Skip to content

Latest commit

 

History

History
2157 lines (1467 loc) · 102 KB

CHANGELOG.md

File metadata and controls

2157 lines (1467 loc) · 102 KB
Raw

Change Log

1.1.2

Patch Changes

  • Fix bug in JWKS cache logic that caused a race condition resulting in no JWK being available. (#3321) by @BRKalow

  • Pass devBrowserToken to createRedirect() to ensure methods from auth() that trigger redirects correctly pass the dev browser token for URL-based session syncing. (#3334) by @BRKalow

  • Updated dependencies [1662aaae9, f70c885f7, f5804a225]:

    • @clerk/shared@2.0.2

1.1.1

Patch Changes

  • Fix the following @clerk/backend methods to populate their paginated responses: (#3276) by @dimkl

    • clerkClient.allowListIndentifiers.getAllowlistIdentifierList()
    • clerkClient.clients.getClientList()
    • clerkClient.invitations.getInvitationList
    • clerkClient.redirectUrls.getRedirectUrlList()
    • clerkClient.sessions.getSessionList()
    • clerkClient.users.getUserOauthAccessToken()

  • Updated dependencies [a78bc447c, 19cd42434]:

    • @clerk/shared@2.0.1

1.1.0

Minor Changes

  • Updated types for orderBy in OrganizationApi and UserApi (#3266) by @panteliselef

    • OrganizationAPI.getOrganizationMembershipList now accepts orderBy
      • Acceptable values phone_number, +phone_number, -phone_number, email_address, +email_address, -email_address, created_at, +created_at, -created_at, first_name, +first_name, -first_name
    • UserAPI.getUserList expands the acceptable values of the orderBy to:
      • email_address, +email_address, -email_address, web3wallet, +web3wallet, -web3wallet, first_name, +first_name, -first_name, last_name, +last_name, -last_name, phone_number, +phone_number, -phone_number, username, +username, -username

  • Add support for the Testing Tokens API (#3258) by @anagstef

Patch Changes

  • Fix infinite redirect loops for production instances with incorrect secret keys (#3259) by @dimkl

1.0.1

Patch Changes

  • Export all Webhook event types and related JSON types. The newly exported types are: DeletedObjectJSON, EmailJSON, OrganizationInvitationJSON, OrganizationJSON, OrganizationMembershipJSON, SessionJSON, SMSMessageJSON, UserJSON, UserWebhookEvent, EmailWebhookEvent, SMSWebhookEvent, SessionWebhookEvent, OrganizationWebhookEvent, OrganizationMembershipWebhookEvent, OrganizationInvitationWebhookEvent (#3248) by @nikosdouvlis

  • Added missing 'organizationId' parameter to UserListParams (#3240) by @royanger

    Moved last_active_at_since from UserCountParams to UserListParams

1.0.0

Major Changes

  • 3a2f13604: Drop user / organization / session from auth object on signed-out state (current value was null). Eg

        // Backend
    import { createClerkClient } from '@clerk/backend';

    const clerkClient = createClerkClient({...});
    const requestState = clerkClient.authenticateRequest(request, {...});

    - const { user, organization, session } = requestState.toAuth();
    + const { userId, organizationId, sessionId } = requestState.toAuth();

    // Remix
    import { getAuth } from '@clerk/remix/ssr.server';

    - const { user, organization, session } = await getAuth(args);
    + const { userId, organizationId, sessionId } = await getAuth(args);

    // or
    rootAuthLoader(
        args,
        ({ request }) => {
            - const { user, organization, session } = request.auth;
            + const { userId, organizationId, sessionId } = request.auth;
            // ...
        },
        { loadUser: true },
    );

    // NextJS
    import { getAuth } from '@clerk/nextjs/server';

    - const { user, organization, session } = getAuth(args);
    + const { userId, organizationId, sessionId } = getAuth(req, opts);

    // Gatsby
    import { withServerAuth } from 'gatsby-plugin-clerk';

    export const getServerData: GetServerData<any> = withServerAuth(
        async props => {
            - const { user, organization, session } =  props;
            + const { userId, organizationId, sessionId } = props;
            return { props: { data: '1', auth: props.auth, userId, organizationId, sessionId } };
        },
        { loadUser: true },
    );

  • c2a090513: Change the minimal Node.js version required by Clerk to 18.17.0.

  • deac67c1c: Drop default exports from all packages. Migration guide:

    • use import { Clerk } from '@clerk/backend';
    • use import { clerkInstance } from '@clerk/clerk-sdk-node';
    • use import { Clerk } from '@clerk/clerk-sdk-node';
    • use import { Clerk } from '@clerk/clerk-js';
    • use import { Clerk } from '@clerk/clerk-js/headless';
    • use import { IsomorphicClerk } from '@clerk/clerk-react'

  • 244de5ea3: Make all listing API requests to return consistent { data: Resource[], totalCount: number }.

    Support pagination request params { limit, offset } to:

    • sessions.getSessionList({ limit, offset })
    • clients.getClientList({ limit, offset })

    Since the users.getUserList() does not return the total_count as a temporary solution that method will perform 2 BAPI requests:

    1. retrieve the data
    2. retrieve the total count (invokes users.getCount() internally)

  • a9fe242be: Change return value of verifyToken() from @clerk/backend to { data, error}. To replicate the current behaviour use this:

    import { verifyToken } from '@clerk/backend'

const { data, error }  = await verifyToken(...);
if(error){
    throw error;
}

  • 799abc281: Change SessionApi.getToken() to return consistent { data, errors } return value and fix the getToken() from requestState to have the same return behavior as v4 (return Promise or throw error). This change fixes issues with getToken() in @clerk/nextjs / @clerk/remix / @clerk/fastify / @clerk/sdk-node / gatsby-plugin-clerk:

    Example:

    import { getAuth } from '@clerk/nextjs/server';

const { getToken } = await getAuth(...);
const jwtString = await getToken(...);

    The change in SessionApi.getToken() return value is a breaking change, to keep the existing behavior use the following:

    import { ClerkAPIResponseError } from '@clerk/shared/error';

const response = await clerkClient.sessions.getToken(...);

if (response.errors) {
    const { status, statusText, clerkTraceId } = response;
    const error = new ClerkAPIResponseError(statusText || '', {
        data: [],
        status: Number(status || ''),
        clerkTraceId,
    });
    error.errors = response.errors;

    throw error;
}

// the value of the v4 `clerkClient.sessions.getToken(...)`
const jwtString = response.data.jwt;

  • 71663c568: Internal update default apiUrl domain from clerk.dev to clerk.com

  • 02976d494: Remove the named Clerk import from @clerk/backend and import createClerkClient instead. The latter is a factory method that will create a Clerk client instance for you. This aligns usage across our SDKs and will enable us to better ship DX improvements in the future.

    Inside your code, search for occurrences like these:

    import { Clerk } from '@clerk/backend';
const clerk = Clerk({ secretKey: '...' });

    You need to rename the import from Clerk to createClerkClient and change its usage:

    import { createClerkClient } from '@clerk/backend';
const clerk = createClerkClient({ secretKey: '...' });

  • 8e5c881c4: The following paginated APIs now return { data, totalCount } instead of simple arrays, in order to make building paginated UIs easier:

    • clerkClient.users.getOrganizationMembershipList(...)
    • clerkClient.organization.getOrganizationList(...)
    • clerkClient.organization.getOrganizationInvitationList(...)

    Revert changing the { data, errors } return value of the following helpers to throw the errors or return the data (keep v4 format):

    • import { verifyToken } from '@clerk/backend'
    • import { signJwt, hasValidSignature, decodeJwt, verifyJwt } from '@clerk/backend/jwt'
    • BAPI clerkClient methods eg (clerkClient.users.getUserList(...))

  • dd5703013: Change the response payload of Backend API requests to return { data, errors } instead of return the data and throwing on error response. Code example to keep the same behavior:

    import { users } from '@clerk/backend';
import { ClerkAPIResponseError } from '@clerk/shared/error';

const { data, errors, clerkTraceId, status, statusText } = await users.getUser('user_deadbeef');
if (errors) {
  throw new ClerkAPIResponseError(statusText, { data: errors, status, clerkTraceId });
}

  • 86d52fb5c: - Refactor the authenticateRequest() flow to use the new client handshake endpoint. This replaces the previous "interstitial"-based flow. This should improve performance and overall reliability of Clerk's server-side request authentication functionality.

