta.20
-
Introduce
clerkClient.samlConnections
to exposegetSamlConnectionList
,createSamlConnection
,getSamlConnection
,updateSamlConnection
anddeleteSamlConnection
endpoints. IntroduceSamlConnection
resource for BAPI. (#2980) by @EmmanouelaPothitouExample:
import { clerkClient } from '@clerk/nextjs/server'; const samlConnection = await clerkClient.samlConnections.getSamlConnectionList();
-
Export the JSON types for clerk resources. (#2965) by @desiprisg
-
Fix infinite redirect loops for production instances with incorrect secret keys' (#2994) by @dimkl
- Expose debug headers in response for handshake / signed-out states from SDKs using headers returned from
authenticateRequest()
(#2898) by @dimkl
- Updated dependencies [
8350f73a6
]:- @clerk/shared@2.0.0-beta.19
-
Remove
__dev_session
legacy query param used to pass the Dev Browser token in previous major version. (#2883) by @dimklThis param will be visible only when using Account Portal with "Core 1" version.
-
Updated dependencies [
1834a3ee4
]:- @clerk/shared@2.0.0-beta.17
- Updated dependencies [
db18787c4
]:- @clerk/shared@2.0.0-beta.16
- Updated dependencies [
6eab66050
]:- @clerk/shared@2.0.0-beta.15
- Updated dependencies [
12f3c5c55
]:- @clerk/shared@2.0.0-beta.14
- fix(backend): Align types based on FAPI/BAPI structs (#2818) by @nikosdouvlis
-
Rename beta-v5 to beta by @nikosdouvlis
-
Updated dependencies [
2de442b24
]:- @clerk/shared@2.0.0-beta.13
-
Make all listing API requests to return consistent
{ data: Resource[], totalCount: number }
. (#2714) by @dimklSupport pagination request params
{ limit, offset }
to:sessions.getSessionList({ limit, offset })
clients.getClientList({ limit, offset })
Since the
users.getUserList()
does not return thetotal_count
as a temporary solution that method will perform 2 BAPI requests:- retrieve the data
- retrieve the total count (invokes
users.getCount()
internally)
-
Add
unbanUser
,lockUser
, andunlockUser
methods to the UserAPI class. (#2780) by @panteliselef -
Add support for X/Twitter v2 OAuth provider (#2690) by @kostaspt
-
Add
banUser
method to the User operations (accessible underclerkClient.users
). Executes the Ban a user backend API call. (#2766) by @bartlenaerts
-
Expose resources types (#2660) by @panteliselef
-
The
auth().redirectToSignIn()
helper no longer needs to be explicitly returned when called within the middleware. The following examples are now equivalent: (#2691) by @nikosdouvlis// Before export default clerkMiddleware(auth => { if (protectedRoute && !auth.user) { return auth().redirectToSignIn() } }) // After export default clerkMiddleware(auth => { if (protectedRoute && !auth.user) { auth().redirectToSignIn() } })
Calling
auth().protect()
from a page will now automatically redirect back to the same page by settingredirect_url
to the request url before the redirect to the sign-in URL takes place. -
Fix
clerkClient.organizations.getOrganizationMembershipList()
return type to be{ data, totalCount }
(#2681) by @dimkl -
Preserve url protocol when joining paths. (#2745) by @panteliselef
-
Updated dependencies [
8daf8451c
,be991365e
]:- @clerk/shared@2.0.0-beta-v5.12
-
The following paginated APIs now return
{ data, totalCount }
instead of simple arrays, in order to make building paginated UIs easier: (#2633) by @dimklclerkClient.users.getOrganizationMembershipList(...)
clerkClient.organization.getOrganizationList(...)
clerkClient.organization.getOrganizationInvitationList(...)
Revert changing the
{ data, errors }
return value of the following helpers to throw theerrors
or return thedata
(keep v4 format):import { verifyToken } from '@clerk/backend'
import { signJwt, hasValidSignature, decodeJwt, verifyJwt } from '@clerk/backend/jwt'
- BAPI
clerkClient
methods eg (clerkClient.users.getUserList(...)
