Official Javascript repository for Clerk authentication
MIT License
Published by clerk-cookie 10 months ago
Remove hashing and third-party cookie functionality related to development instance session syncing in favor of URL-based session syncing with query parameters. (#2367) by @tmilewski
buildUrlWithAuth
no longer accepts an options
argument. (#2367) by @tmilewski
Remove legacy roles fallback (#2385) by @panteliselef
After the release of Custom Roles, roles should always be dynamically fetched.
Updated dependencies [5f58a2274
, a9fe242be
, 5f58a2274
, a9fe242be
]:
Published by clerk-cookie 10 months ago
Changes in exports of @clerk/backend
: (#2363) by @dimkl
@clerk/backend/internal
:
import {
AuthStatus,
buildRequestUrl,
constants,
createAuthenticateRequest,
createIsomorphicRequest,
debugRequestState,
makeAuthObjectSerializable,
prunePrivateMetadata,
redirect,
sanitizeAuthObject,
signedInAuthObject,
signedOutAuthObject,
} from '@clerk/backend/internal';
// Before
import { AuthStatus, ... } from '@clerk/backend';
// After
import { AuthStatus, ... } from '@clerk/backend/internal';
Dropping those exports results in also dropping the exports from gatsby-plugin-clerk
, @clerk/clerk-sdk-node
, @clerk/backend
, @clerk/fastify
, @clerk/nextjs
, @clerk/remix
packages.Changes in exports of @clerk/backend
: (#2365) by @dimkl
// Before
import {
AllowlistIdentifier,
Client,
DeletedObject,
Email,
EmailAddress,
ExternalAccount,
IdentificationLink,
Invitation,
OauthAccessToken,
ObjectType,
Organization,
OrganizationInvitation,
OrganizationMembership,
OrganizationMembershipPublicUserData,
PhoneNumber,
RedirectUrl,
SMSMessage,
Session,
SignInToken,
Token,
User,
Verification,
} from '@clerk/backend';
// After : no alternative since there is no need to use those classes
Dropping those exports results in also dropping the exports from gatsby-plugin-clerk
, @clerk/clerk-sdk-node
, @clerk/backend
, @clerk/fastify
, @clerk/nextjs
, @clerk/remix
packages.import type { Organization, Session, User, WebhookEvent, WebhookEventType } from '@clerk/backend';
a9fe242be
, 5f58a2274
, 1e98187b4
, d08ec6d8f
, a9fe242be
, 5f58a2274
, a9fe242be
, 0ec3a146c
, 1ad910eb9
, f58a9949b
, 9b02c1aae
]:
Published by clerk-cookie 10 months ago
Change return value of verifyToken()
from @clerk/backend
to { data, error}
. (#2377) by @dimkl
To replicate the current behaviour use this:
import { verifyToken } from '@clerk/backend'
const { data, error } = await verifyToken(...);
if(error){
throw error;
}
Change return values of signJwt
, hasValidSignature
, decodeJwt
, verifyJwt
(#2377) by @dimkl
to return { data, error }
. Example of keeping the same behavior using those utilities:
import { signJwt, hasValidSignature, decodeJwt, verifyJwt } from '@clerk/backend/jwt';
const { data, error } = await signJwt(...)
if (error) throw error;
const { data, error } = await hasValidSignature(...)
if (error) throw error;
const { data, error } = decodeJwt(...)
if (error) throw error;
const { data, error } = await verifyJwt(...)