    • authenticateRequest() now accepts two arguments, a Request object to authenticate and options: 
      authenticateRequest(new Request(...), { secretKey: '...' })

  • a9fe242be: Change return values of signJwt, hasValidSignature, decodeJwt, verifyJwt to return { data, error }. Example of keeping the same behavior using those utilities:

    import { signJwt, hasValidSignature, decodeJwt, verifyJwt } from '@clerk/backend/jwt';

const { data, error } = await signJwt(...)
if (error) throw error;

const { data, error } = await hasValidSignature(...)
if (error) throw error;

const { data, error } = decodeJwt(...)
if (error) throw error;

const { data, error } = await verifyJwt(...)
if (error) throw error;

  • 97407d8aa: Dropping support for Node 14 and 16 as they both reached EOL status. The minimal Node.js version required by Clerk is 18.18.0 now.

  • 9615e6cda: Enforce passing request param to authenticateRequest method of @clerk/backend instead of passing each header or cookie related option that is used internally to determine the request state.

    Migration guide:

    • use request param in clerkClient.authenticateRequest() instead of:
      • origin
      • host
      • forwardedHost
      • forwardedProto
      • referrer
      • userAgent
      • cookieToken
      • clientUat
      • headerToken
      • searchParams

    Example

    //
// current
//
import { clerkClient } from '@clerk/backend'

const requestState = await clerkClient.authenticateRequest({
    secretKey: 'sk_....'
    publishableKey: 'pk_....'
    origin: req.headers.get('origin'),
    host: req.headers.get('host'),
    forwardedHost: req.headers.get('x-forwarded-host'),
    forwardedProto: req.headers.get('x-forwarded-proto'),
    referrer: req.headers.get('referer'),
    userAgent: req.headers.get('user-agent'),
    clientUat: req.cookies.get('__client_uat'),
    cookieToken: req.cookies.get('__session'),
    headerToken: req.headers.get('authorization'),
    searchParams: req.searchParams
});

//
// new
//
import { clerkClient,  } from '@clerk/backend'

// use req (if it's a fetch#Request instance) or use `createIsomorphicRequest` from `@clerk/backend`
// to re-construct fetch#Request instance
const requestState = await clerkClient.authenticateRequest({
    secretKey: 'sk_....'
    publishableKey: 'pk_....'
    request: req
});

  • 0ec3a146c: Changes in exports of @clerk/backend:

    • Expose the following helpers and enums from @clerk/backend/internal: 
      import {
  AuthStatus,
  buildRequestUrl,
  constants,
  createAuthenticateRequest,
  createIsomorphicRequest,
  debugRequestState,
  makeAuthObjectSerializable,
  prunePrivateMetadata,
  redirect,
  sanitizeAuthObject,
  signedInAuthObject,
  signedOutAuthObject,
} from '@clerk/backend/internal';
    • Drop the above exports from the top-level api: 
      // Before
import { AuthStatus, ... } from '@clerk/backend';
// After
import { AuthStatus, ... } from '@clerk/backend/internal';
      Dropping those exports results in also dropping the exports from gatsby-plugin-clerk, @clerk/clerk-sdk-node, @clerk/backend, @clerk/fastify, @clerk/nextjs, @clerk/remix packages.

  • cace85374: Drop deprecated properties. Migration steps:

    • use createClerkClient instead of __unstable_options
    • use publishableKey instead of frontendApi
    • use clockSkewInMs instead of clockSkewInSeconds
    • use apiKey instead of secretKey
    • drop httpOptions
    • use *.image instead of
      • ExternalAccount.picture
      • ExternalAccountJSON.avatar_url
      • Organization.logoUrl
      • OrganizationJSON.logo_url
      • User.profileImageUrl
      • UserJSON.profile_image_url
      • OrganizationMembershipPublicUserData.profileImageUrl
      • OrganizationMembershipPublicUserDataJSON.profile_image_url
    • drop pkgVersion
    • use Organization.getOrganizationInvitationList with status instead of getPendingOrganizationInvitationList
    • drop orgs claim (if required, can be manually added by using user.organizations in a jwt template)
    • use localInterstitial instead of remotePublicInterstitial / remotePublicInterstitialUrl

    Internal changes:

    • replaced error enum (and it's) SetClerkSecretKeyOrAPIKey with SetClerkSecretKey

  • 1ad910eb9: Changes in exports of @clerk/backend:

    • Drop the following internal exports from the top-level api: 
      // Before
import {
  AllowlistIdentifier,
  Client,
  DeletedObject,
  Email,
  EmailAddress,
  ExternalAccount,
  IdentificationLink,
  Invitation,
  OauthAccessToken,
  ObjectType,
  Organization,
  OrganizationInvitation,
  OrganizationMembership,
  OrganizationMembershipPublicUserData,
  PhoneNumber,
  RedirectUrl,
  SMSMessage,
  Session,
  SignInToken,
  Token,
  User,
  Verification,
} from '@clerk/backend';
// After : no alternative since there is no need to use those classes
      Dropping those exports results in also dropping the exports from gatsby-plugin-clerk, @clerk/clerk-sdk-node, @clerk/backend, @clerk/fastify, @clerk/nextjs, @clerk/remix packages.
    • Keep those 3 resource related type exports 
      import type { Organization, Session, User, WebhookEvent, WebhookEventType } from '@clerk/backend';

  • f58a9949b: Changes in exports of @clerk/backend:

    • Expose the following helpers and enums from @clerk/backend/jwt: 
      import { decodeJwt, hasValidSignature, signJwt, verifyJwt } from '@clerk/backend/jwt';
    • Drop the above exports from the top-level api: 
      // Before
import { decodeJwt, ... } from '@clerk/backend';
// After
import { decodeJwt, ... } from '@clerk/backend/jwt';
      Dropping those exports results in also dropping the exports from gatsby-plugin-clerk, @clerk/clerk-sdk-node, @clerk/backend, @clerk/fastify, @clerk/nextjs, @clerk/remix packages.

  • d22e6164d: Rename property members_count to membersCount for Organization resource

  • e1f7eae87: Limit TokenVerificationError exports to TokenVerificationError and TokenVerificationErrorReason

  • 9b02c1aae: Changes in @clerk/backend exports:

    • Drop Internal deserialize helper
    • Introduce /errors subpath export, eg: 
      import {
  TokenVerificationError,
  TokenVerificationErrorAction,
  TokenVerificationErrorCode,
  TokenVerificationErrorReason,
} from '@clerk/backend/errors';
    • Drop errors from top-level export 
      // Before
import { TokenVerificationError, TokenVerificationErrorReason } from '@clerk/backend';
// After
import { TokenVerificationError, TokenVerificationErrorReason } from '@clerk/backend/errors';

  • e602d6c1f: Drop unused SearchParams.AuthStatus constant

  • 6fffd3b54: Replace return the value of the following jwt helpers to match the format of backend API client return values (for consistency).

    import { signJwt } from '@clerk/backend/jwt';

- const { data, error } = await signJwt(...);
+ const { data, errors: [error] = [] } = await signJwt(...);
    import { verifyJwt } from '@clerk/backend/jwt';

- const { data, error } = await verifyJwt(...);
+ const { data, errors: [error] = [] } = await verifyJwt(...);
    import { hasValidSignature } from '@clerk/backend/jwt';

- const { data, error } = await hasValidSignature(...);
+ const { data, errors: [error] = [] } = await hasValidSignature(...);
    import { decodeJwt } from '@clerk/backend/jwt';

- const { data, error } = await decodeJwt(...);
+ const { data, errors: [error] = [] } = await decodeJwt(...);
    import { verifyToken } from '@clerk/backend';

- const { data, error } = await verifyToken(...);
+ const { data, errors: [error] = [] } = await verifyToken(...);

Minor Changes

  • 966b31205: Add unbanUser, lockUser, and unlockUser methods to the UserAPI class.

  • ecb60da48: Implement token signature verification when passing verified token from Next.js middleware to the application origin.

  • 448e02e93: Add fullName, primaryEmailAddress, primaryPhoneNumber, primaryWeb3Wallet to User class.

  • 2671e7aa5: Add external_account_id to OAuth access token response

  • 8b6b094b9: Added prefers-color-scheme to interstitial

  • a6b893d28: - Added the User.last_active_at timestamp field which stores the latest date of session activity, with day precision. For further details, please consult the Backend API documentation.

    • Added the last_active_at_since filtering parameter for the Users listing request. The new parameter can be used to retrieve users that have displayed session activity since the given date. For further details, please consult the Backend API documentation.
    • Added the last_active_at available options for the orderBy parameter of the Users listing request. For further details, please consult the Backend API documentation.