)
-
Add the following properties to
users.updateUser(userId, params)
params: (#2619) by @SokratisVidrospassword_hasher
password_digest
publicMetadata
privateMetadata
unsafeMetadata
-
Updated dependencies [
d4ff346dd
]:- @clerk/shared@2.0.0-beta-v5.11
-
Drop
user
/organization
/session
from auth object on signed-out state (current value wasnull
). Eg (#2598) by @dimkl// Backend import { createClerkClient } from '@clerk/backend'; const clerkClient = createClerkClient({...}); const requestState = clerkClient.authenticateRequest(request, {...}); - const { user, organization, session } = requestState.toAuth(); + const { userId, organizationId, sessionId } = requestState.toAuth(); // Remix import { getAuth } from '@clerk/remix/ssr.server'; - const { user, organization, session } = await getAuth(args); + const { userId, organizationId, sessionId } = await getAuth(args); // or rootAuthLoader( args, ({ request }) => { - const { user, organization, session } = request.auth; + const { userId, organizationId, sessionId } = request.auth; // ... }, { loadUser: true }, ); // NextJS import { getAuth } from '@clerk/nextjs/server'; - const { user, organization, session } = getAuth(args); + const { userId, organizationId, sessionId } = getAuth(req, opts); // Gatsby import { withServerAuth } from 'gatsby-plugin-clerk'; export const getServerData: GetServerData<any> = withServerAuth( async props => { - const { user, organization, session } = props; + const { userId, organizationId, sessionId } = props; return { props: { data: '1', auth: props.auth, userId, organizationId, sessionId } }; }, { loadUser: true }, );
-
Replace return the value of the following jwt helpers to match the format of backend API client return values (for consistency). (#2596) by @dimkl
import { signJwt } from '@clerk/backend/jwt'; - const { data, error } = await signJwt(...); + const { data, errors: [error] = [] } = await signJwt(...);
import { verifyJwt } from '@clerk/backend/jwt'; - const { data, error } = await verifyJwt(...); + const { data, errors: [error] = [] } = await verifyJwt(...);
import { hasValidSignature } from '@clerk/backend/jwt'; - const { data, error } = await hasValidSignature(...); + const { data, errors: [error] = [] } = await hasValidSignature(...);
import { decodeJwt } from '@clerk/backend/jwt'; - const { data, error } = await decodeJwt(...); + const { data, errors: [error] = [] } = await decodeJwt(...);
import { verifyToken } from '@clerk/backend'; - const { data, error } = await verifyToken(...); + const { data, errors: [error] = [] } = await verifyToken(...);
- Update
@clerk/nextjs
error messages to refer toclerkMiddleware()
and deprecatedauthMiddleware()
and fix a typo incannotRenderSignUpComponentWhenSessionExists
error message. (#2589) by @dimkl
-
The
emails
endpoint helper and the correspondingcreateEmail
method have been removed from the@clerk/backend
SDK andapiClint.emails.createEmail
will no longer be available. (#2548) by @NikpolikWe will not be providing an alternative method for creating and sending emails directly from our JavaScript SDKs with this release. If you are currently using
createEmail
and you wish to update to the latest SDK version, please reach out to our support team (https://clerk.com/support) so we can assist you.
-
Change
SessionApi.getToken()
to return consistent{ data, errors }
return value (#2539) by @dimkland fix the
getToken()
from requestState to have the same return behavior as v4 (return Promise or throw error). This change fixes issues withgetToken()
in@clerk/nextjs
/@clerk/remix
/@clerk/fastify
/@clerk/sdk-node
/gatsby-plugin-clerk
:Example:
import { getAuth } from '@clerk/nextjs/server'; const { getToken } = await getAuth(...); const jwtString = await getToken(...);
The change in
SessionApi.getToken()
return value is a breaking change, to keep the existing behavior use the following:import { ClerkAPIResponseError } from '@clerk/shared/error'; const response = await clerkClient.sessions.getToken(...); if (response.errors) { const { status, statusText, clerkTraceId } = response; const error = new ClerkAPIResponseError(statusText || '', { data: [], status: Number(status || ''), clerkTraceId, }); error.errors = response.errors; throw error; } // the value of the v4 `clerkClient.sessions.getToken(...)` const jwtString = response.data.jwt;
-
Replace the
Clerk-Backend-SDK
header withUser-Agent
in BAPI requests and update it's value to contain both the package name and the package version of the clerk package (#2558) by @dimklexecuting the request. Eg request from
@clerk/nextjs
to BAPI with appendUser-Agent: @clerk/nextjs@5.0.0-alpha-v5.16
using the latest version.Miscellaneous changes: The backend test build changed to use tsup.
