fix(chrome-extension): Enable support for Metamask & OKX; Mark unsupported components

[tmilewski]

Description

Explicitly mark GoogleOneTap UI components as deprecated and unsupported (due to the requirement of Remotely Hosted Code) to help avoid confusion.

While they, technically, never worked. I plan on removing them in a future major rather than outright changing the public interface.

Enable support for Metamask and OKX while still splitting out Coinbase remotely hosted code.

USER-2235

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• New Features
  • Deprecated the GoogleOneTap and SignInWithMetamaskButton UI components, marking them as unsupported due to security restrictions in browser extensions.
  • Re-exported multiple UI components including ClerkProvider and GoogleOneTap for improved clarity.
  • Enabled Metamask and OKXWallet Web3 support for non-popup browser extensions.
• Bug Fixes
  • Removed environment-based restrictions and warnings from Web3 authentication methods to ensure consistent behavior.
  • Added a warning and disabled Coinbase Wallet provider in unsupported environments to prevent errors.
• Documentation
  • Updated documentation to clarify the unsupported status of these components and provide references to relevant security guidelines.

[changeset-bot]

🦋 Changeset detected

Latest commit: 361463f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@clerk/chrome-extension	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
clerk-js-sandbox	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 23, 2025 2:47pm

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

"""

Walkthrough

The changes explicitly mark the GoogleOneTap and SignInWithMetamaskButton UI components as deprecated and unsupported in the Chrome extension package by implementing GoogleOneTap as a React component returning null with a deprecation comment citing Chrome security restrictions. Export statements in relevant index files are updated to include GoogleOneTap. A changeset documents these deprecations. Additionally, conditional environment checks and warnings related to the __BUILD_DISABLE_RHC__ flag are removed from Web3 authentication methods across core packages (clerk.ts, SignIn.ts, SignUp.ts), allowing these methods to proceed unconditionally. A warning is added in the getEthereumProvider function to block Coinbase Wallet usage when disabled by the flag. Metamask and OKXWallet Web3 support is enabled for non-popup extensions.

Assessment against linked issues

Objective	Addressed	Explanation
Explicitly mark unsupported components (GoogleOneTap) in Browser Extensions as deprecated and non-functional (USER-2235)	✅

Assessment against linked issues: Out-of-scope changes

Code Change	Explanation
Removal of __BUILD_DISABLE_RHC__ flag checks and warnings in Web3 authentication methods (packages/clerk-js/src/core/clerk.ts, SignIn.ts, SignUp.ts)	These changes relate to internal Web3 authentication logic and do not pertain to explicitly marking unsupported components in browser extensions.
Addition of warning and early return for Coinbase Wallet in getEthereumProvider function (packages/clerk-js/src/utils/web3.ts)	This change concerns runtime environment checks for wallet providers and is unrelated to marking UI components as unsupported in browser extensions.
"""

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d69bcfc and 361463f.

📒 Files selected for processing (1)

• .changeset/twelve-ducks-refuse.md (1 hunks)

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/chrome-extension/src/react/NotSupported.tsx (1)

1-18: Optional: Emit runtime deprecation warnings.
Consider adding a console.warn (or setting Component.displayName) in each component to notify developers why it renders nothing, improving developer experience.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0f903ba and 5568490.

📒 Files selected for processing (4)

• .changeset/twelve-ducks-refuse.md (1 hunks)
• packages/chrome-extension/src/index.ts (1 hunks)
• packages/chrome-extension/src/react/NotSupported.tsx (1 hunks)
• packages/chrome-extension/src/react/index.ts (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: Build Packages
• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep/ci

🔇 Additional comments (4)

.changeset/twelve-ducks-refuse.md (1)

1-6: Changeset correctly documents deprecation and bumps minor version.
The front matter and description clearly communicate that these components are deprecated in the Chrome extension package.

packages/chrome-extension/src/react/index.ts (1)

1-3: Re-export of unsupported components is correct.
You’ve properly added GoogleOneTap, PricingTable, and SignInWithMetamaskButton to the exported API, pointing them to the NotSupported module.

packages/chrome-extension/src/index.ts (1)

5-7: Root index export updated for override as intended.
The explicit export of these components alongside ClerkProvider ensures they shadow the originals from @clerk/clerk-react.

packages/chrome-extension/src/react/NotSupported.tsx (1)

1-18: No-op component implementations are correct.
Each component returns null and includes clear deprecation tags and a reference link.

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@6179

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@6179

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@6179

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@6179

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@6179

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@6179

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@6179

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@6179

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@6179

@clerk/express

npm i https://pkg.pr.new/@clerk/express@6179

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@6179

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@6179

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@6179

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@6179

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@6179

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@6179

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@6179

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@6179

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@6179

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@6179

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@6179

@clerk/types

npm i https://pkg.pr.new/@clerk/types@6179

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@6179

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@6179

commit: 361463f

[panteliselef]

I believe we can get around this if needed ! It is caused by a single utility functions that loads the coinbase wallet sdk, which is unrelated to metamask.

