javascript | Next Ecosystem Directory

javascript - @clerk/[email protected]

Published by clerk-cookie 10 months ago

Major Changes

Remove hashing and third-party cookie functionality related to development instance session syncing in favor of URL-based session syncing with query parameters. (#2367) by @tmilewski
- buildUrlWithAuth no longer accepts an options argument. (#2367) by @tmilewski

Patch Changes

Remove legacy roles fallback (#2385) by @panteliselef

After the release of Custom Roles, roles should always be dynamically fetched.
Updated dependencies [5f58a2274, a9fe242be, 5f58a2274, a9fe242be]:
- @clerk/[email protected]
- @clerk/[email protected]

javascript - @clerk/[email protected]

Published by clerk-cookie 10 months ago

Major Changes

Changes in exports of @clerk/backend: (#2363) by @dimkl

Expose the following helpers and enums from @clerk/backend/internal:

import {
  AuthStatus,
  buildRequestUrl,
  constants,
  createAuthenticateRequest,
  createIsomorphicRequest,
  debugRequestState,
  makeAuthObjectSerializable,
  prunePrivateMetadata,
  redirect,
  sanitizeAuthObject,
  signedInAuthObject,
  signedOutAuthObject,
} from '@clerk/backend/internal';

Drop the above exports from the top-level api:
```
// Before
import { AuthStatus, ... } from '@clerk/backend';
// After
import { AuthStatus, ... } from '@clerk/backend/internal';
```
Dropping those exports results in also dropping the exports from gatsby-plugin-clerk, @clerk/clerk-sdk-node, @clerk/backend, @clerk/fastify, @clerk/nextjs, @clerk/remix packages.

Changes in exports of @clerk/backend: (#2365) by @dimkl

Drop the following internal exports from the top-level api:

// Before
import {
  AllowlistIdentifier,
  Client,
  DeletedObject,
  Email,
  EmailAddress,
  ExternalAccount,
  IdentificationLink,
  Invitation,
  OauthAccessToken,
  ObjectType,
  Organization,
  OrganizationInvitation,
  OrganizationMembership,
  OrganizationMembershipPublicUserData,
  PhoneNumber,
  RedirectUrl,
  SMSMessage,
  Session,
  SignInToken,
  Token,
  User,
  Verification,
} from '@clerk/backend';
// After : no alternative since there is no need to use those classes

Dropping those exports results in also dropping the exports from gatsby-plugin-clerk, @clerk/clerk-sdk-node, @clerk/backend, @clerk/fastify, @clerk/nextjs, @clerk/remix packages.

Keep those 3 resource related type exports

import type { Organization, Session, User, WebhookEvent, WebhookEventType } from '@clerk/backend';

Patch Changes

Updated dependencies [a9fe242be, 5f58a2274, 1e98187b4, d08ec6d8f, a9fe242be, 5f58a2274, a9fe242be, 0ec3a146c, 1ad910eb9, f58a9949b, 9b02c1aae]:
- @clerk/[email protected]
- @clerk/[email protected]
- @clerk/[email protected]

javascript - @clerk/[email protected]

Published by clerk-cookie 10 months ago

Major Changes

Change return value of verifyToken() from @clerk/backend to { data, error}. (#2377) by @dimkl

To replicate the current behaviour use this:

import { verifyToken } from '@clerk/backend'

const { data, error }  = await verifyToken(...);
if(error){
    throw error;
}

Change return values of signJwt, hasValidSignature, decodeJwt, verifyJwt (#2377) by @dimkl

to return { data, error }. Example of keeping the same behavior using those utilities:

import { signJwt, hasValidSignature, decodeJwt, verifyJwt } from '@clerk/backend/jwt';

const { data, error } = await signJwt(...)
if (error) throw error;

const { data, error } = await hasValidSignature(...)
if (error) throw error;

const { data, error } = decodeJwt(...)
if (error) throw error;

const { data, error } = await verifyJwt(...)
if (error) throw error;