- Updated dependencies [
8cc45d2af
]:- @clerk/shared@2.0.0-alpha-v5.10
- Add fullName, primaryEmailAddress, primaryPhoneNumber, primaryWeb3Wallet to User class. (#2493) by @panteliselef
-
Fix an error in the handshake flow where the request would throw an unhandled error when verification of the handshake payload fails. (#2541) by @BRKalow
-
Replace enums with
as const
objects so@clerk/backend
is consistent with the other packages (#2516) by @nikosdouvlis
- Updated dependencies [
7ecd6f6ab
]:- @clerk/shared@2.0.0-alpha-v5.8
-
Add
createOrganizationEnabled
param in@clerk/backend
methodUser.updateUser()
(#2415) by @dimklExample:
import { createClerkClient } from '@clerk/backend'; const clerkClient = createClerkClient({...}); await clerkClient.users.updateUser('user_...', { createOrganizationEnabled: true })
-
OrganizationMembershipRole
should respect authorization types provided by the developer if those exist. (#2408) by @panteliselef -
Fixed an issue where errors returned from backend api requests are not converted to camelCase. (#2423) by @Nikpolik
-
Change return value of
verifyToken()
from@clerk/backend
to{ data, error}
. (#2377) by @dimklTo replicate the current behaviour use this:
import { verifyToken } from '@clerk/backend' const { data, error } = await verifyToken(...); if(error){ throw error; }
-
Change return values of
signJwt
,hasValidSignature
,decodeJwt
,verifyJwt
(#2377) by @dimklto return
{ data, error }
. Example of keeping the same behavior using those utilities:import { signJwt, hasValidSignature, decodeJwt, verifyJwt } from '@clerk/backend/jwt'; const { data, error } = await signJwt(...) if (error) throw error; const { data, error } = await hasValidSignature(...) if (error) throw error; const { data, error } = decodeJwt(...) if (error) throw error; const { data, error } = await verifyJwt(...) if (error) throw error;
-
Changes in exports of
@clerk/backend
: (#2363) by @dimkl- Expose the following helpers and enums from
@clerk/backend/internal
:import { AuthStatus, buildRequestUrl, constants, createAuthenticateRequest, createIsomorphicRequest, debugRequestState, makeAuthObjectSerializable, prunePrivateMetadata, redirect, sanitizeAuthObject, signedInAuthObject, signedOutAuthObject, } from '@clerk/backend/internal';
- Drop the above exports from the top-level api:
Dropping those exports results in also dropping the exports from
// Before import { AuthStatus, ... } from '@clerk/backend'; // After import { AuthStatus, ... } from '@clerk/backend/internal';
gatsby-plugin-clerk
,@clerk/clerk-sdk-node
,@clerk/backend
,@clerk/fastify
,@clerk/nextjs
,@clerk/remix
packages.
- Expose the following helpers and enums from
-
Changes in exports of
@clerk/backend
: (#2365) by @dimkl- Drop the following internal exports from the top-level api:
Dropping those exports results in also dropping the exports from
// Before import { AllowlistIdentifier, Client, DeletedObject, Email, EmailAddress, ExternalAccount, IdentificationLink, Invitation, OauthAccessToken, ObjectType, Organization, OrganizationInvitation, OrganizationMembership, OrganizationMembershipPublicUserData, PhoneNumber, RedirectUrl, SMSMessage, Session, SignInToken, Token, User, Verification, } from '@clerk/backend'; // After : no alternative since there is no need to use those classes
gatsby-plugin-clerk
,@clerk/clerk-sdk-node
,@clerk/backend
,@clerk/fastify
,@clerk/nextjs
,@clerk/remix
packages. - Keep those 3 resource related type exports
import type { Organization, Session, User, WebhookEvent, WebhookEventType } from '@clerk/backend';
- Drop the following internal exports from the top-level api:
-
Changes in exports of
@clerk/backend
: (#2364) by @dimkl- Expose the following helpers and enums from
@clerk/backend/jwt
:import { decodeJwt, hasValidSignature, signJwt, verifyJwt } from '@clerk/backend/jwt';
- Drop the above exports from the top-level api:
Dropping those exports results in also dropping the exports from
// Before import { decodeJwt, ... } from '@clerk/backend'; // After import { decodeJwt, ... } from '@clerk/backend/jwt';
gatsby-plugin-clerk
,@clerk/clerk-sdk-node
,@clerk/backend
,@clerk/fastify
,@clerk/nextjs
,@clerk/remix
packages.