[tmilewski]

Originally, we were targeting pop-ups. Of which, none of the Web3 options worked. Now that we support other variants like side panels, this isn't the case anymore. I've updated to PR to reflect that.

[panteliselef]

Let's not include this, as it will be handled in COM-954. We are probably looking at a more fine grain solution here. Also we are missing the UserProfile and OrgProfile billing pages which are also accessing remotely host code, so let's defer all this work to ticket mentioned above.

[tmilewski]

That would be great, and I've removed this from the PR. We just need to make sure we hit this as PR is a direct result of people getting caught up by the RHC requirement.

[panteliselef]

@tmilewski Is it better to simply control what's exported here instead of breaking without realising it ?

[tmilewski]

Yes, though the plan was to deprecate, then remove in a major.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/clerk-js/src/utils/web3.ts (1)

78-96: Consider adding explicit return type annotation.

The getEthereumProvider function lacks an explicit return type annotation. While TypeScript can infer the type, the coding guidelines emphasize explicit return types for functions, especially for maintainability.

-async function getEthereumProvider(provider: Web3Provider) {
+async function getEthereumProvider(provider: Web3Provider): Promise<any | null> {

Note: You may want to define a more specific type than any for the Ethereum provider interface if one doesn't already exist in the codebase.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1ef53b7 and d69bcfc.

📒 Files selected for processing (7)

• packages/chrome-extension/src/index.ts (1 hunks)
• packages/chrome-extension/src/react/NotSupported.tsx (1 hunks)
• packages/chrome-extension/src/react/index.ts (1 hunks)
• packages/clerk-js/src/core/clerk.ts (0 hunks)
• packages/clerk-js/src/core/resources/SignIn.ts (0 hunks)
• packages/clerk-js/src/core/resources/SignUp.ts (0 hunks)
• packages/clerk-js/src/utils/web3.ts (2 hunks)

💤 Files with no reviewable changes (3)

• packages/clerk-js/src/core/resources/SignIn.ts
• packages/clerk-js/src/core/resources/SignUp.ts
• packages/clerk-js/src/core/clerk.ts

🚧 Files skipped from review as they are similar to previous changes (3)

• packages/chrome-extension/src/react/index.ts
• packages/chrome-extension/src/react/NotSupported.tsx
• packages/chrome-extension/src/index.ts

🧰 Additional context used

📓 Path-based instructions (4)

`**/*.{js,ts,tsx,jsx}`: All code must pass ESLint checks with the project's configuration. Use Prettier for consistent code formatting.

**/*.{js,ts,tsx,jsx}: All code must pass ESLint checks with the project's configuration.
Use Prettier for consistent code formatting.

• packages/clerk-js/src/utils/web3.ts

`**/*.{ts,tsx}`: Maintain comprehensive JSDoc comments for public APIs.

**/*.{ts,tsx}: Maintain comprehensive JSDoc comments for public APIs.

• packages/clerk-js/src/utils/web3.ts

`packages/**`: All publishable packages under the @clerk namespace must be located in the packages/ directory.

packages/**: All publishable packages under the @clerk namespace must be located in the packages/ directory.

• packages/clerk-js/src/utils/web3.ts

`**/*.ts`: Always define explicit return types for functions, especially public APIs. Use proper type annotations for variables and parameters where inference isn't clear. Avoid `a...

**/*.ts: Always define explicit return types for functions, especially public APIs.
Use proper type annotations for variables and parameters where inference isn't clear.
Avoid any type; prefer unknown when type is uncertain, then narrow with type guards.
Use interface for object shapes that might be extended; use type for unions, primitives, and computed types.
Prefer readonly properties for immutable data structures.
Use private for internal implementation details, protected for inheritance, and public explicitly for clarity in public APIs.
Prefer composition and interfaces over deep inheritance chains; use mixins for shared behavior.
Use ES6 imports/exports consistently; avoid barrel files (index.ts re-exports) to prevent circular dependencies.
Use type-only imports (import type { ... }) where possible.
Use as const for literal types and the satisfies operator for type checking without widening.
Enable --incremental and --tsBuildInfoFile for faster builds.
Use ESLint with @typescript-eslint/recommended rules and Prettier for formatting.
Use lint-staged and Husky for pre-commit checks.
Use type-coverage to measure type safety.

• packages/clerk-js/src/utils/web3.ts

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Build Packages
• GitHub Check: semgrep/ci
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (2)

packages/clerk-js/src/utils/web3.ts (2)

3-3: LGTM: Import addition supports the new conditional logic.

The import of clerkUnsupportedEnvironmentWarning is correctly added to support the new warning functionality for unsupported environments.

---

80-84: LGTM: Proper handling of RHC restrictions for Coinbase Wallet.

The conditional check correctly prevents Coinbase Wallet SDK instantiation when __BUILD_DISABLE_RHC__ is true, which aligns with Chrome extension security restrictions. The warning message and null return provide appropriate graceful degradation that upstream functions handle correctly.