  • a605335e1: Add support for NextJS 14

  • 2964f8a47: Expose debug headers in response for handshake / signed-out states from SDKs using headers returned from authenticateRequest()

  • 7af0949ae: Add missing createdAt param in User#createUser() of @clerk/backend. Fix clerkClient.verifyToken() signature to support a single token: string parameter.

  • d08ec6d8f: Improve ESM support in @clerk/backend for Node by using .mjs for #crypto subpath import

  • 03079579d: Expose totalCount from @clerk/backend client responses for responses containing pagination information or for responses with type { data: object[] }.

    Example:

    import { Clerk } from '@clerk/backend';

const clerkClient = Clerk({ secretKey: '...' });

// current
const { data } = await clerkClient.organizations.getOrganizationList();
console.log('totalCount: ', data.length);

// new
const { data, totalCount } = await clerkClient.organizations.getOrganizationList();
console.log('totalCount: ', totalCount);

  • c7e6d00f5: Experimental support for <Gate/> with role checks.

  • 12962bc58: Re-use common pagination types for consistency across types.

    Types introduced in @clerk/types:

    • ClerkPaginationRequest : describes pagination related props in request payload
    • ClerkPaginatedResponse : describes pagination related props in response body
    • ClerkPaginationParams : describes pagination related props in api client method params

  • 4bb57057e: Breaking Changes:

    • Drop isLegacyFrontendApiKey from @clerk/shared
    • Drop default exports from @clerk/clerk-js
      • on headless Clerk type
      • on ui and ui.retheme Portal
    • Use isProductionFromSecretKey instead of isProductionFromApiKey
    • Use isDevelopmentFromSecretKey instead of isDevelopmentFromApiKey

    Changes:

    • Rename HeadlessBrowserClerkConstrutor / HeadlessBrowserClerkConstructor (typo)
    • Use isomorphicAtob / isomorhpicBtoa to replace base-64 in @clerk/expo
    • Refactor merging build-time and runtime props in @clerk/backend clerk client
    • Drop node-fetch dependency from @clerk/backend
    • Drop duplicate test in @clerk/backend

  • 46040a2f3: Introduce Protect for authorization. Changes in public APIs:

    • Rename Gate to Protect
    • Support for permission checks. (Previously only roles could be used)
    • Remove the experimental tags and prefixes
    • Drop some from the has utility and Protect. Protect now accepts a condition prop where a function is expected with the has being exposed as the param.
    • Protect can now be used without required props. In this case behaves as <SignedIn>, if no authorization props are passed.
    • has will throw an error if neither permission or role is passed.
    • auth().protect() for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.
      • inside a page or layout file it will render the nearest not-found component set by the developer
      • inside a route handler it will return empty response body with a 404 status code

  • 4aaf5103d: Deprecate createSMSMessage and SMSMessageApi from clerkClient.

    The equivalent /sms_messages Backend API endpoint will also be dropped in the future, since this feature will no longer be available for new instances.

    For a brief period it will still be accessible for instances that have used it in the past 7 days (13-11-2023 to 20-11-2023).

    New instances will get a 403 forbidden response if they try to access it.

  • 7f751c4ef: Add support for X/Twitter v2 OAuth provider

  • 4fced88ac: Add banUser method to the User operations (accessible under clerkClient.users). Executes the Ban a user backend API call.

  • e7e2a1eae: Add createOrganizationEnabled param in @clerk/backend method User.updateUser() Example:

        import { createClerkClient }  from '@clerk/backend';

    const clerkClient = createClerkClient({...});
    await clerkClient.users.updateUser('user_...', { createOrganizationEnabled: true })

  • b4e79c1b9: Replace the Clerk-Backend-SDK header with User-Agent in BAPI requests and update it's value to contain both the package name and the package version of the clerk package executing the request. Eg request from @clerk/nextjs to BAPI with append User-Agent: @clerk/nextjs@5.0.0-alpha-v5.16 using the latest version.

    Miscellaneous changes: The backend test build changed to use tsup.

  • 142ded732: Add support for the orderBy parameter to the getOrganizationList() function

Patch Changes

  • 8c23651b8: Introduce clerkClient.samlConnections to expose getSamlConnectionList, createSamlConnection, getSamlConnection, updateSamlConnection and deleteSamlConnection endpoints. Introduce SamlConnection resource for BAPI.

    Example:

    import { clerkClient } from '@clerk/nextjs/server';
const samlConnection = await clerkClient.samlConnections.getSamlConnectionList();

  • f4f99f18d: OrganizationMembershipRole should respect authorization types provided by the developer if those exist.

  • 9272006e7: Export the JSON types for clerk resources.

  • a8901be64: Expose resources types

  • 7b200af49: The auth().redirectToSignIn() helper no longer needs to be explicitly returned when called within the middleware. The following examples are now equivalent:

    // Before
export default clerkMiddleware(auth => {
  if (protectedRoute && !auth.user) {
    return auth().redirectToSignIn()
  }
})

// After
export default clerkMiddleware(auth => {
  if (protectedRoute && !auth.user) {
    auth().redirectToSignIn()
  }
})

    Calling auth().protect() from a page will now automatically redirect back to the same page by setting redirect_url to the request url before the redirect to the sign-in URL takes place.

  • 988a299c0: Fix typo in jwk-remote-missing error message

  • b3a3dcdf4: Add OrganizationRoleAPI for CRUD operations regarding instance level organization roles.

  • 935b0886e: The emails endpoint helper and the corresponding createEmail method have been removed from the @clerk/backend SDK and apiClint.emails.createEmail will no longer be available.

    We will not be providing an alternative method for creating and sending emails directly from our JavaScript SDKs with this release. If you are currently using createEmail and you wish to update to the latest SDK version, please reach out to our support team (https://clerk.com/support) so we can assist you.

  • 93d05c868: Drop the introduction of OrganizationRole and OrganizationPermission resources fro BAPI.

  • 4aaf5103d: Remove createSms functions from @clerk/backend and @clerk/sdk-node.

    The equivalent /sms_messages Backend API endpoint will also dropped in the future, since this feature will no longer be available for new instances.

    For a brief period it will still be accessible for instances that have used it in the past 7 days (13-11-2023 to 20-11-2023).

    New instances will get a 403 forbidden response if they try to access it.

  • 2de442b24: Rename beta-v5 to beta

  • 15af02a83: Remove __dev_session legacy query param used to pass the Dev Browser token in previous major version. This param will be visible only when using Account Portal with "Core 1" version.

  • de6519daa: Added missing types for clerkClient.invitations.createInvitation

  • e6ecbaa2f: Fix an error in the handshake flow where the request would throw an unhandled error when verification of the handshake payload fails.

  • 6a769771c: Update README for v5

  • 9e99eb727: Update @clerk/nextjs error messages to refer to clerkMiddleware() and deprecated authMiddleware() and fix a typo in cannotRenderSignUpComponentWhenSessionExists error message.

  • 034c47ccb: Fix clerkClient.organizations.getOrganizationMembershipList() return type to be { data, totalCount }

  • 90aa2ea9c: Add sha256 hasher support to PasswordHasher as described in Users#CreateUser

  • 1e98187b4: Update the handshake flow to only trigger for document requests.

  • 2e77cd737: Set correct information on required Node.js and React versions in README

  • 63dfe8dc9: Resolve Vercel edge-runtime "TypeError: Failed to parse URL" when @clerk/remix is used

  • e921af259: Replace enums with as const objects so @clerk/backend is consistent with the other packages

  • c22cd5214: Fix type inferance for auth helper.

  • 7cb1241a9: Trigger the handshake when no dev browser token exists in development.

  • bad4de1a2: Fixed an issue where errors returned from backend api requests are not converted to camelCase.

  • 66b283653: Fix infinite redirect loops for production instances with incorrect secret keys'

  • f5d55bb1f: Add clerkTraceId to ClerkBackendApiResponse and ClerkAPIResponseError to allow for better tracing and debugging API error responses. Uses clerk_trace_id when available in a response and defaults to cf-ray identifier if missing.

  • a6308c67e: Add the following properties to users.updateUser(userId, params) params:

    • password_hasher
    • password_digest
    • publicMetadata
    • privateMetadata
    • unsafeMetadata

  • 0ce0edc28: Add OrganizationPermissionAPI for CRUD operations regarding instance level organization permissions.

  • 051833167: fix(backend): Align types based on FAPI/BAPI structs

  • e6fc58ae4: Introduce debug: true option for the clerkMiddleware helper

  • a6451aece: Strip experimental__has from the auth object in makeAuthObjectSerializable(). This fixes an issue in Next.js where an error is being thrown when this function is passed to a client component as a prop.