- Expose the following helpers and enums from
-
Changes in
@clerk/backend
exports: (#2362) by @dimkl- Drop Internal
deserialize
helper - Introduce
/errors
subpath export, eg:import { TokenVerificationError, TokenVerificationErrorAction, TokenVerificationErrorCode, TokenVerificationErrorReason, } from '@clerk/backend/errors';
- Drop errors from top-level export
// Before import { TokenVerificationError, TokenVerificationErrorReason } from '@clerk/backend'; // After import { TokenVerificationError, TokenVerificationErrorReason } from '@clerk/backend/errors';
- Drop Internal
- Improve ESM support in
@clerk/backend
for Node by using .mjs for #crypto subpath import (#2360) by @dimkl
-
Update the handshake flow to only trigger for document requests. (#2352) by @BRKalow
-
Updated dependencies [
5f58a2274
]:- @clerk/shared@2.0.0-alpha-v5.7
- Drop unused SearchParams.AuthStatus constant (#2347) by @nikosdouvlis
-
Remove the named
Clerk
import from@clerk/backend
and importcreateClerkClient
instead. The latter is a factory method that will create a Clerk client instance for you. This aligns usage across our SDKs and will enable us to better ship DX improvements in the future. (#2317) by @tmilewskiInside your code, search for occurrences like these:
import { Clerk } from '@clerk/backend'; const clerk = Clerk({ secretKey: '...' });
You need to rename the import from
Clerk
tocreateClerkClient
and change its usage:import { createClerkClient } from '@clerk/backend'; const clerk = createClerkClient({ secretKey: '...' });
-
-
Refactor the
authenticateRequest()
flow to use the new client handshake endpoint. This replaces the previous "interstitial"-based flow. This should improve performance and overall reliability of Clerk's server-side request authentication functionality. (#2300) by @BRKalow -
authenticateRequest()
now accepts two arguments, aRequest
object to authenticate and options:authenticateRequest(new Request(...), { secretKey: '...' })
-
-
Introduce Protect for authorization. (#2170) by @panteliselef
Changes in public APIs:
- Rename Gate to Protect
- Support for permission checks. (Previously only roles could be used)
- Remove the
experimental
tags and prefixes - Drop
some
from thehas
utility and Protect. Protect now accepts acondition
prop where a function is expected with thehas
being exposed as the param. - Protect can now be used without required props. In this case behaves as
<SignedIn>
, if no authorization props are passed. has
will throw an error if neitherpermission
orrole
is passed.auth().protect()
for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.- inside a page or layout file it will render the nearest
not-found
component set by the developer - inside a route handler it will return empty response body with a 404 status code
- inside a page or layout file it will render the nearest
- Limit TokenVerificationError exports to TokenVerificationError and TokenVerificationErrorReason (#2189) by @tmilewski
-
Add missing
createdAt
param inUser#createUser()
of@clerk/backend
. (#2284) by @dimklFix
clerkClient.verifyToken()
signature to support a singletoken: string
parameter.
-
-
Added the
User.last_active_at
timestamp field which stores the latest date of session activity, with day precision. For further details, please consult the Backend API documentation. (#2261) by @georgepsarakis -
Added the
last_active_at_since
filtering parameter for the Users listing request. The new parameter can be used to retrieve users that have displayed session activity since the given date. For further details, please consult the Backend API documentation. -
Added the
last_active_at
available options for theorderBy
parameter of the Users listing request. For further details, please consult the Backend API documentation.
-
-
Drop the introduction of
OrganizationRole
andOrganizationPermission
resources fro BAPI. (#2252) by @panteliselef -
Set correct information on required Node.js and React versions in README (#2264) by @LekoArts
-
Updated dependencies [
d30ea1faa
]:- @clerk/shared@2.0.0-alpha-v5.5
-
Expose
totalCount
from@clerk/backend
client responses for responses (#2199) by @dimklcontaining pagination information or for responses with type
{ data: object[] }
.Example:
import { Clerk } from '@clerk/backend'; const clerkClient = Clerk({ secretKey: '...' }); // current const { data } = await clerkClient.organizations.getOrganizationList(); console.log('totalCount: ', data.length); // new const { data, totalCount } = await clerkClient.organizations.getOrganizationList(); console.log('totalCount: ', totalCount);
-
Re-use common pagination types for consistency across types. (#2210) by @dimkl
Types introduced in
@clerk/types
:ClerkPaginationRequest
: describes pagination related props in request payloadClerkPaginatedResponse
: describes pagination related props in response bodyClerkPaginationParams
: describes pagination related props in api client method params
-
Breaking Changes: (#2169) by @dimkl
- Drop
isLegacyFrontendApiKey
from@clerk/shared
- Drop default exports from
@clerk/clerk-js
- on headless Clerk type
- on ui and ui.retheme
Portal
- Use
isProductionFromSecretKey
instead ofisProductionFromApiKey
- Use
isDevelopmentFromSecretKey
instead ofisDevelopmentFromApiKey
Changes:
- Rename
HeadlessBrowserClerkConstrutor
/HeadlessBrowserClerkConstructor
(typo) - Use
isomorphicAtob
/isomorhpicBtoa
to replacebase-64
in@clerk/expo
- Refactor merging build-time and runtime props in
@clerk/backend
clerk client - Drop
node-fetch
dependency from@clerk/backend
- Drop duplicate test in
@clerk/backend
- Drop
-
Deprecate
createSMSMessage
andSMSMessageApi
fromclerkClient
. (#2165) by @NikpolikThe equivalent
/sms_messages
Backend API endpoint will also be dropped in the future, since this feature will no longer be available for new instances.For a brief period it will still be accessible for instances that have used it in the past 7 days (13-11-2023 to 20-11-2023).
New instances will get a 403 forbidden response if they try to access it.
-
Add OrganizationRoleAPI for CRUD operations regarding instance level organization roles. (#2177) by @panteliselef
-
Remove createSms functions from @clerk/backend and @clerk/sdk-node. (#2165) by @Nikpolik
The equivalent /sms_messages Backend API endpoint will also dropped in the future, since this feature will no longer be available for new instances.
For a brief period it will still be accessible for instances that have used it in the past 7 days (13-11-2023 to 20-11-2023).