if (error) throw error;
Changes in exports of @clerk/backend
: (#2363) by @dimkl
@clerk/backend/internal
:
import {
AuthStatus,
buildRequestUrl,
constants,
createAuthenticateRequest,
createIsomorphicRequest,
debugRequestState,
makeAuthObjectSerializable,
prunePrivateMetadata,
redirect,
sanitizeAuthObject,
signedInAuthObject,
signedOutAuthObject,
} from '@clerk/backend/internal';
// Before
import { AuthStatus, ... } from '@clerk/backend';
// After
import { AuthStatus, ... } from '@clerk/backend/internal';
Dropping those exports results in also dropping the exports from gatsby-plugin-clerk
, @clerk/clerk-sdk-node
, @clerk/backend
, @clerk/fastify
, @clerk/nextjs
, @clerk/remix
packages.Changes in exports of @clerk/backend
: (#2365) by @dimkl
// Before
import {
AllowlistIdentifier,
Client,
DeletedObject,
Email,
EmailAddress,
ExternalAccount,
IdentificationLink,
Invitation,
OauthAccessToken,
ObjectType,
Organization,
OrganizationInvitation,
OrganizationMembership,
OrganizationMembershipPublicUserData,
PhoneNumber,
RedirectUrl,
SMSMessage,
Session,
SignInToken,
Token,
User,
Verification,
} from '@clerk/backend';
// After : no alternative since there is no need to use those classes
Dropping those exports results in also dropping the exports from gatsby-plugin-clerk
, @clerk/clerk-sdk-node
, @clerk/backend
, @clerk/fastify
, @clerk/nextjs
, @clerk/remix
packages.import type { Organization, Session, User, WebhookEvent, WebhookEventType } from '@clerk/backend';
Changes in exports of @clerk/backend
: (#2364) by @dimkl
@clerk/backend/jwt
:
import { decodeJwt, hasValidSignature, signJwt, verifyJwt } from '@clerk/backend/jwt';
// Before
import { decodeJwt, ... } from '@clerk/backend';
// After
import { decodeJwt, ... } from '@clerk/backend/jwt';
Dropping those exports results in also dropping the exports from gatsby-plugin-clerk
, @clerk/clerk-sdk-node
, @clerk/backend
, @clerk/fastify
, @clerk/nextjs
, @clerk/remix
packages.Changes in @clerk/backend
exports: (#2362) by @dimkl
deserialize
helper/errors
subpath export, eg:
import {
TokenVerificationError,
TokenVerificationErrorAction,
TokenVerificationErrorCode,
TokenVerificationErrorReason,
} from '@clerk/backend/errors';
// Before
import { TokenVerificationError, TokenVerificationErrorReason } from '@clerk/backend';
// After
import { TokenVerificationError, TokenVerificationErrorReason } from '@clerk/backend/errors';
@clerk/backend
for Node by using .mjs for #crypto subpath import (#2360) by @dimkl
Update the handshake flow to only trigger for document requests. (#2352) by @BRKalow
Updated dependencies [5f58a2274
]:
Published by clerk-cookie 10 months ago
2a67f729d
, e7414cb3f
, 5f58a2274
, 5f58a2274
]:
Published by clerk-cookie 11 months ago
Align return types for redirectTo* methods in ClerkJS SDK-1037 by @tmilewski
Breaking Changes:
redirectToUserProfile
now returns Promise<unknown>
instead of void
redirectToOrganizationProfile
now returns Promise<unknown>
instead of void
redirectToCreateOrganization
now returns Promise<unknown>
instead of void
redirectToHome
now returns Promise<unknown>
instead of void
Introduce Protect for authorization. (#2170) by @panteliselef
Changes in public APIs:
experimental
tags and prefixessome
from the has
utility and Protect. Protect now accepts a condition
prop where a function is expected with the has
being exposed as the param.<SignedIn>
, if no authorization props are passed.has
will throw an error if neither permission
or role
is passed.auth().protect()
for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.
not-found
component set by the developerAdjust ZxcvbnResult
interface to use current feedback.warning
type as used in the upstream @zxcvbn-ts/core
library. (#2326) by @LekoArts
Drop redirectToHome
redirect method in favour of redirectToAfterSignUp
or redirectToAfterSignIn
. (#2251) by @octoper
When the <SignIn/>
and <SignUp/>
components are rendered while a user is already logged in, they will now redirect to the configured afterSignIn
and afterSignUp
URLs, respectively. Previously, the redirect URL was set to the home URL configured in the dashboard.