  • 987994909: Add support for scrypt_werkzeug in UserAPI PasswordHasher.

  • 40ac4b645: Introduces telemetry collection from Clerk's SDKs. Collected telemetry will be used to gain insights into product usage and help drive roadmap priority. For more information, see https://clerk.com/docs/telemetry.

  • 1bea9c200: Add missing pagination params types for clerkClient.invitations.getInvitationList()

  • c2b982749: Preserve url protocol when joining paths.

  • Updated dependencies [743c4d204]

  • Updated dependencies [4b8bedc66]

  • Updated dependencies [c2a090513]

  • Updated dependencies [1834a3ee4]

  • Updated dependencies [896cb6104]

  • Updated dependencies [64d3763ec]

  • Updated dependencies [8350109ab]

  • Updated dependencies [1dc28ab46]

  • Updated dependencies [83e9d0846]

  • Updated dependencies [791c49807]

  • Updated dependencies [ea4933655]

  • Updated dependencies [a68eb3083]

  • Updated dependencies [2de442b24]

  • Updated dependencies [db18787c4]

  • Updated dependencies [7f833da9e]

  • Updated dependencies [ef2325dcc]

  • Updated dependencies [fc3ffd880]

  • Updated dependencies [bab2e7e05]

  • Updated dependencies [71663c568]

  • Updated dependencies [492b8a7b1]

  • Updated dependencies [e5c989a03]

  • Updated dependencies [7ecd6f6ab]

  • Updated dependencies [12f3c5c55]

  • Updated dependencies [c776f86fb]

  • Updated dependencies [97407d8aa]

  • Updated dependencies [5f58a2274]

  • Updated dependencies [52ff8fe6b]

  • Updated dependencies [8cc45d2af]

  • Updated dependencies [97407d8aa]

  • Updated dependencies [4bb57057e]

  • Updated dependencies [d4ff346dd]

  • Updated dependencies [7644b7472]

  • Updated dependencies [2ec9f6b09]

  • Updated dependencies [8daf8451c]

  • Updated dependencies [75ea300bc]

  • Updated dependencies [f5d55bb1f]

  • Updated dependencies [0d1052ac2]

  • Updated dependencies [d30ea1faa]

  • Updated dependencies [1fd2eff38]

  • Updated dependencies [5471c7e8d]

  • Updated dependencies [38d8b3e8a]

  • Updated dependencies [be991365e]

  • Updated dependencies [8350f73a6]

  • Updated dependencies [e0e79b4fe]

  • Updated dependencies [fb794ce7b]

  • Updated dependencies [40ac4b645]

  • Updated dependencies [6f755addd]

  • Updated dependencies [6eab66050]

    • @clerk/shared@2.0.0

1.0.0-beta.37

Patch Changes

  • Updated dependencies [bab2e7e05]:
    • @clerk/shared@2.0.0-beta.23

1.0.0-beta.36

Minor Changes

  • Add support for the orderBy parameter to the getOrganizationList() function (#3164) by @IGassmann

Patch Changes

  • Introduce debug: true option for the clerkMiddleware helper (#3189) by @nikosdouvlis

  • Updated dependencies [fb794ce7b]:

    • @clerk/shared@2.0.0-beta.22

1.0.0-beta.35

Patch Changes

  • Trigger the handshake when no dev browser token exists in development. (#3175) by @BRKalow

1.0.0-beta.34

Minor Changes

  • Implement token signature verification when passing verified token from Next.js middleware to the application origin. (#3121) by @BRKalow

1.0.0-beta.33

Major Changes

  • Rename property members_count to membersCount for Organization resource (#3094) by @dimkl

Patch Changes

  • Resolve Vercel edge-runtime "TypeError: Failed to parse URL" when @clerk/remix is used (#3129) by @nikosdouvlis

1.0.0-beta.32

Patch Changes

  • Add support for scrypt_werkzeug in UserAPI PasswordHasher. (#3060) by @Nikpolik

  • Add missing pagination params types for clerkClient.invitations.getInvitationList() (#3079) by @dimkl

  • Updated dependencies [fc3ffd880, 1fd2eff38]:

    • @clerk/shared@2.0.0-beta.21

1.0.0-beta.31

Patch Changes

  • Fix typo in jwk-remote-missing error message (#3057) by @dimkl

1.0.0-beta.30

Patch Changes

  • Updated dependencies [8350109ab]:
    • @clerk/shared@2.0.0-beta.20

1.0.0-beta.29

Minor Changes

  • Add external_account_id to OAuth access token response (#2982) by @kostaspt

Patch Changes

  • Introduce clerkClient.samlConnections to expose getSamlConnectionList, createSamlConnection, getSamlConnection, updateSamlConnection and deleteSamlConnection endpoints. Introduce SamlConnection resource for BAPI. (#2980) by @EmmanouelaPothitou

    Example:

    import { clerkClient } from '@clerk/nextjs/server';
const samlConnection = await clerkClient.samlConnections.getSamlConnectionList();

  • Export the JSON types for clerk resources. (#2965) by @desiprisg

  • Fix infinite redirect loops for production instances with incorrect secret keys' (#2994) by @dimkl

1.0.0-beta.28

Minor Changes

  • Expose debug headers in response for handshake / signed-out states from SDKs using headers returned from authenticateRequest() (#2898) by @dimkl

1.0.0-beta.27

Patch Changes

  • Updated dependencies [8350f73a6]:
    • @clerk/shared@2.0.0-beta.19

1.0.0-beta.26

Patch Changes

1.0.0-beta.25

Patch Changes

  • Remove __dev_session legacy query param used to pass the Dev Browser token in previous major version. (#2883) by @dimkl

    This param will be visible only when using Account Portal with "Core 1" version.

  • Updated dependencies [1834a3ee4]:

    • @clerk/shared@2.0.0-beta.17

1.0.0-beta.24

Patch Changes

  • Updated dependencies [db18787c4]:
    • @clerk/shared@2.0.0-beta.16

1.0.0-beta.23

Patch Changes

  • Updated dependencies [6eab66050]:
    • @clerk/shared@2.0.0-beta.15

1.0.0-beta.22

Patch Changes

  • Updated dependencies [12f3c5c55]:
    • @clerk/shared@2.0.0-beta.14

1.0.0-beta.21

Patch Changes

1.0.0-beta.20

Patch Changes

1.0.0-beta-v5.19

Major Changes

  • Make all listing API requests to return consistent { data: Resource[], totalCount: number }. (#2714) by @dimkl

    Support pagination request params { limit, offset } to:

    • sessions.getSessionList({ limit, offset })
    • clients.getClientList({ limit, offset })

    Since the users.getUserList() does not return the total_count as a temporary solution that method will perform 2 BAPI requests:

    1. retrieve the data
    2. retrieve the total count (invokes users.getCount() internally)

Minor Changes

  • Add unbanUser, lockUser, and unlockUser methods to the UserAPI class. (#2780) by @panteliselef

  • Add support for X/Twitter v2 OAuth provider (#2690) by @kostaspt

  • Add banUser method to the User operations (accessible under clerkClient.users). Executes the Ban a user backend API call. (#2766) by @bartlenaerts

Patch Changes

  • Expose resources types (#2660) by @panteliselef

  • The auth().redirectToSignIn() helper no longer needs to be explicitly returned when called within the middleware. The following examples are now equivalent: (#2691) by @nikosdouvlis

    // Before
export default clerkMiddleware(auth => {
  if (protectedRoute && !auth.user) {
    return auth().redirectToSignIn()
  }
})

// After
export default clerkMiddleware(auth => {
  if (protectedRoute && !auth.user) {
    auth().redirectToSignIn()
  }
})

    Calling auth().protect() from a page will now automatically redirect back to the same page by setting redirect_url to the request url before the redirect to the sign-in URL takes place.

  • Fix clerkClient.organizations.getOrganizationMembershipList() return type to be { data, totalCount } (#2681) by @dimkl

  • Preserve url protocol when joining paths. (#2745) by @panteliselef

  • Updated dependencies [8daf8451c, be991365e]:

    • @clerk/shared@2.0.0-beta-v5.12

1.0.0-beta-v5.18

Major Changes

  • The following paginated APIs now return { data, totalCount } instead of simple arrays, in order to make building paginated UIs easier: (#2633) by @dimkl

    • clerkClient.users.getOrganizationMembershipList(...)
    • clerkClient.organization.getOrganizationList(...)
    • clerkClient.organization.getOrganizationInvitationList(...)