New instances will get a 403 forbidden response if they try to access it.
-
Add OrganizationPermissionAPI for CRUD operations regarding instance level organization permissions. (#2178) by @panteliselef
-
Introduces telemetry collection from Clerk's SDKs. Collected telemetry will be used to gain insights into product usage and help drive roadmap priority. For more information, see https://clerk.com/docs/telemetry. (#2154) by @BRKalow
-
Updated dependencies [
52ff8fe6b
,4bb57057e
,40ac4b645
]:- @clerk/shared@2.0.0-alpha-v5.3
- Updated dependencies [
c2a090513
]:- @clerk/shared@2.0.0-alpha-v5.2
-
Drop default exports from all packages. Migration guide: (#2150) by @dimkl
- use
import { Clerk } from '@clerk/backend';
- use
import { clerkInstance } from '@clerk/clerk-sdk-node';
- use
import { Clerk } from '@clerk/clerk-sdk-node';
- use
import { Clerk } from '@clerk/clerk-js';
- use
import { Clerk } from '@clerk/clerk-js/headless';
- use
import { IsomorphicClerk } from '@clerk/clerk-react'
- use
-
Change the response payload of Backend API requests to return
{ data, errors }
instead of return the data and throwing on error response. (#2126) by @dimklCode example to keep the same behavior:
import { users } from '@clerk/backend'; import { ClerkAPIResponseError } from '@clerk/shared/error'; const { data, errors, clerkTraceId, status, statusText } = await users.getUser('user_deadbeef'); if (errors) { throw new ClerkAPIResponseError(statusText, { data: errors, status, clerkTraceId }); }
-
Enforce passing
request
param toauthenticateRequest
method of@clerk/backend
(#2122) by @dimklinstead of passing each header or cookie related option that is used internally to determine the request state.
Migration guide:
- use
request
param inclerkClient.authenticateRequest()
instead of:origin
host
forwardedHost
forwardedProto
referrer
userAgent
cookieToken
clientUat
headerToken
searchParams
Example
// // current // import { clerkClient } from '@clerk/backend' const requestState = await clerkClient.authenticateRequest({ secretKey: 'sk_....' publishableKey: 'pk_....' origin: req.headers.get('origin'), host: req.headers.get('host'), forwardedHost: req.headers.get('x-forwarded-host'), forwardedProto: req.headers.get('x-forwarded-proto'), referrer: req.headers.get('referer'), userAgent: req.headers.get('user-agent'), clientUat: req.cookies.get('__client_uat'), cookieToken: req.cookies.get('__session'), headerToken: req.headers.get('authorization'), searchParams: req.searchParams }); // // new // import { clerkClient, } from '@clerk/backend' // use req (if it's a fetch#Request instance) or use `createIsomorphicRequest` from `@clerk/backend` // to re-construct fetch#Request instance const requestState = await clerkClient.authenticateRequest({ secretKey: 'sk_....' publishableKey: 'pk_....' request: req });
- use
-
Drop deprecated properties. Migration steps: (#1899) by @dimkl
- use
createClerkClient
instead of__unstable_options
- use
publishableKey
instead offrontendApi
- use
clockSkewInMs
instead ofclockSkewInSeconds
- use
apiKey
instead ofsecretKey
- drop
httpOptions
- use
*.image
instead ofExternalAccount.picture
ExternalAccountJSON.avatar_url
Organization.logoUrl
OrganizationJSON.logo_url
User.profileImageUrl
UserJSON.profile_image_url
OrganizationMembershipPublicUserData.profileImageUrl
OrganizationMembershipPublicUserDataJSON.profile_image_url
- drop
pkgVersion
- use
Organization.getOrganizationInvitationList
withstatus
instead ofgetPendingOrganizationInvitationList
- drop
orgs
claim (if required, can be manually added by usinguser.organizations
in a jwt template) - use
localInterstitial
instead ofremotePublicInterstitial
/remotePublicInterstitialUrl
Internal changes:
- replaced error enum (and it's)
SetClerkSecretKeyOrAPIKey
withSetClerkSecretKey
- use
-
Strip
experimental__has
from the auth object inmakeAuthObjectSerializable()
. This fixes an issue in Next.js where an error is being thrown when this function is passed to a client component as a prop. (#2101) by @BRKalow -
Updated dependencies [
64d3763ec
,83e9d0846
,7f833da9e
,492b8a7b1
,0d1052ac2
,5471c7e8d
,e0e79b4fe
]:- @clerk/shared@2.0.0-alpha-v5.1
-
Internal update default apiUrl domain from clerk.dev to clerk.com (#1878) by @dimkl
-
Dropping support for Node 14 and 16 as they both reached EOL status. The minimal Node.js version required by Clerk is
18.18.0
now. (#1864) by @dimkl
-
Added prefers-color-scheme to interstitial (#1935) by @royanger
-
Experimental support for
<Gate/>
with role checks. (#1942) by @panteliselef
-
Add
sha256
hasher support to PasswordHasher as described inUsers#CreateUser
(#1941) by @MathieuNls -
Fix type inferance for auth helper. (#2047) by @panteliselef
-
Add clerkTraceId to ClerkBackendApiResponse and ClerkAPIResponseError to allow for better tracing and debugging API error responses. (#1986) by @Nikpolik
Uses
clerk_trace_id
when available in a response and defaults tocf-ray
identifier if missing. -
Updated dependencies [
743c4d204
,791c49807
,a68eb3083
,ef2325dcc
,71663c568
,97407d8aa
,97407d8aa
,7644b7472
,f5d55bb1f
,6f755addd
]:- @clerk/shared@2.0.0-alpha-v5.0
-
Publish packages with npm provenance enabled (#1891) by @LekoArts
-
Update imports of
@clerk/shared
to granular entrypoints. This addresses warnings during a Next.js build that are the result of unsupported APIs being included in the module graph of builds for the edge runtime. (#1924) by @BRKalow -
Updated dependencies [
3bf64107e
,52f8553d2
,92727eec3
,b09b66eec
,51861addf
,aa4cd7615
]:- @clerk/shared@1.0.0
- @clerk/types@3.57.0
- Updated dependencies [
9ca215702
]:- @clerk/types@3.56.1
-
Added new function
signJwt(payload, key, options)
for JWT token signing. (#1786) by @NikpolikAlso updated the existing
hasValidSignature
andverifyJwt
method to handle PEM-formatted keys directly (previously they had to be converted to jwks). For key compatibility, support is specifically confined toRSA
types and formatsjwk, pkcs8, spki
. -
Updated dependencies [
35be8709d
,e38488c92
,a11f962bc
,9b644d799
,a9894b445
,834dadb36
,70f251007
,a46d6fe99
]:- @clerk/types@3.56.0
- @clerk/shared@0.24.5
- Add support for LinkedIn OIDC (#1772) by @fragoulis
-
Throw an error if the
signInUrl
is on the same origin of a satellite application or if it is of invalid format (#1845) by @desiprisg -
Avoid always showing deprecation warnings for
frontendApi
andapiKey
in@clerk/clerk-sdk-node
(#1856) by @dimkl -
Updated dependencies [
977336f79
,997b8e256
,91e9a55f4
,91014880d
,7f4d4b942
]:- @clerk/shared@0.24.4
- @clerk/types@3.55.0
-
Apply deprecation warnings for @clerk/types: (#1823) by @dimkl
orgs
jwt claimsapiKey
frontendApi
redirect_url
password
generateSignature
afterSwitchOrganizationUrl
profileImageUrl
-
Remove deprecation warning that is logging more than intended and not actionable for users of our SDKs. by @nikosdouvlis
-
Retry the implemented changes from #1767 which were reverted in #1806 due to RSC related errors (not all uses components had the
use client
directive). Restore the original PR and add additionaluse client
directives to ensure it works correctly. by @nikosdouvlis -
Updated dependencies [
1136c7c15
,1e212c19d
,1136c7c15
,1136c7c15
]:- @clerk/shared@0.24.3
-
Improve the
jwk-remote-missing
error by adding the available JWK IDs to the error message. This way you can understand why the entry was not found and compare the available ones with other keys. (#1816) by @LekoArts -
Pins the internal dependency versions. This ensures that users installing our main framework SDKs will get consistent versions across all @clerk/ packages. (#1798) by @BRKalow
-
Update
authenticateRequest()
to respect theCloudFront-Forwarded-Proto
header when determining the correctforwardedProto
value. This fixes an issue when Clerk is used in applications that are deployed behind AWS CloudFront, where previously all requests were treated as cross-origin. (#1817) by @dimkl -
Remove experimenta jsdoc tags from multi-domain types. (#1819) by @panteliselef
-
Updated dependencies [
b59b6b75d
,164f3aac7
,68259a2bb
,33e927c59
,9514618d6
,c7c6912f3
,71bb1c7b5
]:- @clerk/types@3.54.0
- Temporarily revert internal change to resolve RSC-related errors (#1806) by @nikosdouvlis
-
Replace utilities with
@clerk/shared
exports (#1769) by @dimkl -
Introduce a new getOrganizationInvitationList() method, along with support for filtering by status and the regular limit & offset parameters, which it can be used in order to list the invitations of a specific organization. We also marked the old getPendingOrganizationInvitationList() method as deprecated (#1796) by @chanioxaris
-
Apply deprecation warnings for
@clerk/backend
: (#1777) by @dimkl- backend api return format
clockSkewInSeconds
pkgVersion
picture
/logoUrl
/profileImageUrl
InterstitialAPI
httpOptions
apiKey
frontendApi
__unstable_options
-
Updated dependencies [
7ffa6fac3
,5c8754239
,2f6a6ac99
,753f7bbda
,55c8ebd39
]:- @clerk/shared@0.24.0
- @clerk/types@3.53.0
-
Refactor the internal jwt assertions in separate module to improve testability and changed dates to UTC in jwt verification error messages (#1724) by @dimkl
-
Removing the
__clerk_referrer_primary
that was marked as deprecated. It was introduced to support the multi-domain featured, but was replaced shortly after. (#1755) by @panteliselef -
Fix 1 second flakiness in assertions tests (#1758) by @dimkl
-
Refactor the internal generation of request URLs to use a shared helper from
@clerk/backend
(#1532) by @dimkl
-
Change
README
to include updated links to issue templates and update Discord link. (#1750) by @LekoArts -
Fix missing members_count property for an Organization (#1735) by @panteliselef
-
Updated dependencies [
e99df0a0d
,4327b91f9
,01b024c57
]:- @clerk/types@3.52.0
- Introduce a new getOrganizationInvitation() method with which you can fetch a single organization invitation by providing the ID (#1682) by @chanioxaris
-
Introduce
hasImage
in User / Organization / Session resources (#1544) by @dimkl -
Include
signUpUrl
,afterSignInUrl
andafterSignUpUrl
toauthenticateRequest
options. (#1470) by @desiprisg
- Updated dependencies [
96cc1921c
,8d1e7d76d
,435d2cff5
,8873841fc
,0a5f632f8
,34da40a50
,3158752c7
,8538cd0c1
,a412a5014
,4ea30e883
,86de584dd
,e02a1aff2
,09bfb793e
,b2296d630
,52ce79108
,4764e40c7
,1e117beec
,89bc5de04
]:- @clerk/types@3.50.0
- Add filter by status(pending, accepted, revoked) support for getInvitationList method (#1533) by @raptisj
-
Deprecate usage of old image fields in favor of
imageUrl
(#1543) by @dimkl -
Updated dependencies [
ea95525a4
,24a46ae7e
,d433b83b9
,5e1a09df4
,0a59e122d
]:- @clerk/types@3.49.0
- Support hosting NextJs apps on non-Vercel platforms by constructing req.url using host-related headers instead of using on req.url directly. CLERK_TRUST_HOST is now enabled by default. (#1492) by @dimkl
- Updated dependencies [
6fa4768dc
]:- @clerk/types@3.48.1
- Updated dependencies [
2a9d83280
]:- @clerk/types@3.48.0
-
Introduce
createIsomorphicRequest
in@clerk/backend
(#1393) by @anagstefThis utility simplifies the
authenticateRequest
signature, and it makes it easier to integrate with more frameworks. -
Add
updateUserProfileImage
andupdateOrganizationLogo
methods for uploading images toUser
andOrganization
respectively. (#1456) by @anagstef
-
Add missing property 'adminDeleteEnabled' in Organization resource (#1468) by @chanioxaris
-
Fix the headers checked to determine the Response Content-Type (#1469) by @anagstef
-
Add missing property 'privateMetadata' in OrganizationInvitation resource (#1468) by @chanioxaris
-
Updated dependencies [
73c9c1d0e
,ae9fc247a
,1a151e701
,090bab66e
,592911196
]:- @clerk/types@3.47.0
- The
clockSkewInSeconds
property is now deprecated from theverifyJWT
options in favour of the newclockSkewInMs
property. The old property accepted a value in milliseconds, so this change fixes the property name. (#1450) by @desiprisg
-
Treat expired JWT as signed-out state for requests originated from non-browser clients on satellite apps (#1433) by @panteliselef
-
Make all 4 keys (legacy and new) optional in authenticateRequest params (#1437) by @anagstef
-
Increase the default value for clock skew in
verifyJwt
from 2 to 5 seconds (#1428) by @anagstef
- Updated dependencies [
30f8ad18a
]:- @clerk/types@3.46.1
- Updated dependencies [
bfb3af28
]:- @clerk/types@3.46.0
-
Simplify the signature of the low-level
authenticateRequest
helper. (#1329) by @anagstef- One pair of legacy or new instance keys are required instead of all 4 of them in
authenticateRequest
@clerk/backend
now can handle the"Bearer "
prefix in Authorization header for better DXhost
parameter is now optional in@clerk/backend
- One pair of legacy or new instance keys are required instead of all 4 of them in
-
Updated dependencies [
11954816
,32148490
]:- @clerk/types@3.45.0
- Updated dependencies [
17cc14ec
]:- @clerk/types@3.44.0
-
Allow
clerkJSVersion
to be passed when loading interstitial. Support for (#1354) by @panteliselef- Nextjs
- Remix
- Node
-
Support
audience
parameter in authentication request (#1004) by @dimklThe audience parameter is used to verify the the aud claim in the request matches the value of the parameter or is included (when the user provides a list).
Resolves:
- Updated dependencies [
c42b4ac0
]:- @clerk/types@3.42.0
-
Add support for NextJS applications hosted on AWS Amplify by @nikosdouvlis
-
Address npm audit issues for the clerk backend package by @nikosdouvlis
-
Add support for NextJS applications hosted on Railway by @nikosdouvlis
-
Remove unused
url
prop fromredirectToSignIn
andredirectToSignUp
helpers by @nikosdouvlis -
Updated dependencies [
b66ea0a5
,b66ea0a5
,b66ea0a5
]:- @clerk/types@3.41.1
0.21.0 (2023-06-03)
Note: Version bump only for package @clerk/backend
0.20.1 (2023-05-26)
Note: Version bump only for package @clerk/backend
0.20.0 (2023-05-23)
Note: Version bump only for package @clerk/backend
0.19.2 (2023-05-18)
Note: Version bump only for package @clerk/backend
0.19.1 (2023-05-17)
Note: Version bump only for package @clerk/backend
0.19.0 (2023-05-15)
Note: Version bump only for package @clerk/backend
0.18.0 (2023-05-04)
Note: Version bump only for package @clerk/backend
0.18.0-staging.4 (2023-05-04)
Note: Version bump only for package @clerk/backend
0.18.0-staging.3 (2023-05-02)
Note: Version bump only for package @clerk/backend
0.17.2 (2023-04-19)
Note: Version bump only for package @clerk/backend
0.17.1 (2023-04-19)
- backend: Add missing Webhooks export (db8d224)
0.17.0 (2023-04-12)
Note: Version bump only for package @clerk/backend
0.16.2 (2023-04-11)
Note: Version bump only for package @clerk/backend
0.16.1 (2023-04-06)
Note: Version bump only for package @clerk/backend
0.16.0 (2023-03-31)
Note: Version bump only for package @clerk/backend
0.16.0-staging.0 (2023-03-31)
- backend: Add signInUrl to buildPublicInterstitialUrl (2bbbaa6)
- backend: Support multi-domain in dev instances (2b8eb75)
- backend: Update interstitial to include signInUrl (d923618)
0.15.0 (2023-03-29)
Note: Version bump only for package @clerk/backend
0.13.1 (2023-03-10)
Note: Version bump only for package @clerk/backend
0.13.0 (2023-03-09)
Note: Version bump only for package @clerk/backend
0.12.0 (2023-03-07)
Note: Version bump only for package @clerk/backend
0.11.0 (2023-03-03)
Note: Version bump only for package @clerk/backend
0.10.0 (2023-03-01)
Note: Version bump only for package @clerk/backend
0.9.1 (2023-02-25)
Note: Version bump only for package @clerk/backend
0.9.0 (2023-02-24)
Note: Version bump only for package @clerk/backend
0.8.1-staging.4 (2023-02-22)
- backend: Update user params (624402f)
0.8.0 (2023-02-17)
Note: Version bump only for package @clerk/backend
0.7.0 (2023-02-15)
Note: Version bump only for package @clerk/backend
0.6.2 (2023-02-10)
Note: Version bump only for package @clerk/backend
0.6.1 (2023-02-07)
Note: Version bump only for package @clerk/backend
0.6.1-staging.0 (2023-02-07)
Note: Version bump only for package @clerk/backend
0.6.0 (2023-02-07)
Note: Version bump only for package @clerk/backend
0.5.1 (2023-02-01)
Note: Version bump only for package @clerk/backend
0.5.0 (2023-01-27)
Note: Version bump only for package @clerk/backend
0.4.3 (2023-01-24)
- backend,clerk-sdk-node,shared: Drop support for NodeJS 12 (d9169ab)
0.4.2 (2023-01-20)
Note: Version bump only for package @clerk/backend
0.4.1 (2023-01-18)
Note: Version bump only for package @clerk/backend
0.4.0 (2023-01-17)
- backend,clerk-sdk-node,shared: Support node12 runtimes (fdcd6b3)
- backend: Polyfill webcrypto for node14 and node12 (329bd6d)
0.3.2 (2022-12-23)
Note: Version bump only for package @clerk/backend
0.3.1 (2022-12-19)
Note: Version bump only for package @clerk/backend
0.3.0 (2022-12-13)
Note: Version bump only for package @clerk/backend
0.2.3 (2022-12-12)
Note: Version bump only for package @clerk/backend
0.2.2 (2022-12-09)
Note: Version bump only for package @clerk/backend
0.2.1 (2022-12-08)
Note: Version bump only for package @clerk/backend
0.2.0 (2022-12-08)
Note: Version bump only for package @clerk/backend
0.1.1 (2022-12-02)
Note: Version bump only for package @clerk/backend
0.1.0 (2022-11-30)
Note: Version bump only for package @clerk/backend
0.1.0-staging.4 (2022-11-29)
Note: Version bump only for package @clerk/backend