Published by clerk-cookie 11 months ago
e602d6c1f
]:
Published by clerk-cookie 11 months ago
e602d6c1f
]:
Published by clerk-cookie 11 months ago
Add react-dom
to peerDependenciesMeta
key inside package.json
(#2322) by @LekoArts
Add useAssertWrappedByClerkProvider
to internal code. If you use hooks like useAuth
outside of the <ClerkProvider />
context an error will be thrown. For example: (#2299) by @tmilewski
@clerk/clerk-react: useAuth can only be used within the <ClerkProvider /> component
Published by clerk-cookie 11 months ago
Introduce @clerk/clerk-react/errors
and @clerk/clerk-react/internal
subpath exports to expose some internal utilities. Eg (#2328) by @dimkl
// Before
import { __internal__setErrorThrowerOptions } from '@clerk/clerk-react';
// After
import { setErrorThrowerOptions } from '@clerk/clerk-react/internal';
// Before
import { isClerkAPIResponseError, isEmailLinkError, isKnownError, isMetamaskError } from '@clerk/clerk-react';
// After
import {
isClerkAPIResponseError,
isEmailLinkError,
isKnownError,
isMetamaskError,
} from '@clerk/clerk-react/errors';
// Before
import { MultisessionAppSupport } from '@clerk/clerk-react';
// After
import { MultisessionAppSupport } from '@clerk/clerk-react/internal';
Drop from the @clerk/clerk-react
and all other clerk-react wrapper packages:
__internal__setErrorThrowerOptions
internal utility (moved to /internal subpath)WithClerkProp
typeMultisessionAppSupport
component (moved to /internal subpath)EmailLinkErrorCode
enumDrop StructureContext
and related errors to reduce to reduce code complexity since it seems that it was not being used.
Drop withUser
, WithUser
, withClerk
HOFs and WithClerk
, withSession
, WithSession
HOCs from the @clerk/clerk-react
to reduce the export surface since it's trivial to implement if needed.
Drop redirectToHome
redirect method in favour of redirectToAfterSignUp
or redirectToAfterSignIn
. (#2251) by @octoper
When the <SignIn/>
and <SignUp/>
components are rendered while a user is already logged in, they will now redirect to the configured afterSignIn
and afterSignUp
URLs, respectively. Previously, the redirect URL was set to the home URL configured in the dashboard.
Align return types for redirectTo* methods in ClerkJS SDK-1037 by @tmilewski
Breaking Changes:
redirectToUserProfile
now returns Promise<unknown>
instead of void
redirectToOrganizationProfile
now returns Promise<unknown>
instead of void
redirectToCreateOrganization
now returns Promise<unknown>
instead of void
redirectToHome
now returns Promise<unknown>
instead of void
Introduce Protect for authorization. (#2170) by @panteliselef
Changes in public APIs:
experimental
tags and prefixessome
from the has
utility and Protect. Protect now accepts a condition
prop where a function is expected with the has
being exposed as the param.<SignedIn>
, if no authorization props are passed.has
will throw an error if neither permission
or role
is passed.auth().protect()
for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.
not-found
component set by the developerAdd useAssertWrappedByClerkProvider
to internal code. If you use hooks like useAuth
outside of the <ClerkProvider />
context an error will be thrown. For example: (#2299) by @tmilewski
@clerk/clerk-react: useAuth can only be used within the <ClerkProvider /> component
Updated dependencies [896cb6104
, 69ce3e185
, ab4eb56a5
, 46040a2f3
, 75ea300bc
, 844847e0b
]:
Published by clerk-cookie 11 months ago
Drop support for NextJS v12: v12 was released on 26 Oct 2021. Support for security updates stopped on 21 Nov 2022. (#2347) by @nikosdouvlis
Drop support for NextJS <13.0.4: Various header-related bugs were introduced with the 12.1.0, 12.2.0, 13.0.1, 13.0.2, 13.0.3 NextJS releases which are now fixed since next@^13.0.4. We will be dropping support for these problematic versions in order to greatly reduce complexity in our codebase.