    Revert changing the { data, errors } return value of the following helpers to throw the errors or return the data (keep v4 format):

    • import { verifyToken } from '@clerk/backend'
    • import { signJwt, hasValidSignature, decodeJwt, verifyJwt } from '@clerk/backend/jwt'
    • BAPI clerkClient methods eg (clerkClient.users.getUserList(...))

Patch Changes

  • Add the following properties to users.updateUser(userId, params) params: (#2619) by @SokratisVidros

    • password_hasher
    • password_digest
    • publicMetadata
    • privateMetadata
    • unsafeMetadata

  • Updated dependencies [d4ff346dd]:

    • @clerk/shared@2.0.0-beta-v5.11

1.0.0-alpha-v5.17

Major Changes

  • Drop user / organization / session from auth object on signed-out state (current value was null). Eg (#2598) by @dimkl

        // Backend
    import { createClerkClient } from '@clerk/backend';

    const clerkClient = createClerkClient({...});
    const requestState = clerkClient.authenticateRequest(request, {...});

    - const { user, organization, session } = requestState.toAuth();
    + const { userId, organizationId, sessionId } = requestState.toAuth();

    // Remix
    import { getAuth } from '@clerk/remix/ssr.server';

    - const { user, organization, session } = await getAuth(args);
    + const { userId, organizationId, sessionId } = await getAuth(args);

    // or
    rootAuthLoader(
        args,
        ({ request }) => {
            - const { user, organization, session } = request.auth;
            + const { userId, organizationId, sessionId } = request.auth;
            // ...
        },
        { loadUser: true },
    );

    // NextJS
    import { getAuth } from '@clerk/nextjs/server';

    - const { user, organization, session } = getAuth(args);
    + const { userId, organizationId, sessionId } = getAuth(req, opts);

    // Gatsby
    import { withServerAuth } from 'gatsby-plugin-clerk';

    export const getServerData: GetServerData<any> = withServerAuth(
        async props => {
            - const { user, organization, session } =  props;
            + const { userId, organizationId, sessionId } = props;
            return { props: { data: '1', auth: props.auth, userId, organizationId, sessionId } };
        },
        { loadUser: true },
    );

  • Replace return the value of the following jwt helpers to match the format of backend API client return values (for consistency). (#2596) by @dimkl

    import { signJwt } from '@clerk/backend/jwt';

- const { data, error } = await signJwt(...);
+ const { data, errors: [error] = [] } = await signJwt(...);
    import { verifyJwt } from '@clerk/backend/jwt';

- const { data, error } = await verifyJwt(...);
+ const { data, errors: [error] = [] } = await verifyJwt(...);
    import { hasValidSignature } from '@clerk/backend/jwt';

- const { data, error } = await hasValidSignature(...);
+ const { data, errors: [error] = [] } = await hasValidSignature(...);
    import { decodeJwt } from '@clerk/backend/jwt';

- const { data, error } = await decodeJwt(...);
+ const { data, errors: [error] = [] } = await decodeJwt(...);
    import { verifyToken } from '@clerk/backend';

- const { data, error } = await verifyToken(...);
+ const { data, errors: [error] = [] } = await verifyToken(...);

Patch Changes

  • Update @clerk/nextjs error messages to refer to clerkMiddleware() and deprecated authMiddleware() and fix a typo in cannotRenderSignUpComponentWhenSessionExists error message. (#2589) by @dimkl

1.0.0-alpha-v5.16

Patch Changes

  • The emails endpoint helper and the corresponding createEmail method have been removed from the @clerk/backend SDK and apiClint.emails.createEmail will no longer be available. (#2548) by @Nikpolik

    We will not be providing an alternative method for creating and sending emails directly from our JavaScript SDKs with this release. If you are currently using createEmail and you wish to update to the latest SDK version, please reach out to our support team (https://clerk.com/support) so we can assist you.

  • Update README for v5 (#2577) by @LekoArts

1.0.0-alpha-v5.15

Major Changes

  • Change SessionApi.getToken() to return consistent { data, errors } return value (#2539) by @dimkl

    and fix the getToken() from requestState to have the same return behavior as v4 (return Promise or throw error). This change fixes issues with getToken() in @clerk/nextjs / @clerk/remix / @clerk/fastify / @clerk/sdk-node / gatsby-plugin-clerk:

    Example:

    import { getAuth } from '@clerk/nextjs/server';

const { getToken } = await getAuth(...);
const jwtString = await getToken(...);

    The change in SessionApi.getToken() return value is a breaking change, to keep the existing behavior use the following:

    import { ClerkAPIResponseError } from '@clerk/shared/error';

const response = await clerkClient.sessions.getToken(...);

if (response.errors) {
    const { status, statusText, clerkTraceId } = response;
    const error = new ClerkAPIResponseError(statusText || '', {
        data: [],
        status: Number(status || ''),
        clerkTraceId,
    });
    error.errors = response.errors;

    throw error;
}

// the value of the v4 `clerkClient.sessions.getToken(...)`
const jwtString = response.data.jwt;

Minor Changes

  • Replace the Clerk-Backend-SDK header with User-Agent in BAPI requests and update it's value to contain both the package name and the package version of the clerk package (#2558) by @dimkl

    executing the request. Eg request from @clerk/nextjs to BAPI with append User-Agent: @clerk/nextjs@5.0.0-alpha-v5.16 using the latest version.

    Miscellaneous changes: The backend test build changed to use tsup.

Patch Changes

  • Updated dependencies [8cc45d2af]:
    • @clerk/shared@2.0.0-alpha-v5.10

1.0.0-alpha-v5.14

Minor Changes

  • Add fullName, primaryEmailAddress, primaryPhoneNumber, primaryWeb3Wallet to User class. (#2493) by @panteliselef

Patch Changes

  • Fix an error in the handshake flow where the request would throw an unhandled error when verification of the handshake payload fails. (#2541) by @BRKalow

  • Replace enums with as const objects so @clerk/backend is consistent with the other packages (#2516) by @nikosdouvlis

1.0.0-alpha-v5.13

Patch Changes

1.0.0-alpha-v5.12

Patch Changes

  • Updated dependencies [7ecd6f6ab]:
    • @clerk/shared@2.0.0-alpha-v5.8

1.0.0-alpha-v5.11

Minor Changes

  • Add createOrganizationEnabled param in @clerk/backend method User.updateUser() (#2415) by @dimkl

    Example:

        import { createClerkClient }  from '@clerk/backend';

    const clerkClient = createClerkClient({...});
    await clerkClient.users.updateUser('user_...', { createOrganizationEnabled: true })

Patch Changes

  • OrganizationMembershipRole should respect authorization types provided by the developer if those exist. (#2408) by @panteliselef

  • Fixed an issue where errors returned from backend api requests are not converted to camelCase. (#2423) by @Nikpolik

1.0.0-alpha-v5.10

Major Changes

  • Change return value of verifyToken() from @clerk/backend to { data, error}. (#2377) by @dimkl

    To replicate the current behaviour use this:

    import { verifyToken } from '@clerk/backend'

const { data, error }  = await verifyToken(...);
if(error){
    throw error;
}

  • Change return values of signJwt, hasValidSignature, decodeJwt, verifyJwt (#2377) by @dimkl

    to return { data, error }. Example of keeping the same behavior using those utilities:

    import { signJwt, hasValidSignature, decodeJwt, verifyJwt } from '@clerk/backend/jwt';

const { data, error } = await signJwt(...)
if (error) throw error;

const { data, error } = await hasValidSignature(...)
if (error) throw error;

const { data, error } = decodeJwt(...)
if (error) throw error;

const { data, error } = await verifyJwt(...)
if (error) throw error;

  • Changes in exports of @clerk/backend: (#2363) by @dimkl

    • Expose the following helpers and enums from @clerk/backend/internal: 
      import {
  AuthStatus,
  buildRequestUrl,
  constants,
  createAuthenticateRequest,
  createIsomorphicRequest,
  debugRequestState,
  makeAuthObjectSerializable,
  prunePrivateMetadata,
  redirect,
  sanitizeAuthObject,
  signedInAuthObject,
  signedOutAuthObject,
} from '@clerk/backend/internal';
    • Drop the above exports from the top-level api: 
      // Before
import { AuthStatus, ... } from '@clerk/backend';
// After
import { AuthStatus, ... } from '@clerk/backend/internal';
      Dropping those exports results in also dropping the exports from gatsby-plugin-clerk, @clerk/clerk-sdk-node, @clerk/backend, @clerk/fastify, @clerk/nextjs, @clerk/remix packages.

  • Changes in exports of @clerk/backend: (#2365) by @dimkl

    • Drop the following internal exports from the top-level api: 
      // Before
import {
  AllowlistIdentifier,
  Client,
  DeletedObject,
  Email,
  EmailAddress,
  ExternalAccount,
  IdentificationLink,
  Invitation,
  OauthAccessToken,
  ObjectType,
  Organization,
  OrganizationInvitation,
  OrganizationMembership,
  OrganizationMembershipPublicUserData,
  PhoneNumber,
  RedirectUrl,
  SMSMessage,
  Session,
  SignInToken,
  Token,
  User,
  Verification,
} from '@clerk/backend';
// After : no alternative since there is no need to use those classes
      Dropping those exports results in also dropping the exports from gatsby-plugin-clerk, @clerk/clerk-sdk-node, @clerk/backend, @clerk/fastify, @clerk/nextjs, @clerk/remix packages.
    • Keep those 3 resource related type exports 
      import type { Organization, Session, User, WebhookEvent, WebhookEventType } from '@clerk/backend';

  • Changes in exports of @clerk/backend: (#2364) by @dimkl

    • Expose the following helpers and enums from @clerk/backend/jwt: 
      import { decodeJwt, hasValidSignature, signJwt, verifyJwt } from '@clerk/backend/jwt';
    • Drop the above exports from the top-level api: 
      // Before
import { decodeJwt, ... } from '@clerk/backend';
// After
import { decodeJwt, ... } from '@clerk/backend/jwt';
      Dropping those exports results in also dropping the exports from gatsby-plugin-clerk, @clerk/clerk-sdk-node, @clerk/backend, @clerk/fastify, @clerk/nextjs, @clerk/remix packages.

  • Changes in @clerk/backend exports: (#2362) by @dimkl

    • Drop Internal deserialize helper
    • Introduce /errors subpath export, eg: 
      import {
  TokenVerificationError,
  TokenVerificationErrorAction,
  TokenVerificationErrorCode,
  TokenVerificationErrorReason,
} from '@clerk/backend/errors';
    • Drop errors from top-level export 
      // Before
import { TokenVerificationError, TokenVerificationErrorReason } from '@clerk/backend';
// After
import { TokenVerificationError, TokenVerificationErrorReason } from '@clerk/backend/errors';

Minor Changes

  • Improve ESM support in @clerk/backend for Node by using .mjs for #crypto subpath import (#2360) by @dimkl

Patch Changes

  • Update the handshake flow to only trigger for document requests. (#2352) by @BRKalow

  • Updated dependencies [5f58a2274]:

    • @clerk/shared@2.0.0-alpha-v5.7

1.0.0-alpha-v5.9

Major Changes

1.0.0-alpha-v5.8

Major Changes

  • Remove the named Clerk import from @clerk/backend and import createClerkClient instead. The latter is a factory method that will create a Clerk client instance for you. This aligns usage across our SDKs and will enable us to better ship DX improvements in the future. (#2317) by @tmilewski

    Inside your code, search for occurrences like these:

    import { Clerk } from '@clerk/backend';
const clerk = Clerk({ secretKey: '...' });

    You need to rename the import from Clerk to createClerkClient and change its usage:

    import { createClerkClient } from '@clerk/backend';
const clerk = createClerkClient({ secretKey: '...' });

    • Refactor the authenticateRequest() flow to use the new client handshake endpoint. This replaces the previous "interstitial"-based flow. This should improve performance and overall reliability of Clerk's server-side request authentication functionality. (#2300) by @BRKalow

    • authenticateRequest() now accepts two arguments, a Request object to authenticate and options:

      authenticateRequest(new Request(...), { secretKey: '...' })

Minor Changes

  • Introduce Protect for authorization. (#2170) by @panteliselef

    Changes in public APIs:

    • Rename Gate to Protect
    • Support for permission checks. (Previously only roles could be used)
    • Remove the experimental tags and prefixes
    • Drop some from the has utility and Protect. Protect now accepts a condition prop where a function is expected with the has being exposed as the param.
    • Protect can now be used without required props. In this case behaves as <SignedIn>, if no authorization props are passed.
    • has will throw an error if neither permission or role is passed.
    • auth().protect() for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.
      • inside a page or layout file it will render the nearest not-found component set by the developer
      • inside a route handler it will return empty response body with a 404 status code

Patch Changes

1.0.0-alpha-v5.7

Major Changes

  • Limit TokenVerificationError exports to TokenVerificationError and TokenVerificationErrorReason (#2189) by @tmilewski

Minor Changes

  • Add missing createdAt param in User#createUser() of @clerk/backend. (#2284) by @dimkl

    Fix clerkClient.verifyToken() signature to support a single token: string parameter.

Patch Changes

  • Added missing types for clerkClient.invitations.createInvitation (#2268) by @royanger

1.0.0-alpha-v5.6

Minor Changes

    • Added the User.last_active_at timestamp field which stores the latest date of session activity, with day precision. For further details, please consult the Backend API documentation. (#2261) by @georgepsarakis

    • Added the last_active_at_since filtering parameter for the Users listing request. The new parameter can be used to retrieve users that have displayed session activity since the given date. For further details, please consult the Backend API documentation.

    • Added the last_active_at available options for the orderBy parameter of the Users listing request. For further details, please consult the Backend API documentation.

Patch Changes

  • Drop the introduction of OrganizationRole and OrganizationPermission resources fro BAPI. (#2252) by @panteliselef

  • Set correct information on required Node.js and React versions in README (#2264) by @LekoArts

  • Updated dependencies [d30ea1faa]:

    • @clerk/shared@2.0.0-alpha-v5.5

1.0.0-alpha-v5.5

Patch Changes

1.0.0-alpha-v5.4

Minor Changes

  • Expose totalCount from @clerk/backend client responses for responses (#2199) by @dimkl

    containing pagination information or for responses with type { data: object[] }.

    Example:

    import { Clerk } from '@clerk/backend';

const clerkClient = Clerk({ secretKey: '...' });

// current
const { data } = await clerkClient.organizations.getOrganizationList();
console.log('totalCount: ', data.length);

// new
const { data, totalCount } = await clerkClient.organizations.getOrganizationList();
console.log('totalCount: ', totalCount);

  • Re-use common pagination types for consistency across types. (#2210) by @dimkl

    Types introduced in @clerk/types:

    • ClerkPaginationRequest : describes pagination related props in request payload
    • ClerkPaginatedResponse : describes pagination related props in response body
    • ClerkPaginationParams : describes pagination related props in api client method params

1.0.0-alpha-v5.3

Minor Changes

  • Breaking Changes: (#2169) by @dimkl

    • Drop isLegacyFrontendApiKey from @clerk/shared
    • Drop default exports from @clerk/clerk-js
      • on headless Clerk type
      • on ui and ui.retheme Portal
    • Use isProductionFromSecretKey instead of isProductionFromApiKey
    • Use isDevelopmentFromSecretKey instead of isDevelopmentFromApiKey

    Changes:

    • Rename HeadlessBrowserClerkConstrutor / HeadlessBrowserClerkConstructor (typo)
    • Use isomorphicAtob / isomorhpicBtoa to replace base-64 in @clerk/expo
    • Refactor merging build-time and runtime props in @clerk/backend clerk client
    • Drop node-fetch dependency from @clerk/backend
    • Drop duplicate test in @clerk/backend

  • Deprecate createSMSMessage and SMSMessageApi from clerkClient. (#2165) by @Nikpolik

    The equivalent /sms_messages Backend API endpoint will also be dropped in the future, since this feature will no longer be available for new instances.

    For a brief period it will still be accessible for instances that have used it in the past 7 days (13-11-2023 to 20-11-2023).

    New instances will get a 403 forbidden response if they try to access it.

Patch Changes

  • Add OrganizationRoleAPI for CRUD operations regarding instance level organization roles. (#2177) by @panteliselef

  • Remove createSms functions from @clerk/backend and @clerk/sdk-node. (#2165) by @Nikpolik

    The equivalent /sms_messages Backend API endpoint will also dropped in the future, since this feature will no longer be available for new instances.

    For a brief period it will still be accessible for instances that have used it in the past 7 days (13-11-2023 to 20-11-2023).

    New instances will get a 403 forbidden response if they try to access it.

  • Add OrganizationPermissionAPI for CRUD operations regarding instance level organization permissions. (#2178) by @panteliselef

  • Introduces telemetry collection from Clerk's SDKs. Collected telemetry will be used to gain insights into product usage and help drive roadmap priority. For more information, see https://clerk.com/docs/telemetry. (#2154) by @BRKalow

  • Updated dependencies [52ff8fe6b, 4bb57057e, 40ac4b645]:

    • @clerk/shared@2.0.0-alpha-v5.3

1.0.0-alpha-v5.2

Major Changes

  • Change the minimal Node.js version required by Clerk to 18.17.0. (#2162) by @dimkl

Patch Changes

  • Updated dependencies [c2a090513]:
    • @clerk/shared@2.0.0-alpha-v5.2

1.0.0-alpha-v5.1

Major Changes

  • Drop default exports from all packages. Migration guide: (#2150) by @dimkl

    • use import { Clerk } from '@clerk/backend';
    • use import { clerkInstance } from '@clerk/clerk-sdk-node';
    • use import { Clerk } from '@clerk/clerk-sdk-node';
    • use import { Clerk } from '@clerk/clerk-js';
    • use import { Clerk } from '@clerk/clerk-js/headless';
    • use import { IsomorphicClerk } from '@clerk/clerk-react'

  • Change the response payload of Backend API requests to return { data, errors } instead of return the data and throwing on error response. (#2126) by @dimkl

    Code example to keep the same behavior:

    import { users } from '@clerk/backend';
import { ClerkAPIResponseError } from '@clerk/shared/error';

const { data, errors, clerkTraceId, status, statusText } = await users.getUser('user_deadbeef');
if (errors) {
  throw new ClerkAPIResponseError(statusText, { data: errors, status, clerkTraceId });
}

  • Enforce passing request param to authenticateRequest method of @clerk/backend (#2122) by @dimkl

    instead of passing each header or cookie related option that is used internally to determine the request state.

    Migration guide:

    • use request param in clerkClient.authenticateRequest() instead of:
      • origin
      • host
      • forwardedHost
      • forwardedProto
      • referrer
      • userAgent
      • cookieToken
      • clientUat
      • headerToken
      • searchParams

    Example

    //
// current
//
import { clerkClient } from '@clerk/backend'

const requestState = await clerkClient.authenticateRequest({
    secretKey: 'sk_....'
    publishableKey: 'pk_....'
    origin: req.headers.get('origin'),
    host: req.headers.get('host'),
    forwardedHost: req.headers.get('x-forwarded-host'),
    forwardedProto: req.headers.get('x-forwarded-proto'),
    referrer: req.headers.get('referer'),
    userAgent: req.headers.get('user-agent'),
    clientUat: req.cookies.get('__client_uat'),
    cookieToken: req.cookies.get('__session'),
    headerToken: req.headers.get('authorization'),
    searchParams: req.searchParams
});

//
// new
//
import { clerkClient,  } from '@clerk/backend'

// use req (if it's a fetch#Request instance) or use `createIsomorphicRequest` from `@clerk/backend`
// to re-construct fetch#Request instance
const requestState = await clerkClient.authenticateRequest({
    secretKey: 'sk_....'
    publishableKey: 'pk_....'
    request: req
});

  • Drop deprecated properties. Migration steps: (#1899) by @dimkl

    • use createClerkClient instead of __unstable_options
    • use publishableKey instead of frontendApi
    • use clockSkewInMs instead of clockSkewInSeconds
    • use apiKey instead of secretKey
    • drop httpOptions
    • use *.image instead of
      • ExternalAccount.picture
      • ExternalAccountJSON.avatar_url
      • Organization.logoUrl
      • OrganizationJSON.logo_url
      • User.profileImageUrl
      • UserJSON.profile_image_url
      • OrganizationMembershipPublicUserData.profileImageUrl
      • OrganizationMembershipPublicUserDataJSON.profile_image_url
    • drop pkgVersion
    • use Organization.getOrganizationInvitationList with status instead of getPendingOrganizationInvitationList
    • drop orgs claim (if required, can be manually added by using user.organizations in a jwt template)
    • use localInterstitial instead of remotePublicInterstitial / remotePublicInterstitialUrl

    Internal changes:

    • replaced error enum (and it's) SetClerkSecretKeyOrAPIKey with SetClerkSecretKey

Patch Changes

1.0.0-alpha-v5.0

Major Changes

  • Internal update default apiUrl domain from clerk.dev to clerk.com (#1878) by @dimkl

  • Dropping support for Node 14 and 16 as they both reached EOL status. The minimal Node.js version required by Clerk is 18.18.0 now. (#1864) by @dimkl

Minor Changes

Patch Changes

0.31.3

Patch Changes

0.31.2

Patch Changes

  • Updated dependencies [9ca215702]:
    • @clerk/types@3.56.1

0.31.1

Patch Changes

  • Added new function signJwt(payload, key, options) for JWT token signing. (#1786) by @Nikpolik

    Also updated the existing hasValidSignature and verifyJwt method to handle PEM-formatted keys directly (previously they had to be converted to jwks). For key compatibility, support is specifically confined to RSA types and formats jwk, pkcs8, spki.

  • Updated dependencies [35be8709d, e38488c92, a11f962bc, 9b644d799, a9894b445, 834dadb36, 70f251007, a46d6fe99]:

    • @clerk/types@3.56.0
    • @clerk/shared@0.24.5

0.31.0

Minor Changes

Patch Changes

  • Throw an error if the signInUrl is on the same origin of a satellite application or if it is of invalid format (#1845) by @desiprisg

  • Avoid always showing deprecation warnings for frontendApi and apiKey in @clerk/clerk-sdk-node (#1856) by @dimkl

  • Updated dependencies [977336f79, 997b8e256, 91e9a55f4, 91014880d, 7f4d4b942]:

    • @clerk/shared@0.24.4
    • @clerk/types@3.55.0

0.30.3

Patch Changes

  • Apply deprecation warnings for @clerk/types: (#1823) by @dimkl

    • orgs jwt claims
    • apiKey
    • frontendApi
    • redirect_url
    • password
    • generateSignature
    • afterSwitchOrganizationUrl
    • profileImageUrl

  • Remove deprecation warning that is logging more than intended and not actionable for users of our SDKs. by @nikosdouvlis

  • Retry the implemented changes from #1767 which were reverted in #1806 due to RSC related errors (not all uses components had the use client directive). Restore the original PR and add additional use client directives to ensure it works correctly. by @nikosdouvlis

  • Updated dependencies [1136c7c15, 1e212c19d, 1136c7c15, 1136c7c15]:

    • @clerk/shared@0.24.3

0.30.2

Patch Changes

  • Improve the jwk-remote-missing error by adding the available JWK IDs to the error message. This way you can understand why the entry was not found and compare the available ones with other keys. (#1816) by @LekoArts

  • Pins the internal dependency versions. This ensures that users installing our main framework SDKs will get consistent versions across all @clerk/ packages. (#1798) by @BRKalow

  • Update authenticateRequest() to respect the CloudFront-Forwarded-Proto header when determining the correct forwardedProto value. This fixes an issue when Clerk is used in applications that are deployed behind AWS CloudFront, where previously all requests were treated as cross-origin. (#1817) by @dimkl

  • Remove experimenta jsdoc tags from multi-domain types. (#1819) by @panteliselef

  • Updated dependencies [b59b6b75d, 164f3aac7, 68259a2bb, 33e927c59, 9514618d6, c7c6912f3, 71bb1c7b5]:

    • @clerk/types@3.54.0

0.30.1

Patch Changes

  • Temporarily revert internal change to resolve RSC-related errors (#1806) by @nikosdouvlis

0.30.0

Minor Changes

  • Replace utilities with @clerk/shared exports (#1769) by @dimkl

  • Introduce a new getOrganizationInvitationList() method, along with support for filtering by status and the regular limit & offset parameters, which it can be used in order to list the invitations of a specific organization. We also marked the old getPendingOrganizationInvitationList() method as deprecated (#1796) by @chanioxaris

Patch Changes

  • Apply deprecation warnings for @clerk/backend: (#1777) by @dimkl

    • backend api return format
    • clockSkewInSeconds
    • pkgVersion
    • picture/logoUrl/profileImageUrl
    • InterstitialAPI
    • httpOptions
    • apiKey
    • frontendApi
    • __unstable_options

  • Updated dependencies [7ffa6fac3, 5c8754239, 2f6a6ac99, 753f7bbda, 55c8ebd39]:

    • @clerk/shared@0.24.0
    • @clerk/types@3.53.0

0.29.3

Patch Changes

0.29.2

Patch Changes

  • Refactor the internal jwt assertions in separate module to improve testability and changed dates to UTC in jwt verification error messages (#1724) by @dimkl