Changes in exports of @clerk/backend: (#2363) by @dimkl

Expose the following helpers and enums from @clerk/backend/internal:

import {
  AuthStatus,
  buildRequestUrl,
  constants,
  createAuthenticateRequest,
  createIsomorphicRequest,
  debugRequestState,
  makeAuthObjectSerializable,
  prunePrivateMetadata,
  redirect,
  sanitizeAuthObject,
  signedInAuthObject,
  signedOutAuthObject,
} from '@clerk/backend/internal';

Drop the above exports from the top-level api:
```
// Before
import { AuthStatus, ... } from '@clerk/backend';
// After
import { AuthStatus, ... } from '@clerk/backend/internal';
```
Dropping those exports results in also dropping the exports from gatsby-plugin-clerk, @clerk/clerk-sdk-node, @clerk/backend, @clerk/fastify, @clerk/nextjs, @clerk/remix packages.

Changes in exports of @clerk/backend: (#2365) by @dimkl

Drop the following internal exports from the top-level api:

// Before
import {
  AllowlistIdentifier,
  Client,
  DeletedObject,
  Email,
  EmailAddress,
  ExternalAccount,
  IdentificationLink,
  Invitation,
  OauthAccessToken,
  ObjectType,
  Organization,
  OrganizationInvitation,
  OrganizationMembership,
  OrganizationMembershipPublicUserData,
  PhoneNumber,
  RedirectUrl,
  SMSMessage,
  Session,
  SignInToken,
  Token,
  User,
  Verification,
} from '@clerk/backend';
// After : no alternative since there is no need to use those classes

Dropping those exports results in also dropping the exports from gatsby-plugin-clerk, @clerk/clerk-sdk-node, @clerk/backend, @clerk/fastify, @clerk/nextjs, @clerk/remix packages.

Keep those 3 resource related type exports

import type { Organization, Session, User, WebhookEvent, WebhookEventType } from '@clerk/backend';

Changes in exports of @clerk/backend: (#2364) by @dimkl
- Expose the following helpers and enums from @clerk/backend/jwt:
```
import { decodeJwt, hasValidSignature, signJwt, verifyJwt } from '@clerk/backend/jwt';
```
- Drop the above exports from the top-level api:
```
// Before
import { decodeJwt, ... } from '@clerk/backend';
// After
import { decodeJwt, ... } from '@clerk/backend/jwt';
```
  Dropping those exports results in also dropping the exports from gatsby-plugin-clerk, @clerk/clerk-sdk-node, @clerk/backend, @clerk/fastify, @clerk/nextjs, @clerk/remix packages.

Changes in @clerk/backend exports: (#2362) by @dimkl

Drop Internal deserialize helper

Introduce /errors subpath export, eg:

import {
  TokenVerificationError,
  TokenVerificationErrorAction,
  TokenVerificationErrorCode,
  TokenVerificationErrorReason,
} from '@clerk/backend/errors';

Drop errors from top-level export

// Before
import { TokenVerificationError, TokenVerificationErrorReason } from '@clerk/backend';
// After
import { TokenVerificationError, TokenVerificationErrorReason } from '@clerk/backend/errors';

Minor Changes

Improve ESM support in @clerk/backend for Node by using .mjs for #crypto subpath import (#2360) by @dimkl

Patch Changes

Update the handshake flow to only trigger for document requests. (#2352) by @BRKalow
Updated dependencies [5f58a2274]:
- @clerk/[email protected]

javascript - @clerk/[email protected]

Published by clerk-cookie 10 months ago

Major Changes

Remove hashing and third-party cookie functionality related to development instance session syncing in favor of URL-based session syncing with query parameters. (#2367) by @tmilewski

Patch Changes

Updated dependencies [2a67f729d, e7414cb3f, 5f58a2274, 5f58a2274]:
- @clerk/[email protected]
- @clerk/[email protected]
- @clerk/[email protected]

javascript - @clerk/[email protected]

Published by clerk-cookie 11 months ago

Major Changes

Align return types for redirectTo* methods in ClerkJS SDK-1037 by @tmilewski

Breaking Changes:
- redirectToUserProfile now returns Promise<unknown> instead of void
- redirectToOrganizationProfile now returns Promise<unknown> instead of void
- redirectToCreateOrganization now returns Promise<unknown> instead of void
- redirectToHome now returns Promise<unknown> instead of void

Minor Changes

Introduce Protect for authorization. (#2170) by @panteliselef

Changes in public APIs:
- Rename Gate to Protect
- Support for permission checks. (Previously only roles could be used)
- Remove the experimental tags and prefixes
- Drop some from the has utility and Protect. Protect now accepts a condition prop where a function is expected with the has being exposed as the param.
- Protect can now be used without required props. In this case behaves as <SignedIn>, if no authorization props are passed.
- has will throw an error if neither permission or role is passed.
- auth().protect() for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.
  - inside a page or layout file it will render the nearest not-found component set by the developer
  - inside a route handler it will return empty response body with a 404 status code

Patch Changes

Adjust ZxcvbnResult interface to use current feedback.warning type as used in the upstream @zxcvbn-ts/core library. (#2326) by @LekoArts
Drop redirectToHome redirect method in favour of redirectToAfterSignUp or redirectToAfterSignIn. (#2251) by @octoper

When the <SignIn/> and <SignUp/> components are rendered while a user is already logged in, they will now redirect to the configured afterSignIn and afterSignUp URLs, respectively. Previously, the redirect URL was set to the home URL configured in the dashboard.

javascript - @clerk/[email protected]

Published by clerk-cookie 11 months ago

Patch Changes

Updated dependencies [e602d6c1f]:
- @clerk/[email protected]

javascript - @clerk/[email protected]

Published by clerk-cookie 11 months ago

Patch Changes

Updated dependencies [e602d6c1f]:
- @clerk/[email protected]

javascript - @clerk/[email protected]

Published by clerk-cookie 11 months ago

Patch Changes

Add react-dom to peerDependenciesMeta key inside package.json (#2322) by @LekoArts
Add useAssertWrappedByClerkProvider to internal code. If you use hooks like useAuth outside of the <ClerkProvider /> context an error will be thrown. For example: (#2299) by @tmilewski
```
@clerk/clerk-react: useAuth can only be used within the <ClerkProvider /> component
```

javascript - @clerk/[email protected]

Published by clerk-cookie 11 months ago

Major Changes

- Introduce @clerk/clerk-react/errors and @clerk/clerk-react/internal subpath exports to expose some internal utilities. Eg (#2328) by @dimkl
```
// Before
import { __internal__setErrorThrowerOptions } from '@clerk/clerk-react';
// After
import { setErrorThrowerOptions } from '@clerk/clerk-react/internal';

// Before
import { isClerkAPIResponseError, isEmailLinkError, isKnownError, isMetamaskError } from '@clerk/clerk-react';
// After
import {
  isClerkAPIResponseError,
  isEmailLinkError,
  isKnownError,
  isMetamaskError,
} from '@clerk/clerk-react/errors';

// Before
import { MultisessionAppSupport } from '@clerk/clerk-react';
// After
import { MultisessionAppSupport } from '@clerk/clerk-react/internal';
```
- Drop from the @clerk/clerk-react and all other clerk-react wrapper packages:
  - __internal__setErrorThrowerOptions internal utility (moved to /internal subpath)
  - WithClerkProp type
  - MultisessionAppSupport component (moved to /internal subpath)
  - EmailLinkErrorCode enum
- Drop StructureContext and related errors to reduce to reduce code complexity since it seems that it was not being used.
- Drop withUser, WithUser, withClerk HOFs and WithClerk, withSession, WithSession HOCs from the @clerk/clerk-react
  to reduce the export surface since it's trivial to implement if needed.
Drop redirectToHome redirect method in favour of redirectToAfterSignUp or redirectToAfterSignIn. (#2251) by @octoper

When the <SignIn/> and <SignUp/> components are rendered while a user is already logged in, they will now redirect to the configured afterSignIn and afterSignUp URLs, respectively. Previously, the redirect URL was set to the home URL configured in the dashboard.
Align return types for redirectTo* methods in ClerkJS SDK-1037 by @tmilewski

Breaking Changes:
- redirectToUserProfile now returns Promise<unknown> instead of void
- redirectToOrganizationProfile now returns Promise<unknown> instead of void
- redirectToCreateOrganization now returns Promise<unknown> instead of void
- redirectToHome now returns Promise<unknown> instead of void

Minor Changes

Introduce Protect for authorization. (#2170) by @panteliselef

Changes in public APIs:
- Rename Gate to Protect
- Support for permission checks. (Previously only roles could be used)
- Remove the experimental tags and prefixes
- Drop some from the has utility and Protect. Protect now accepts a condition prop where a function is expected with the has being exposed as the param.
- Protect can now be used without required props. In this case behaves as <SignedIn>, if no authorization props are passed.
- has will throw an error if neither permission or role is passed.
- auth().protect() for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.
  - inside a page or layout file it will render the nearest not-found component set by the developer
  - inside a route handler it will return empty response body with a 404 status code

Patch Changes

Add useAssertWrappedByClerkProvider to internal code. If you use hooks like useAuth outside of the <ClerkProvider /> context an error will be thrown. For example: (#2299) by @tmilewski
```
@clerk/clerk-react: useAuth can only be used within the <ClerkProvider /> component
```
Updated dependencies [896cb6104, 69ce3e185, ab4eb56a5, 46040a2f3, 75ea300bc, 844847e0b]:
- @clerk/[email protected]
- @clerk/[email protected]

javascript - @clerk/[email protected]

Published by clerk-cookie 11 months ago

Major Changes

Drop support for NextJS v12: v12 was released on 26 Oct 2021. Support for security updates stopped on 21 Nov 2022. (#2347) by @nikosdouvlis

Drop support for NextJS <13.0.4: Various header-related bugs were introduced with the 12.1.0, 12.2.0, 13.0.1, 13.0.2, 13.0.3 NextJS releases which are now fixed since next@^13.0.4. We will be dropping support for these problematic versions in order to greatly reduce complexity in our codebase.

Drop support for NextJS < 14.0.3 because of the issues described here: https://github.com/clerk/javascript/issues/1436.

Deprecate authMiddleware in favor of clerkMiddleware. For more information, see https://clerk.com/docs/upgrade-guides/v5-introduction

Move the server-side APIs from @clerk/nextjs to the @clerk/nextjs/server module: WebhookEventType, WebhookEvent, verifyToken, redirectToSignIn, auth, buildClerkProps, clerkClient, currentUser, getAuth, redirectToSignUp and authMiddleware. For more information, see https://clerk.com/docs/upgrade-guides/v5-introduction

Patch Changes

Updated dependencies [e602d6c1f]:
- @clerk/[email protected]

javascript - @clerk/[email protected]

Published by clerk-cookie 11 months ago

Major Changes

Drop redirectToHome redirect method in favour of redirectToAfterSignUp or redirectToAfterSignIn. (#2251) by @octoper

When the <SignIn/> and <SignUp/> components are rendered while a user is already logged in, they will now redirect to the configured afterSignIn and afterSignUp URLs, respectively. Previously, the redirect URL was set to the home URL configured in the dashboard.

Minor Changes

Introduce Protect for authorization. (#2170) by @panteliselef

Changes in public APIs:
- Rename Gate to Protect
- Support for permission checks. (Previously only roles could be used)
- Remove the experimental tags and prefixes
- Drop some from the has utility and Protect. Protect now accepts a condition prop where a function is expected with the has being exposed as the param.
- Protect can now be used without required props. In this case behaves as <SignedIn>, if no authorization props are passed.
- has will throw an error if neither permission or role is passed.
- auth().protect() for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.
  - inside a page or layout file it will render the nearest not-found component set by the developer
  - inside a route handler it will return empty response body with a 404 status code

Patch Changes

Update @zxcvbn-ts/core from 2.2.1 to 3.0.4. Update @zxcvbn-ts/language-common from 3.0.2 to 3.0.4. (#2326) by @LekoArts
Add useAssertWrappedByClerkProvider to internal code. If you use hooks like useAuth outside of the <ClerkProvider /> context an error will be thrown. For example: (#2299) by @tmilewski
```
@clerk/clerk-react: useAuth can only be used within the <ClerkProvider /> component
```
Updated dependencies [896cb6104, 69ce3e185, ab4eb56a5, 46040a2f3, 75ea300bc, 370b17b12, 844847e0b]:
- @clerk/[email protected]
- @clerk/[email protected]
- @clerk/[email protected]

javascript - @clerk/[email protected]

Published by clerk-cookie 11 months ago

Patch Changes

Update es-ES.ts (#2341) by @codesjedi

javascript - [email protected]

Published by clerk-cookie 11 months ago

Patch Changes

Updated dependencies [e602d6c1f]:
- @clerk/[email protected]
- @clerk/[email protected]

javascript - @clerk/[email protected]

Published by clerk-cookie 11 months ago

Major Changes

- Introduce @clerk/clerk-react/errors and @clerk/clerk-react/internal subpath exports to expose some internal utilities. Eg (#2328) by @dimkl
```
// Before
import { __internal__setErrorThrowerOptions } from '@clerk/clerk-react';
// After
import { setErrorThrowerOptions } from '@clerk/clerk-react/internal';

// Before
import { isClerkAPIResponseError, isEmailLinkError, isKnownError, isMetamaskError } from '@clerk/clerk-react';
// After
import {
  isClerkAPIResponseError,
  isEmailLinkError,
  isKnownError,
  isMetamaskError,
} from '@clerk/clerk-react/errors';

// Before
import { MultisessionAppSupport } from '@clerk/clerk-react';
// After
import { MultisessionAppSupport } from '@clerk/clerk-react/internal';
```
- Drop from the @clerk/clerk-react and all other clerk-react wrapper packages:
  - __internal__setErrorThrowerOptions internal utility (moved to /internal subpath)
  - WithClerkProp type
  - MultisessionAppSupport component (moved to /internal subpath)
  - EmailLinkErrorCode enum
- Drop StructureContext and related errors to reduce to reduce code complexity since it seems that it was not being used.
- Drop withUser, WithUser, withClerk HOFs and WithClerk, withSession, WithSession HOCs from the @clerk/clerk-react
  to reduce the export surface since it's trivial to implement if needed.

Patch Changes

Updated dependencies [69ce3e185, 896cb6104, 8aea39cd6, ab4eb56a5, 46040a2f3, 75ea300bc, 844847e0b]:
- @clerk/[email protected]
- @clerk/[email protected]
- @clerk/[email protected]

javascript - @clerk/[email protected]

Published by clerk-cookie 11 months ago

Patch Changes

Updated dependencies [e602d6c1f]:
- @clerk/[email protected]

javascript - @clerk/[email protected]

Published by clerk-cookie 11 months ago

Major Changes

- Introduce @clerk/clerk-react/errors and @clerk/clerk-react/internal subpath exports to expose some internal utilities. Eg (#2328) by @dimkl
```
// Before
import { __internal__setErrorThrowerOptions } from '@clerk/clerk-react';
// After
import { setErrorThrowerOptions } from '@clerk/clerk-react/internal';

// Before
import { isClerkAPIResponseError, isEmailLinkError, isKnownError, isMetamaskError } from '@clerk/clerk-react';
// After
import {
  isClerkAPIResponseError,
  isEmailLinkError,
  isKnownError,
  isMetamaskError,
} from '@clerk/clerk-react/errors';

// Before
import { MultisessionAppSupport } from '@clerk/clerk-react';
// After
import { MultisessionAppSupport } from '@clerk/clerk-react/internal';
```
- Drop from the @clerk/clerk-react and all other clerk-react wrapper packages:
  - __internal__setErrorThrowerOptions internal utility (moved to /internal subpath)
  - WithClerkProp type
  - MultisessionAppSupport component (moved to /internal subpath)
  - EmailLinkErrorCode enum
- Drop StructureContext and related errors to reduce to reduce code complexity since it seems that it was not being used.
- Drop withUser, WithUser, withClerk HOFs and WithClerk, withSession, WithSession HOCs from the @clerk/clerk-react
  to reduce the export surface since it's trivial to implement if needed.

Expand the ability for @clerk/chrome-extension WebSSO to sync with host applications which use URL-based session syncing. (#2277) by @tmilewski

How to Update

WebSSO Host Permissions:

Local Development: You must have your explicit development domain added to your manifest.json file in order to use the WebSSO flow.

Example:

{
  "host_permissions": [
    // ...
    "http://localhost"
    // ...
  ]
}

Production: You must have your explicit Clerk Frontend API domain added to your manifest.json file in order to use the WebSSO flow.

Example:

{
  "host_permissions": [
    // ...
    "https://clerk.example.com"
    // ...
  ]
}

WebSSO Provider settings:

<ClerkProvider
  publishableKey={publishableKey}
  routerPush={to => navigate(to)}
  routerReplace={to => navigate(to, { replace: true })}
  syncSessionWithTab

  // tokenCache is now storageCache (See below)
  storageCache={/* ... */}
>

WebSSO Storage Cache Interface:

With the prop change from tokenCache to storageCache, the interface has been expanded to allow for more flexibility.

The new interface is as follows:

type StorageCache = {
  createKey: (...keys: string[]) => string;
  get: <T = any>(key: string) => Promise<T>;
  remove: (key: string) => Promise<void>;
  set: (key: string, value: string) => Promise<void>;
};

Minor Changes

Introduce Protect for authorization. (#2170) by @panteliselef

Changes in public APIs:
- Rename Gate to Protect
- Support for permission checks. (Previously only roles could be used)
- Remove the experimental tags and prefixes
- Drop some from the has utility and Protect. Protect now accepts a condition prop where a function is expected with the has being exposed as the param.
- Protect can now be used without required props. In this case behaves as <SignedIn>, if no authorization props are passed.
- has will throw an error if neither permission or role is passed.
- auth().protect() for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.
  - inside a page or layout file it will render the nearest not-found component set by the developer
  - inside a route handler it will return empty response body with a 404 status code

Patch Changes

Updated dependencies [69ce3e185, 896cb6104, 8aea39cd6, ab4eb56a5, 46040a2f3, 75ea300bc, 844847e0b]:
- @clerk/[email protected]
- @clerk/[email protected]
- @clerk/[email protected]

javascript - @clerk/[email protected]

Published by clerk-cookie 11 months ago

Major Changes

Drop unused SearchParams.AuthStatus constant (#2347) by @nikosdouvlis

javascript - @clerk/[email protected]

Published by clerk-cookie 11 months ago

Patch Changes

Update NextJS quickstart link in error message (#2354) by @dimkl

javascript - @clerk/[email protected]

Published by clerk-cookie 11 months ago

Minor Changes

Introduce Protect for authorization. (#2309) by @panteliselef

Changes in public APIs:
- Rename Gate to Protect
- Support for permission checks. (Previously only roles could be used)
- Remove the experimental tags and prefixes
- Drop some from the has utility and Protect. Protect now accepts a condition prop where a function is expected with the has being exposed as the param.
- Protect can now be used without required props. In this case behaves as <SignedIn>, if no authorization props are passed.
- has will throw an error if neither permission or role is passed.
- auth().protect() for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.
  - inside a page or layout file it will render the nearest not-found component set by the developer
  - inside a route handler it will return empty response body with a 404 status code