Drop support for NextJS < 14.0.3 because of the issues described here: https://github.com/clerk/javascript/issues/1436.
Deprecate authMiddleware
in favor of clerkMiddleware
. For more information, see https://clerk.com/docs/upgrade-guides/v5-introduction
Move the server-side APIs from @clerk/nextjs
to the @clerk/nextjs/server
module: WebhookEventType
, WebhookEvent
, verifyToken
, redirectToSignIn
, auth
, buildClerkProps
, clerkClient
, currentUser
, getAuth
, redirectToSignUp
and authMiddleware
. For more information, see https://clerk.com/docs/upgrade-guides/v5-introduction
e602d6c1f
]:
Published by clerk-cookie 11 months ago
Drop redirectToHome
redirect method in favour of redirectToAfterSignUp
or redirectToAfterSignIn
. (#2251) by @octoper
When the <SignIn/>
and <SignUp/>
components are rendered while a user is already logged in, they will now redirect to the configured afterSignIn
and afterSignUp
URLs, respectively. Previously, the redirect URL was set to the home URL configured in the dashboard.
Introduce Protect for authorization. (#2170) by @panteliselef
Changes in public APIs:
experimental
tags and prefixessome
from the has
utility and Protect. Protect now accepts a condition
prop where a function is expected with the has
being exposed as the param.<SignedIn>
, if no authorization props are passed.has
will throw an error if neither permission
or role
is passed.auth().protect()
for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.
not-found
component set by the developerUpdate @zxcvbn-ts/core
from 2.2.1
to 3.0.4
. Update @zxcvbn-ts/language-common
from 3.0.2
to 3.0.4
. (#2326) by @LekoArts
Add useAssertWrappedByClerkProvider
to internal code. If you use hooks like useAuth
outside of the <ClerkProvider />
context an error will be thrown. For example: (#2299) by @tmilewski
@clerk/clerk-react: useAuth can only be used within the <ClerkProvider /> component
Updated dependencies [896cb6104
, 69ce3e185
, ab4eb56a5
, 46040a2f3
, 75ea300bc
, 370b17b12
, 844847e0b
]:
Published by clerk-cookie 11 months ago
Published by clerk-cookie 11 months ago
e602d6c1f
]:
Published by clerk-cookie 11 months ago
Introduce @clerk/clerk-react/errors
and @clerk/clerk-react/internal
subpath exports to expose some internal utilities. Eg (#2328) by @dimkl
// Before
import { __internal__setErrorThrowerOptions } from '@clerk/clerk-react';
// After
import { setErrorThrowerOptions } from '@clerk/clerk-react/internal';
// Before
import { isClerkAPIResponseError, isEmailLinkError, isKnownError, isMetamaskError } from '@clerk/clerk-react';
// After
import {
isClerkAPIResponseError,
isEmailLinkError,
isKnownError,
isMetamaskError,
} from '@clerk/clerk-react/errors';
// Before
import { MultisessionAppSupport } from '@clerk/clerk-react';
// After
import { MultisessionAppSupport } from '@clerk/clerk-react/internal';
Drop from the @clerk/clerk-react
and all other clerk-react wrapper packages:
__internal__setErrorThrowerOptions
internal utility (moved to /internal subpath)WithClerkProp
typeMultisessionAppSupport
component (moved to /internal subpath)EmailLinkErrorCode
enumDrop StructureContext
and related errors to reduce to reduce code complexity since it seems that it was not being used.
Drop withUser
, WithUser
, withClerk
HOFs and WithClerk
, withSession
, WithSession
HOCs from the @clerk/clerk-react
to reduce the export surface since it's trivial to implement if needed.