  • Removing the __clerk_referrer_primary that was marked as deprecated. It was introduced to support the multi-domain featured, but was replaced shortly after. (#1755) by @panteliselef

  • Fix 1 second flakiness in assertions tests (#1758) by @dimkl

  • Refactor the internal generation of request URLs to use a shared helper from @clerk/backend (#1532) by @dimkl

0.29.1

Patch Changes

0.29.0

Minor Changes

  • Introduce a new getOrganizationInvitation() method with which you can fetch a single organization invitation by providing the ID (#1682) by @chanioxaris

Patch Changes

0.28.1

Patch Changes

  • Improve error messaging when clock skew is detected. (#1661) by @BRKalow

0.28.0

Minor Changes

  • Introduce hasImage in User / Organization / Session resources (#1544) by @dimkl

  • Include signUpUrl, afterSignInUrl and afterSignUpUrl to authenticateRequest options. (#1470) by @desiprisg

Patch Changes

0.27.0

Minor Changes

  • Add filter by status(pending, accepted, revoked) support for getInvitationList method (#1533) by @raptisj

Patch Changes

0.26.0

Minor Changes

  • Support hosting NextJs apps on non-Vercel platforms by constructing req.url using host-related headers instead of using on req.url directly. CLERK_TRUST_HOST is now enabled by default. (#1492) by @dimkl

Patch Changes

  • Updated dependencies [6fa4768dc]:
    • @clerk/types@3.48.1

0.25.1

Patch Changes

  • Updated dependencies [2a9d83280]:
    • @clerk/types@3.48.0

0.25.0

Minor Changes

  • Introduce createIsomorphicRequest in @clerk/backend (#1393) by @anagstef

    This utility simplifies the authenticateRequest signature, and it makes it easier to integrate with more frameworks.

  • Add updateUserProfileImage and updateOrganizationLogo methods for uploading images to User and Organization respectively. (#1456) by @anagstef

Patch Changes

0.24.0

Minor Changes

  • The clockSkewInSeconds property is now deprecated from the verifyJWT options in favour of the new clockSkewInMs property. The old property accepted a value in milliseconds, so this change fixes the property name. (#1450) by @desiprisg

Patch Changes

  • Add a more descriptive error when secret key is invalid (#1446) by @raptisj

0.23.7

Patch Changes

  • Treat expired JWT as signed-out state for requests originated from non-browser clients on satellite apps (#1433) by @panteliselef

  • Make all 4 keys (legacy and new) optional in authenticateRequest params (#1437) by @anagstef

  • Increase the default value for clock skew in verifyJwt from 2 to 5 seconds (#1428) by @anagstef

0.23.6

Patch Changes

  • Updated dependencies [30f8ad18a]:
    • @clerk/types@3.46.1

0.23.5

Patch Changes

  • Updated dependencies [bfb3af28]:
    • @clerk/types@3.46.0

0.23.4

Patch Changes

  • Simplify the signature of the low-level authenticateRequest helper. (#1329) by @anagstef

    • One pair of legacy or new instance keys are required instead of all 4 of them in authenticateRequest
    • @clerk/backend now can handle the "Bearer " prefix in Authorization header for better DX
    • host parameter is now optional in @clerk/backend

  • Updated dependencies [11954816, 32148490]:

    • @clerk/types@3.45.0

0.23.3

Patch Changes

  • Updated dependencies [17cc14ec]:
    • @clerk/types@3.44.0

0.23.2

Patch Changes

0.23.1

Patch Changes

  • Allow clerkJSVersion to be passed when loading interstitial. Support for (#1354) by @panteliselef

    • Nextjs
    • Remix
    • Node

0.23.0

Minor Changes

  • Support audience parameter in authentication request (#1004) by @dimkl

    The audience parameter is used to verify the the aud claim in the request matches the value of the parameter or is included (when the user provides a list).

    Resolves:

Patch Changes

  • Updated dependencies [c42b4ac0]:
    • @clerk/types@3.42.0

0.22.0

Minor Changes

  • Add support for NextJS applications hosted on AWS Amplify by @nikosdouvlis

  • Address npm audit issues for the clerk backend package by @nikosdouvlis

  • Add support for NextJS applications hosted on Railway by @nikosdouvlis

Patch Changes

0.21.0 (2023-06-03)

Note: Version bump only for package @clerk/backend

0.20.1 (2023-05-26)

Note: Version bump only for package @clerk/backend

0.20.0 (2023-05-23)

Note: Version bump only for package @clerk/backend

0.19.2 (2023-05-18)

Note: Version bump only for package @clerk/backend

0.19.1 (2023-05-17)

Note: Version bump only for package @clerk/backend

0.19.0 (2023-05-15)

Note: Version bump only for package @clerk/backend

0.18.0 (2023-05-04)

Note: Version bump only for package @clerk/backend

0.18.0-staging.4 (2023-05-04)

Note: Version bump only for package @clerk/backend

0.18.0-staging.3 (2023-05-02)

Note: Version bump only for package @clerk/backend

0.17.2 (2023-04-19)

Note: Version bump only for package @clerk/backend

0.17.1 (2023-04-19)

Bug Fixes

  • backend: Add missing Webhooks export (db8d224)

0.17.0 (2023-04-12)

Note: Version bump only for package @clerk/backend

0.16.2 (2023-04-11)

Note: Version bump only for package @clerk/backend

0.16.1 (2023-04-06)

Note: Version bump only for package @clerk/backend

0.16.0 (2023-03-31)

Note: Version bump only for package @clerk/backend

0.16.0-staging.0 (2023-03-31)

Features

  • backend: Add signInUrl to buildPublicInterstitialUrl (2bbbaa6)
  • backend: Support multi-domain in dev instances (2b8eb75)

Bug Fixes

  • backend: Update interstitial to include signInUrl (d923618)

0.15.0 (2023-03-29)

Note: Version bump only for package @clerk/backend

0.13.1 (2023-03-10)

Note: Version bump only for package @clerk/backend

0.13.0 (2023-03-09)

Note: Version bump only for package @clerk/backend

0.12.0 (2023-03-07)

Note: Version bump only for package @clerk/backend

0.11.0 (2023-03-03)

Note: Version bump only for package @clerk/backend

0.10.0 (2023-03-01)

Note: Version bump only for package @clerk/backend

0.9.1 (2023-02-25)

Note: Version bump only for package @clerk/backend

0.9.0 (2023-02-24)

Note: Version bump only for package @clerk/backend

0.8.1-staging.4 (2023-02-22)

Bug Fixes

  • backend: Update user params (624402f)

0.8.0 (2023-02-17)

Note: Version bump only for package @clerk/backend

0.7.0 (2023-02-15)

Note: Version bump only for package @clerk/backend

0.6.2 (2023-02-10)

Note: Version bump only for package @clerk/backend

0.6.1 (2023-02-07)

Note: Version bump only for package @clerk/backend

0.6.1-staging.0 (2023-02-07)

Note: Version bump only for package @clerk/backend

0.6.0 (2023-02-07)

Note: Version bump only for package @clerk/backend

0.5.1 (2023-02-01)

Note: Version bump only for package @clerk/backend

0.5.0 (2023-01-27)

Note: Version bump only for package @clerk/backend

0.4.3 (2023-01-24)

Bug Fixes

  • backend,clerk-sdk-node,shared: Drop support for NodeJS 12 (d9169ab)

0.4.2 (2023-01-20)

Note: Version bump only for package @clerk/backend

0.4.1 (2023-01-18)

Note: Version bump only for package @clerk/backend

0.4.0 (2023-01-17)

Bug Fixes

  • backend,clerk-sdk-node,shared: Support node12 runtimes (fdcd6b3)
  • backend: Polyfill webcrypto for node14 and node12 (329bd6d)

0.3.2 (2022-12-23)

Note: Version bump only for package @clerk/backend

0.3.1 (2022-12-19)

Note: Version bump only for package @clerk/backend

0.3.0 (2022-12-13)

Note: Version bump only for package @clerk/backend

0.2.3 (2022-12-12)

Note: Version bump only for package @clerk/backend

0.2.2 (2022-12-09)

Note: Version bump only for package @clerk/backend

0.2.1 (2022-12-08)

Note: Version bump only for package @clerk/backend

0.2.0 (2022-12-08)

Note: Version bump only for package @clerk/backend

0.1.1 (2022-12-02)

Note: Version bump only for package @clerk/backend

0.1.0 (2022-11-30)

Note: Version bump only for package @clerk/backend

0.1.0-staging.4 (2022-11-29)

Note: Version bump only for package @clerk/backend