clerk · nikosdouvlis · Dec 15, 2023 · Dec 15, 2023 · Dec 15, 2023 · Dec 15, 2023
diff --git a/.changeset/itchy-chairs-call.md b/.changeset/itchy-chairs-call.md
@@ -0,0 +1,16 @@
+---
+'@clerk/remix': major
+---
+
+Update `@clerk/remix`'s `rootAuthLoader` and `getAuth` helpers to handle handshake auth status, this replaces the previous interstitial flow. As a result of this, the `ClerkErrorBoundary` is no longer necessary and has been removed.
+
+To migrate, remove usage of `ClerkErrorBoundary`:
+
+```diff
+- import { ClerkApp, ClerkErrorBoundary } from "@clerk/remix";
++ import { ClerkApp } from "@clerk/remix";
+
+...
+
+- export const ErrorBoundary = ClerkErrorBoundary();
+```
diff --git a/packages/backend/src/internal.ts b/packages/backend/src/internal.ts
@@ -25,4 +25,4 @@ export {
 export { createIsomorphicRequest } from './util/IsomorphicRequest';
 
 export { AuthStatus } from './tokens/authStatus';
-export type { RequestState } from './tokens/authStatus';
+export type { RequestState, SignedInState, SignedOutState } from './tokens/authStatus';
diff --git a/packages/nextjs/src/server/authMiddleware.ts b/packages/nextjs/src/server/authMiddleware.ts
@@ -208,7 +208,7 @@ const authMiddleware: AuthMiddleware = (...args: unknown[]) => {
     }
 
     if (requestState.status === AuthStatus.Handshake) {
-      throw new Error('Unexpected handshake without redirect');
+      throw new Error('Clerk: unexpected handshake without redirect');
     }
 
     const auth = Object.assign(requestState.toAuth(), {

diff --git a/packages/remix/src/ssr/authenticateRequest.ts b/packages/remix/src/ssr/authenticateRequest.ts
@@ -1,6 +1,6 @@
 import { createClerkClient } from '@clerk/backend';
-import type { RequestState } from '@clerk/backend/internal';
-import { buildRequestUrl } from '@clerk/backend/internal';
+import type { SignedInState, SignedOutState } from '@clerk/backend/internal';
+import { AuthStatus, buildRequestUrl } from '@clerk/backend/internal';
 import { apiUrlFromPublishableKey } from '@clerk/shared/apiUrlFromPublishableKey';
 import { handleValueOrFn } from '@clerk/shared/handleValueOrFn';
 import { isDevelopmentFromSecretKey } from '@clerk/shared/keys';
@@ -11,7 +11,10 @@ import { noSecretKeyError, satelliteAndMissingProxyUrlAndDomain, satelliteAndMis
 import { getEnvVariable } from '../utils';
 import type { LoaderFunctionArgs, RootAuthLoaderOptions } from './types';
 
-export function authenticateRequest(args: LoaderFunctionArgs, opts: RootAuthLoaderOptions = {}): Promise<RequestState> {
+export async function authenticateRequest(
+  args: LoaderFunctionArgs,
+  opts: RootAuthLoaderOptions = {},
+): Promise<SignedInState | SignedOutState> {
   const { request, context } = args;
   const { loadSession, loadUser, loadOrganization } = opts;
   const { audience, authorizedParties } = opts;
@@ -71,7 +74,14 @@ export function authenticateRequest(args: LoaderFunctionArgs, opts: RootAuthLoad
     throw new Error(satelliteAndMissingSignInUrl);
   }
 
-  return createClerkClient({ apiUrl, secretKey, jwtKey, proxyUrl, isSatellite, domain }).authenticateRequest(request, {
+  const requestState = await createClerkClient({
+    apiUrl,
+    secretKey,
+    jwtKey,
+    proxyUrl,
+    isSatellite,
+    domain,
+  }).authenticateRequest(request, {
     audience,
     secretKey,
     jwtKey,
@@ -88,4 +98,16 @@ export function authenticateRequest(args: LoaderFunctionArgs, opts: RootAuthLoad
     afterSignInUrl,
     afterSignUpUrl,
   });
+
+  const hasLocationHeader = requestState.headers.get('location');
+  if (hasLocationHeader) {
+    // triggering a handshake redirect
+    throw new Response(null, { status: 307, headers: requestState.headers });
+  }
+
+  if (requestState.status === AuthStatus.Handshake) {
+    throw new Error('Clerk: unexpected handshake without redirect');
+  }
+
+  return requestState;
 }
diff --git a/packages/remix/src/ssr/getAuth.ts b/packages/remix/src/ssr/getAuth.ts
@@ -1,5 +1,4 @@
-import { AuthStatus, sanitizeAuthObject } from '@clerk/backend/internal';
-import { redirect } from '@remix-run/server-runtime';
+import { sanitizeAuthObject } from '@clerk/backend/internal';
 
 import { noLoaderArgsPassedInGetAuth } from '../errors';
 import { authenticateRequest } from './authenticateRequest';
@@ -13,11 +12,5 @@ export async function getAuth(args: LoaderFunctionArgs, opts?: GetAuthOptions):
   }
   const requestState = await authenticateRequest(args, opts);
 
-  // TODO handle handshake
-  // this halts the execution of all nested loaders using getAuth
-  if (requestState.status === AuthStatus.Handshake) {
-    throw redirect('');
-  }
-
   return sanitizeAuthObject(requestState.toAuth());
 }
diff --git a/packages/remix/src/ssr/rootAuthLoader.ts b/packages/remix/src/ssr/rootAuthLoader.ts
@@ -1,6 +1,5 @@
-import { AuthStatus, sanitizeAuthObject } from '@clerk/backend/internal';
+import { sanitizeAuthObject } from '@clerk/backend/internal';
 import type { defer } from '@remix-run/server-runtime';
-import { redirect } from '@remix-run/server-runtime';
 import { isDeferredData } from '@remix-run/server-runtime/dist/responses';
 
 import { invalidRootLoaderCallbackReturn } from '../errors';
@@ -50,11 +49,6 @@ export const rootAuthLoader: RootAuthLoader = async (
 
   const requestState = await authenticateRequest(args, opts);
 
-  // TODO handle handshake
-  if (requestState.status === AuthStatus.Handshake) {
-    throw redirect('');
-  }
-
   if (!handler) {
     // if the user did not provide a handler, simply inject requestState into an empty response
     return injectRequestStateIntoResponse(new Response(JSON.stringify({})), requestState, args.context);