69ce3e185
, 896cb6104
, 8aea39cd6
, ab4eb56a5
, 46040a2f3
, 75ea300bc
, 844847e0b
]:
Published by clerk-cookie 11 months ago
e602d6c1f
]:
Published by clerk-cookie 11 months ago
Introduce @clerk/clerk-react/errors
and @clerk/clerk-react/internal
subpath exports to expose some internal utilities. Eg (#2328) by @dimkl
// Before
import { __internal__setErrorThrowerOptions } from '@clerk/clerk-react';
// After
import { setErrorThrowerOptions } from '@clerk/clerk-react/internal';
// Before
import { isClerkAPIResponseError, isEmailLinkError, isKnownError, isMetamaskError } from '@clerk/clerk-react';
// After
import {
isClerkAPIResponseError,
isEmailLinkError,
isKnownError,
isMetamaskError,
} from '@clerk/clerk-react/errors';
// Before
import { MultisessionAppSupport } from '@clerk/clerk-react';
// After
import { MultisessionAppSupport } from '@clerk/clerk-react/internal';
Drop from the @clerk/clerk-react
and all other clerk-react wrapper packages:
__internal__setErrorThrowerOptions
internal utility (moved to /internal subpath)WithClerkProp
typeMultisessionAppSupport
component (moved to /internal subpath)EmailLinkErrorCode
enumDrop StructureContext
and related errors to reduce to reduce code complexity since it seems that it was not being used.
Drop withUser
, WithUser
, withClerk
HOFs and WithClerk
, withSession
, WithSession
HOCs from the @clerk/clerk-react
to reduce the export surface since it's trivial to implement if needed.
Expand the ability for @clerk/chrome-extension
WebSSO to sync with host applications which use URL-based session syncing. (#2277) by @tmilewski
WebSSO Host Permissions:
Local Development: You must have your explicit development domain added to your manifest.json
file in order to use the WebSSO flow.
Example:
{
"host_permissions": [
// ...
"http://localhost"
// ...
]
}
Production: You must have your explicit Clerk Frontend API domain added to your manifest.json
file in order to use the WebSSO flow.
Example:
{
"host_permissions": [
// ...
"https://clerk.example.com"
// ...
]
}
WebSSO Provider settings:
<ClerkProvider
publishableKey={publishableKey}
routerPush={to => navigate(to)}
routerReplace={to => navigate(to, { replace: true })}
syncSessionWithTab
// tokenCache is now storageCache (See below)
storageCache={/* ... */}
>
WebSSO Storage Cache Interface:
With the prop change from tokenCache
to storageCache
, the interface has been expanded to allow for more flexibility.
The new interface is as follows:
type StorageCache = {
createKey: (...keys: string[]) => string;
get: <T = any>(key: string) => Promise<T>;
remove: (key: string) => Promise<void>;
set: (key: string, value: string) => Promise<void>;
};
Introduce Protect for authorization. (#2170) by @panteliselef
Changes in public APIs:
experimental
tags and prefixessome
from the has
utility and Protect. Protect now accepts a condition
prop where a function is expected with the has
being exposed as the param.<SignedIn>
, if no authorization props are passed.has
will throw an error if neither permission
or role
is passed.auth().protect()
for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.
not-found
component set by the developer69ce3e185
, 896cb6104
, 8aea39cd6
, ab4eb56a5
, 46040a2f3
, 75ea300bc
, 844847e0b
]:
Published by clerk-cookie 11 months ago
Published by clerk-cookie 11 months ago
Published by clerk-cookie 11 months ago
Introduce Protect for authorization. (#2309) by @panteliselef
Changes in public APIs:
experimental
tags and prefixessome
from the has
utility and Protect. Protect now accepts a condition
prop where a function is expected with the has
being exposed as the param.<SignedIn>
, if no authorization props are passed.has
will throw an error if neither permission
or role
is passed.auth().protect()
for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.
not-found
component set by the developerZxcvbnResult
interface to use current feedback.warning
type as used in the upstream @zxcvbn-ts/core
library. (#2332) by @clerk-cookie
Published by clerk-cookie 11 months ago
b4868ab8f
, 2dc93d4d8
]: