Change Log

May 7, 2026 · View on GitHub

6.10.0

Minor Changes

Patch Changes

  • Updated dependencies [7a5892f]:
    • @clerk/shared@4.10.1

6.9.0

Minor Changes

  • Add experimental <ConfigureSSO /> component. Not ready for usage yet. (#8427) by @LauraBeatris

Patch Changes

  • Move ownership of the clerk-rq QueryClient from @clerk/clerk-js into @clerk/shared. The QueryObserver (constructed in @clerk/shared) and the Query objects it observes now always come from a single @tanstack/query-core resolution — the cross-bundle API contract that produced #8428 (Query.isFetched is not a function) no longer exists. (#8434) by @jacekradko

    This removes the undocumented clerk.__internal_queryClient getter from both @clerk/clerk-js and @clerk/react's IsomorphicClerk. The QueryClient is owned by an internal singleton in @clerk/shared, lazily instantiated on the browser only — server renders return undefined, preserving SSR safety and avoiding cross-request cache sharing.

    @tanstack/query-core is no longer a direct dependency of @clerk/clerk-js; it remains a dep of @clerk/shared and resolves consumer-side as before.

  • Updated dependencies [9e9230c, 68d32df, 1c27d4d, 1001193]:

    • @clerk/shared@4.10.0

6.8.0

Minor Changes

  • Add internal API methods to manage enterprise connections (#8421) by @LauraBeatris

  • Expose OAuthConsent as a public component export across React-based SDKs. (#8381) by @wobsoriano

    Example:

    import { OAuthConsent } from '@clerk/react';

export default function Page() {
  return <OAuthConsent />;
}

Patch Changes

6.7.9

Patch Changes

  • Raise the @tanstack/query-core floor to ^5.100.6 in the repo catalog and consume it from @clerk/shared and @clerk/clerk-js so the version baked into the production clerk-js CDN bundle stays in lockstep with what consumer-side @clerk/shared resolves to. (#8432) by @jacekradko

    Fixes a runtime crash (TypeError: e.isFetched is not a function) introduced when consumer dedupe resolved query-core to 5.100.x (which adds Query.isFetched()) while the published CDN bundle still embedded 5.90.16. The new QueryObserver then called isFetched() on Query objects from the older bundled version.

  • Updated dependencies [1bfd8ab]:

    • @clerk/shared@4.8.7

6.7.8

Patch Changes

  • Auto-proxy FAPI requests for .vercel.app subdomains. When deployed to a .vercel.app domain without explicit proxy or domain configuration, the SDK automatically routes Frontend API requests through /__clerk on the app's own origin. This enables Clerk production mode on Vercel deployments without manual proxy setup. (#8035) by @brkalow

  • Loosen @tanstack/query-core dependency from an exact pin to a caret range (^5.90.16) so it can dedupe with consumer-installed @tanstack/react-query versions. This avoids Vite resolve.dedupe resolution failures under Bun when two divergent copies of query-core end up nested instead of hoisted. (#8417) by @jacekradko

  • Updated dependencies [9b57986, a9f9b29]:

    • @clerk/shared@4.8.6

6.7.7

Patch Changes

  • Updated dependencies [da76490]:
    • @clerk/shared@4.8.5

6.7.6

Patch Changes

6.7.5

Patch Changes

  • Fix an authorization bypass in has(), auth.protect(), and related predicates when a single call combined conditions from more than one dimension (for example, { permission, reverification } or { feature, permission }). A dimension that should have denied the request was treated as indeterminate and ignored by the combining logic, allowing other passing dimensions to carry the result and authorize the call when it should have failed closed. (#8372) by @nikosdouvlis

    Behavior is now:

    • When a requested dimension cannot be satisfied because the underlying session data is missing, malformed, or invalid, the call denies. Previously these cases were treated as indeterminate and ignored, which could let another passing dimension carry the call.
    • Fixed a minor bug where session.checkAuthorization() was building authorization options from the membership row id instead of the organization id.

    Single-condition role, permission, feature, and plan checks (has({ permission }), etc.) are unchanged. Single-condition reverification checks are unchanged on well-formed session data; calls with a missing or malformed factorVerificationAge payload now deny where they previously returned indeterminate. Callback-form auth.protect(has => ...) is unaffected unless the callback itself invokes the affected shapes.

    Separately, auth.protect() in @clerk/nextjs previously discarded authorization params (role, permission, feature, plan, reverification) whenever the same argument object also contained unauthenticatedUrl, unauthorizedUrl, or token. TypeScript's excess-property check caught this for inline object literals but did not apply once the argument was assigned to a variable, spread, or used from JavaScript. Mixed-shape calls like auth.protect({ role: 'org:admin', unauthorizedUrl: '/denied' }) or auth.protect({ permission: 'org:X', token: 'session_token' }) now correctly enforce the authorization check instead of silently letting every authenticated caller through.

  • Updated dependencies [d52b311]:

    • @clerk/shared@4.8.3

6.7.4

Patch Changes

  • fix(clerk-js): Prevent background token refresh from destroying sessions on mobile (#8303) by @chriscanin

    On iOS, background thread throttling can starve the JS event loop for hours (e.g., overnight audio apps). When the SDK's background refresh timer eventually fires with stale credentials, the resulting 401 would trigger handleUnauthenticated() and destroy the session even though it's still valid on the server.

    Adds an early return in #refreshTokenInBackground(), gated to headless/mobile runtimes only (Expo sets runtimeEnvironment to 'headless'). If the token has already expired when the refresh timer fires, bail out instead of sending a request with stale credentials. The next foreground getToken() call handles token acquisition through the normal path with proper retry logic.

6.7.3

Patch Changes

  • Added development runtime error when mounting <OAuthconsent /> without active session. (#8335) by @wobsoriano

  • Updated dependencies [c7b0f47, 34762e8]:

    • @clerk/shared@4.8.2

6.7.2

Patch Changes

  • Updated dependencies [b0b6675]:
    • @clerk/shared@4.8.1

6.7.1

Patch Changes

  • Updated dependencies [dc2de16]:
    • @clerk/shared@4.8.0

6.7.0

Minor Changes

  • Add OAuthApplication resource and getConsentInfo() method for retrieving OAuth consent information, enabling custom OAuth consent flows. (#8275) by @jfoshee

Patch Changes

6.6.0

Minor Changes

  • Add support for rendering the Banned badge in the organization members list. (#8261) by @dstaley

Patch Changes

  • Improve types for signIn.create and signUp.create methods. (#8267) by @dstaley

  • Fixed API keys "Revoke" confirmation modal being stuck disabled when using a localization. (#8258) by @wobsoriano

  • Updated dependencies [fdac10e, 4e3cb0a, aa32bbc]:

    • @clerk/shared@4.6.0

6.5.0

Minor Changes

  • API keys is now generally available. (#8059) by @wobsoriano

    <APIKeys /> component

    import { APIKeys } from '@clerk/react';

export default function Page() {
  return <APIKeys />;
}

    useAPIKeys() hook

    import { useAPIKeys } from '@clerk/react';

export default function CustomAPIKeys() {
  const { data, isLoading, page, pageCount, fetchNext, fetchPrevious } = useAPIKeys({
    pageSize: 10,
    initialPage: 1,
  });

  if (isLoading) return <div>Loading...</div>;

  return (
    <ul>
      {data?.map(key => (
        <li key={key.id}>{key.name}</li>
      ))}
    </ul>
  );
}

Patch Changes

  • Updated dependencies [2c06a5f]:
    • @clerk/shared@4.5.0

6.4.1

Patch Changes

6.4.0

Minor Changes

  • Add support for seat-based billing plans in Clerk Billing. (#8006) by @dstaley

  • Add EnterpriseConnection resource (#8175) by @LauraBeatris

    User.getEnterpriseConnections() was wrongly typed as returning EnterpriseAccountConnectionResource[], it now returns EnterpriseConnectionResource[]

  • Allow to link external accounts to enterprise accounts via UserProfile (#8091) by @NicolasLopes7

Patch Changes

6.3.3

Patch Changes

  • Fix dev browser token being read from a stale non-partitioned cookie when partitionedCookies is enabled. The token is now kept in memory so FAPI requests always use the authoritative value. (#8161) by @brkalow

  • Fix satelliteAutoSync to default to false as documented. Previously, not passing the prop resulted in undefined, which was treated as true due to a strict equality check (=== false). This preserved Core 2 auto-sync behavior instead of the intended Core 3 default. The check is now !== true, so both undefined and false skip automatic satellite sync. (#8001) by @nikosdouvlis

  • Fix token cache refresh timer leak that caused accelerating token refresh requests after session.touch() or organization switching. (#8098) by @jacekradko

  • Skip expired_token retry flow when Session Minter is enabled. When sessionMinter is on, the token is sent in the POST body, so the retry-with-expired-token fallback is unnecessary. The retry flow is preserved for non-Session Minter mode. (#8108) by @nikosdouvlis

  • Send force_origin=true body param on /tokens requests when skipCache is true, so FAPI Proxy routes to origin instead of Session Minter. (#8106) by @nikosdouvlis

6.3.2

Patch Changes

  • Send previous session token on /tokens requests to support Session Minter edge token minting. (#8105) by @nikosdouvlis

  • Add optional intent parameter to session.touch() to indicate why the touch was triggered (focus, session switch, or org switch). This enables the backend to skip expensive client piggybacking for focus-only touches. by @nikosdouvlis

  • Updated dependencies [f0533a2, e00ec97]:

    • @clerk/shared@4.3.2

6.3.1

Patch Changes

  • Ensure clerk-js accepts proxyUrl and domain in non-browser environments. (#8095) by @brkalow

  • Updated dependencies [b9cb6e5]:

    • @clerk/shared@4.3.1

6.3.0

Minor Changes

  • Support sign_up_if_missing on SignIn.create, including captcha (#8030) by @dmoerner

Patch Changes

  • Updated dependencies [de1386f]:
    • @clerk/shared@4.3.0

6.2.0

Minor Changes

Patch Changes

  • Updated dependencies [3e63793]:
    • @clerk/shared@4.2.0

6.1.0

Minor Changes

  • Prevent modification of immutable attributes in UserProfile (#7931) by @dmoerner

Patch Changes

  • Narrow the error conditions that trigger the unauthenticated flow (sign-out) to only high-confidence authentication failures (401, 422). Previously, all 4xx errors — including 429 rate limits — were treated as auth failures, which could sign users out during transient rate limiting. Non-auth errors from setActive now propagate to the caller instead of being silently swallowed. (#8004) by @brkalow

  • Fix random sign-outs when the browser temporarily loses network connectivity. (#7912) by @bratsos

  • Updated dependencies [776ee1b, 7fb870d, 09cb6d4]:

    • @clerk/shared@4.1.0

6.0.0

Major Changes

  • Align experimental/unstable prefixes to use consistent naming: (#7361) by @brkalow

    • Renamed all __unstable_* methods to __internal_* (for internal APIs)
    • Renamed all experimental__* and experimental_* methods to __experimental_* (for beta features)
    • Removed deprecated billing-related props (__unstable_manageBillingUrl, __unstable_manageBillingLabel, __unstable_manageBillingMembersLimit) and experimental__forceOauthFirst

  • Renamed unstable methods to internal: (#7925) by @jacekradko

    • __unstable__environment__internal_environment
    • __unstable__updateProps__internal_updateProps
    • __unstable__setEnvironment__internal_setEnvironment
    • __unstable__onBeforeRequest__internal_onBeforeRequest
    • __unstable__onAfterResponse__internal_onAfterResponse
    • __unstable__onBeforeSetActive__internal_onBeforeSetActive (window global)
    • __unstable__onAfterSetActive__internal_onAfterSetActive (window global)

  • Add proactive session token refresh. Tokens are now automatically refreshed in the background before they expire, reducing latency for API calls near token expiration. (#7317) by @jacekradko

  • Updated returned values of Clerk.checkout() and useCheckout. (#7232) by @panteliselef

    Vanilla JS

    // Before
const { getState, subscribe, confirm, start, clear, finalize } = Clerk.checkout({
  planId: 'xxx',
  planPeriod: 'annual',
});
getState().isStarting;
getState().isConfirming;
getState().error;
getState().checkout;
getState().fetchStatus;
getState().status;

// After
const { checkout, errors, fetchStatus } = Clerk.checkout({ planId: 'xxx', planPeriod: 'annual' });
checkout.plan; // null or defined based on `checkout.status`
checkout.status;
checkout.start;
checkout.confirm;

    React

    // Before
const { id, plan, status, start, confirm, paymentSource } = useCheckout({ planId: 'xxx', planPeriod: 'annual' });

// After
const { checkout, errors, fetchStatus } = usecCheckout({ planId: 'xxx', planPeriod: 'annual' });
checkout.plan; // null or defined based on `checkout.status`
checkout.status;
checkout.start;
checkout.confirm;

  • Remove deprecated saml property from UserSettings in favor of enterpriseSSO (#7063) by @LauraBeatris

  • Remove deprecated samlAccount in favor of enterpriseAccount (#7258) by @LauraBeatris

  • Remove clerkJSVariant option and headless bundle. Use prefetchUI={false} instead. (#7629) by @jacekradko

  • Require Node.js 20.9.0 in all packages (#7262) by @jacekradko

  • Remove all previously deprecated UI props across the Next.js, React and clerk-js SDKs. The legacy afterSign(In|Up)Url/redirectUrl props, UserButton sign-out overrides, organization hideSlug flags, OrganizationSwitcher's afterSwitchOrganizationUrl, Client.activeSessions, setActive({ beforeEmit }), and the ClerkMiddlewareAuthObject type alias are no longer exported. Components now rely solely on the new redirect options and server-side configuration. (#7243) by @jacekradko

  • Remove deprecated saml strategy in favor of enterprise_sso (#7326) by @LauraBeatris

  • getToken() now throws ClerkOfflineError instead of returning null when the client is offline. (#7598) by @bratsos

    This makes it explicit that a token fetch failure was due to network conditions, not authentication state. Previously, returning null could be misinterpreted as "user is signed out," potentially causing the cached token to be cleared.

    To handle this change, catch ClerkOfflineError from getToken() calls:

    import { ClerkOfflineError } from '@clerk/react/errors';

try {
  const token = await session.getToken();
} catch (error) {
  if (ClerkOfflineError.is(error)) {
    // Handle offline scenario - show offline UI, retry later, etc.
  }
  throw error;
}

Minor Changes

  • Add support for email link based verification to SignUpFuture (#7745) by @dstaley

  • Surface organization creation defaults with prefilled form fields and advisory warnings (#7488) by @LauraBeatris

  • Reuse SignIn and SignUp instances on Client when processing Client response JSON. (#7803) by @dstaley

  • addListener now takes a skipInitialEmit option that can be used to avoid emitting immediately after subscribing. (#7925) by @jacekradko

  • UI components are now provided by the new @clerk/ui package, loaded automatically from the Clerk CDN. (#7925) by @jacekradko

  • Don't display impersonation overlay for agents (#7933) by @tmilewski

  • Hide the "Remove" action from the last available 2nd factor strategy when MFA is required (#7729) by @octoper

  • Renames mountTaskSetupMfa and unmountTaskSetupMfa to mountTaskSetupMFA and unmountTaskSetupMFA respectively (#7859) by @octoper

  • Add unsafe_disableDevelopmentModeConsoleWarning option to disable the development mode warning that's emitted to the console when Clerk is first loaded. (#7505) by @dstaley

  • Refactor React SDK hooks to subscribe to auth state via useSyncExternalStore. This is a mostly internal refactor to unlock future improvements, but includes a few breaking changes and fixes. (#7411) by @Ephem

    Breaking changes:

    • Removes ability to pass in initialAuthState to useAuth
      • This was added for internal use and is no longer needed
      • Instead pass in initialState to the <ClerkProvider>, or dynamic if using the Next package
      • See your specific SDK documentation for more information on Server Rendering

    Fixes:

    • A bug where useAuth would sometimes briefly return the initialState rather than undefined
      • This could in certain situations incorrectly lead to a brief user: null on the first page after signing in, indicating a signed out state
    • Hydration mismatches in certain rare scenarios where subtrees would suspend and hydrate only after clerk-js had loaded fully

  • Add support for email code MFA to SignInFuture (#7594) by @dstaley

  • Introducing setup_mfa session task (#7626) by @octoper

  • Add additional verification fields to SignUpFuture. (#7666) by @dstaley

  • Add support for resetting a password via phone code. (#7824) by @dstaley

  • Disable role selection in OrganizationProfile during role set migration (#7534) by @LauraBeatris

  • Add Safari ITP (Intelligent Tracking Prevention) cookie refresh support. (#7623) by @nikosdouvlis

    Safari's ITP limits cookies set via JavaScript to 7 days. When a session cookie is close to expiring (within 8 days), Clerk now automatically routes navigations through a /v1/client/touch endpoint to refresh the cookie via a full-page navigation, bypassing the 7-day cap.

    For developers using a custom navigate callback in setActive(), a new decorateUrl function is passed to the callback. Use it to wrap your destination URL:

    await clerk.setActive({
  session: newSession,
  navigate: ({ decorateUrl }) => {
    const url = decorateUrl('/dashboard');
    window.location.href = url;
  },
});

    The decorateUrl function returns the original URL unchanged when the Safari ITP fix is not needed, so it's safe to always use it.

  • Add satelliteAutoSync option to optimize satellite app handshake behavior (#7597) by @nikosdouvlis

    Satellite apps currently trigger a handshake redirect on every first page load, even when no cookies exist. This creates unnecessary redirects to the primary domain for apps where most users aren't authenticated.

    New option: satelliteAutoSync (default: false)

    • When false (default): Skip automatic handshake if no session cookies exist, only trigger after explicit sign-in action
    • When true: Satellite apps automatically trigger handshake on first load (previous behavior)

    New query parameter: __clerk_sync

    • __clerk_sync=1 (NeedsSync): Triggers handshake after returning from primary sign-in
    • __clerk_sync=2 (Completed): Prevents re-sync loop after handshake completes

    Backwards compatible: Still reads legacy __clerk_synced=true parameter.

    SSR redirect fix: Server-side redirects (e.g., redirectToSignIn() from middleware) now correctly add __clerk_sync=1 to the return URL for satellite apps. This ensures the handshake is triggered when the user returns from sign-in on the primary domain.

    CSR redirect fix: Client-side redirects now add __clerk_sync=1 to all redirect URL variants (forceRedirectUrl, fallbackRedirectUrl) for satellite apps, not just the default redirectUrl.

    Usage

    SSR (Next.js Middleware)

    import { clerkMiddleware } from '@clerk/nextjs/server';

export default clerkMiddleware({
  isSatellite: true,
  domain: 'satellite.example.com',
  signInUrl: 'https://primary.example.com/sign-in',
  // Set to true to automatically sync auth state on first load
  satelliteAutoSync: true,
});

    SSR (TanStack Start)

    import { clerkMiddleware } from '@clerk/tanstack-react-start/server';

export default clerkMiddleware({
  isSatellite: true,
  domain: 'satellite.example.com',
  signInUrl: 'https://primary.example.com/sign-in',
  // Set to true to automatically sync auth state on first load
  satelliteAutoSync: true,
});

    CSR (ClerkProvider)

    <ClerkProvider
  publishableKey='pk_...'
  isSatellite={true}
  domain='satellite.example.com'
  signInUrl='https://primary.example.com/sign-in'
  // Set to true to automatically sync auth state on first load
  satelliteAutoSync={true}
>
  {children}
</ClerkProvider>

    SSR (TanStack Start with callback)

    import { clerkMiddleware } from '@clerk/tanstack-react-start/server';

// Options callback - receives context object, returns options
export default clerkMiddleware(({ url }) => ({
  isSatellite: true,
  domain: 'satellite.example.com',
  signInUrl: 'https://primary.example.com/sign-in',
  satelliteAutoSync: url.pathname.startsWith('/dashboard'),
}));

    Migration Guide

    Behavior change: satelliteAutoSync defaults to false

    Previously, satellite apps would automatically trigger a handshake redirect on every first page load to sync authentication state with the primary domain—even when no session cookies existed. This caused unnecessary redirects to the primary domain for users who weren't authenticated.

    The new default (satelliteAutoSync: false) provides a better experience for end users. Performance-wise, the satellite app can be shown immediately without attempting to sync state first, which is the right behavior for most use cases.

    To preserve the previous behavior where visiting a satellite while already signed in on the primary domain automatically syncs your session, set satelliteAutoSync: true:

    export default clerkMiddleware({
  isSatellite: true,
  domain: 'satellite.example.com',
  signInUrl: 'https://primary.example.com/sign-in',
  satelliteAutoSync: true, // Opt-in to automatic sync on first load
});

    TanStack Start: Function props to options callback

    The clerkMiddleware function no longer accepts individual props as functions. If you were using the function form for props like domain, proxyUrl, or isSatellite, migrate to the options callback pattern.

    Before (prop function form - no longer supported):

    import { clerkMiddleware } from '@clerk/tanstack-react-start/server';

export default clerkMiddleware({
  isSatellite: true,
  // ❌ Function form for individual props no longer works
  domain: url => url.hostname,
});

    After (options callback form):

    import { clerkMiddleware } from '@clerk/tanstack-react-start/server';

// ✅ Wrap entire options in a callback function
export default clerkMiddleware(({ url }) => ({
  isSatellite: true,
  domain: url.hostname,
}));

    The callback receives a context object with the url property (a URL instance) and can return options synchronously or as a Promise for async configuration.

  • Add standalone getToken() function for retrieving session tokens outside of framework component trees. (#7325) by @bratsos

    This function is safe to call from anywhere in the browser, such as API interceptors, data fetching layers (e.g., React Query, SWR), or vanilla JavaScript code. It automatically waits for Clerk to initialize before returning the token.

    import { getToken } from '@clerk/nextjs'; // or any framework package

    // Example: Axios interceptor axios.interceptors.request.use(async (config) => { const token = await getToken(); if (token) { config.headers.Authorization = Bearer ${token}; } return config; });

  • Revert sign up if missing changes to fix Enterprise SSO captcha (#7962) by @dmoerner

  • Introduce useWaitlist() hook (#7097) by @brkalow

Patch Changes

5.125.4

Patch Changes

  • Fix a crash in the Turnstile CAPTCHA retry logic where captcha.reset() was called after the widget's DOM container had already been removed, causing an unhandled error (#7957) by @tmilewski

5.125.3

Patch Changes

  • Add debug logging to detect session token swaps in multi-session scenarios (#7945) by @jacekradko

  • Remove CHIPS build variant and use partitioned_cookies environment flag from the Clerk API to control partitioned cookie behavior at runtime. (#7946) by @brkalow

  • Updated dependencies [7955e9d]:

    • @clerk/shared@3.47.2
    • @clerk/localizations@3.37.2

5.125.2

Patch Changes

  • Don't display impersonation for agents (#7934) by @tmilewski

  • Updated dependencies [8a0c404]:

    • @clerk/shared@3.47.1
    • @clerk/localizations@3.37.1

5.125.1

Patch Changes

  • Fix "You must belong to an organization" screen showing after accepting an organization invitation (#7921) by @LauraBeatris

5.125.0

Minor Changes

  • Add support for displaying proration and account credits on payment attempts and statements. (#7885) by @dstaley

Patch Changes

  • Updated dependencies [c00c524]:
    • @clerk/localizations@3.37.0
    • @clerk/shared@3.47.0

5.124.0

Minor Changes

  • Introduces MFA setup session task for handling require MFA after sign-in and sign-up (#7851) by @octoper

  • Add support for account credits in checkout. (#7870) by @dstaley

Patch Changes

  • Fix __client_uat cookie being set on two different domain scopes when app is loaded in both iframe and non-iframe contexts. getCookieDomain() now falls back to hostname instead of undefined when the eTLD+1 probe fails, and the eTLD+1 probe uses the same SameSite/Secure attributes as the actual cookie to ensure consistent behavior across contexts. (#7882) by @brkalow

  • Fix BaseRouter state not syncing after popup OAuth by observing pushState/replaceState changes in addition to popstate (#7863) by @brkalow

  • Updated dependencies [71bd53c, 935f780]:

    • @clerk/localizations@3.36.0
    • @clerk/shared@3.46.0

5.123.1

Patch Changes

  • Set SameSite=None on cookies for .replit.dev origins and consolidate third-party domain list (#7864) by @brkalow

  • fix(clerk-js): Handle missing window.location in React Native navigation (#7854) by @SarahSoutoul

  • Updated dependencies [b17e4bb]:

    • @clerk/shared@3.45.1
    • @clerk/localizations@3.35.5

5.123.0

Minor Changes

  • Add username field into PublicUserData object. (#7837) by @Jibaru

  • Add providerUserId field to ExternalAccount resource as the preferred way to access the unique user ID from the OAuth provider. The existing externalId field is now deprecated in favor of providerUserId for better clarity and consistency across the API. (#7778) by @Jibaru

Patch Changes

  • Updates Keyless Prompt content. (#7798) by @alexcarpenter

  • Disable ConsoleTransport for debug logger by default (#7786) by @jacekradko

  • Fixed an issue where primary identifier shows undefined when signing in with phone number only (#7797) by @wobsoriano

  • Fix infinite loading spinner when navigating to factor-two sign-in route without an active 2FA session (#7787) by @nikosdouvlis

  • Display message for user_deactivated error code on SignIn and SignUp (#7811) by @LauraBeatris

  • Removed redundant beforeunload event listener from SafeLock that was disabling the browser's back-forward cache (bfcache), degrading navigation performance. (#7818) by @wobsoriano

  • Updated dependencies [35bcbd1]:

    • @clerk/shared@3.45.0
    • @clerk/localizations@3.35.4

5.122.1

Patch Changes

5.122.0

Minor Changes

  • Export useOrganizationCreationDefaults hook to fetch suggested organization name and logo from default naming rules (#7690) by @LauraBeatris

Patch Changes

5.121.1

Patch Changes

  • fix: Ensure unsafeMetadata is passed with Sign Up Ticket flow (#7657) by @tmilewski

  • Updates keyless prompt content. (#7636) by @alexcarpenter

  • Fix unsafeMetadata being lost when users are transferred between sign-in and sign-up flows during OAuth/SSO authentication (#7647) by @tmilewski

  • Updated dependencies [b7a4e1e]:

    • @clerk/shared@3.43.2
    • @clerk/localizations@3.35.2

5.121.0

Minor Changes

  • Handle offline_access scope in OAuth consent screen by filtering it from the displayed scopes list (as it describes access duration rather than what can be accessed) and appending informational text about staying signed in when the scope is present. (#7631) by @jfoshee

Patch Changes

  • Fix TaskChooseOrganization to complete organization activation when logo upload fails (#7635) by @LauraBeatris

  • Updated dependencies [c650a04, e995cc3]:

    • @clerk/localizations@3.35.1
    • @clerk/shared@3.43.1

5.120.0

Minor Changes

  • Surface organization creation defaults with prefilled form fields and advisory warnings (#7603) by @LauraBeatris

Patch Changes

  • Fix redirect conflicts when SignIn and SignUp components are used together on the same page. Added missing dependency arrays to useEffect hooks in redirect functions to prevent unwanted redirects during other component flows. (#7614) by @jacekradko

  • Remove opacity from Select placeholder (#7575) by @LauraBeatris

  • Display actual organization membership name in in-app enable organization prompt success message (#7582) by @LauraBeatris

  • Updated dependencies [271ddeb]:

    • @clerk/localizations@3.35.0
    • @clerk/shared@3.43.0

5.119.1

Patch Changes

  • Fix role select being disabled on OrganizationProfile invite members page when default role is not in roles list (#7569) by @LauraBeatris

5.119.0

Minor Changes

  • Fix "You must belong to an organization" screen showing when user has existing memberships, invitations or suggestions (#7557) by @LauraBeatris

  • When password is enabled at the instance level, but not required allow users to add a password in the user profile. (#7549) by @austincalvelage

Patch Changes

  • Updated dependencies [c4dbcf7]:
    • @clerk/localizations@3.34.0

5.118.0

Minor Changes

  • Disable role selection in OrganizationProfile during role set migration (#7541) by @LauraBeatris

Patch Changes

  • Add data-variant and data-color attributes to the Text component. (#7535) by @alexcarpenter

  • Updated dependencies [a4e6932]:

    • @clerk/localizations@3.33.0
    • @clerk/shared@3.42.0

5.117.0

Minor Changes

  • Improves resilience by keeping users logged in when Clerk's origin is temporarily unavailable using edge-based token generation (#7516) by @bratsos

Patch Changes

  • Updated dependencies [03dd374]:
    • @clerk/shared@3.41.1
    • @clerk/localizations@3.32.1

5.116.0

Minor Changes

  • Display message in TaskChooseOrganization when user is not allowed to create organizations (#7502) by @LauraBeatris

Patch Changes

5.115.0

Minor Changes

Patch Changes

5.114.1

Patch Changes

  • Updated dependencies [893d3e4]:
    • @clerk/localizations@3.30.1

5.114.0

Minor Changes

  • Add a subtitle on the Reset password session task screen (#7392) by @octoper

Patch Changes

  • Improve error handling for invalid avatar file uploads. Previously, avatar images which exceeded the max file size limit of 10MB did not return an error within the Avatar upload component so the user was unaware why their upload did not work. (#7357) by @jigar-clerk

  • Country code updates: Aland Islands, Ascension Island, Kosovo, Mayotte, Western Sahara, and updated names for Algeria, Congo (split into Democratic Republic and Republic), Macedonia (to North Macedonia), and Swaziland (to Eswatini). (#7378) by @zourzouvillys

  • Allow reordering API Keys and Billing pages in <UserProfile /> and <OrganizationProfile />. (#7383) by @wobsoriano

    Example:

    export function CustomUserProfile() {
  return (
    <UserProfile>
      <UserProfile.Page label='apiKeys' />
      <UserProfile.Page label='billing' />
    </UserProfile>
  );
}

  • Updated dependencies [b117ebc]:

    • @clerk/localizations@3.30.0
    • @clerk/shared@3.39.0

5.113.0

Minor Changes

  • Introduce new <TaskResetPassword/> session task component (#7314) by @octoper

Patch Changes

5.112.1

Patch Changes

5.112.0

Minor Changes

  • Introduce reset-password session task (#7268) by @octoper

  • Introduce a new variant for the alternative methods screen to handle untrusted password error on sign-in (#7331) by @octoper

Patch Changes

  • Prevent enable organization prompt from appearing if there is a session with a pending choose-organization task. (#7307) by @LauraBeatris

    This resolves an issue where, after organizations are enabled via the Dashboard, cached environment resources may cause the prompt to show again when the user is redirected to complete the choose-organization task.

  • Fix issue where SignIn and SignUp instances were unable to be serialized with JSON.stringify due to a circular reference. (#7321) by @dstaley

  • Conditionally apply tabIndex={-1} usage when shown to ensure buttons are keyboard accessible. (#7306) by @alexcarpenter

  • Fixes line-height discrepancy between browsers. (#7112) by @alexcarpenter

  • Add localization key for username form error (#7320) by @guilherme6191

  • Ensure client trust messaging is only displayed if no 2FA options are available (#7313) by @tmilewski

  • Updates line-height calculations to follow font-sizing to fix differences across browsers. (#7112) by @alexcarpenter

  • Reverts the changes introduced in PR #7105, as it was causing JWTs returned from client piggybacking not to be inserted into the cache even though their claims had actually changed. (#7329) by @octoper

  • Updated dependencies [40a841d, f364924, f115e56, d4aef71, 3f99742, 02798f5, 07a30ce, ce8b914]:

    • @clerk/shared@3.37.0
    • @clerk/localizations@3.29.0

5.111.0

Minor Changes

  • When a session already exists on sign in, complete the sign in and redirect instead of only rendering an error. (#7156) by @brkalow

  • Optimized session token poller to share token with other open tabs (#7302) by @jacekradko

Patch Changes

  • Updated dependencies [e6ad12f]:
    • @clerk/localizations@3.28.5

5.110.0

Minor Changes

  • Removes SWR as direct dependency (#7270) by @panteliselef

  • Introduce in-app development prompt to enable the Organizations feature (#7159) by @LauraBeatris

    In development instances, when using organization components or hooks for the first time, developers will see a prompt to enable the Organizations feature directly in their app, eliminating the need to visit the Clerk Dashboard.

Patch Changes

  • Fix useFetch to update fetcher ref (#7145) by @iagodahlem

  • Ensure that organization component warnings are only shown when no user session exists in development (#7298) by @LauraBeatris

  • Updated dependencies [f85abda, 36e43cc]:

    • @clerk/shared@3.36.0
    • @clerk/localizations@3.28.4

5.109.2

Patch Changes

  • Make subscription actions more visible with inline buttons (#7255) by @mauricioabreu

  • Added debug query param to token requests initiated with skipCache option. (#7155) by @jacekradko

  • Updated dependencies [d8f59a6]:

    • @clerk/shared@3.35.2
    • @clerk/localizations@3.28.3

5.109.1

Patch Changes

  • Only render last used badge when there are multiple strategies enabled. (#7224) by @alexcarpenter

  • Internal change, not user-facing: Replace useOrganization with useOrganizationContext in billing components (#7257) by @LauraBeatris

  • Fix issue where network errors were being masked by fraud protection logic, preventing cache fallback from triggering properly. (#7254) by @chriscanin

  • Generate a stable tab identifier in MemoryTokenCache so multi-tab token broadcasts can be traced via consistent debug logs. (#7150) by @jacekradko

  • Updated dependencies [a9c13ca]:

    • @clerk/shared@3.35.1
    • @clerk/localizations@3.28.2

5.109.0

Minor Changes

  • Introduced initial Clerk Protect dynamic loader and related types to support dynamically enabling and rolling out Protect in the environment. (#7227) by @zourzouvillys

  • Standardized API keys naming convention (#7223) by @wobsoriano

  • [Experimental] Add support for sign-up via modal in signals implementation (#7193) by @dstaley

Patch Changes

5.108.0

Minor Changes

  • Support for email_code and email_link as a second factor when user is signing in on a new device. (#7116) by @tmilewski

  • Update SocialButtons to show "Continue with" prefix for last auth strategy, and improve mobile layout consistency. (#7169) by @alexcarpenter

  • [Experimental] Update errors to have specific field types based on whether it's a sign-in or a sign-up. (#7195) by @dstaley

  • Removed internal parameter when creating API keys (#7207) by @wobsoriano

Patch Changes

5.107.0

Minor Changes

Patch Changes

  • Updated dependencies [613cb97]:
    • @clerk/shared@3.33.0
    • @clerk/localizations@3.27.2

5.106.0

Minor Changes

  • Implemented server-side pagination and filtering for API keys (#6453) by @wobsoriano

  • [Experimental] Add types for errors used in new custom flow APIs (#7174) by @nikosdouvlis

  • [Experimental] Add support for modal SSO sign-ins to new APIs (#7026) by @dstaley

  • Support granular API keys settings for user and organization profiles (#7179) by @wobsoriano

Patch Changes

5.105.1

Patch Changes

  • Add aria live region to ensure feedback messages are read to screen readers when feedback changes. (#7111) by @alexcarpenter

5.105.0

Minor Changes

  • Replaced the persistent key column in the API keys table with a one-time modal that displays the secret immediately after creation. (#7107) by @wobsoriano

Patch Changes

5.104.0

Minor Changes

  • Adds client_trust_state field to Client and SignIn resources to support new fraud protection feature. (#7096) by @chriscanin

Patch Changes

  • fix: Appropriately handle last-used SAML strategies (#7135) by @tmilewski

  • Experimental: Ground work for fixing stale data between hooks and components by sharing a single cache. (#6913) by @panteliselef

  • Updated dependencies [ea65d39, b09b29e]:

    • @clerk/shared@3.31.0
    • @clerk/localizations@3.26.6

5.103.2

Patch Changes

  • Propagate locale from ClerkProvider to PaymentElement (#6885) by @aeliox

  • Deprecate @clerk/types in favor of @clerk/shared/types (#7022) by @nikosdouvlis

    The @clerk/types package is now deprecated. All type definitions have been consolidated and moved to @clerk/shared/types to improve consistency across the Clerk ecosystem.

    Backward Compatibility:

    The @clerk/types package will remain available and will continue to re-export all types from @clerk/shared/types to ensure backward compatibility. Existing applications will continue to work without any immediate breaking changes. However, we strongly recommend migrating to @clerk/shared/types as new type definitions and updates will only be added to @clerk/shared/types starting with the next major release.

    Migration Steps:

    Please update your imports from @clerk/types to @clerk/shared/types:

    // Before
import type { ClerkResource, UserResource } from '@clerk/types';

// After
import type { ClerkResource, UserResource } from '@clerk/shared/types';

    What Changed:

    All type definitions including:

    • Resource types (User, Organization, Session, etc.)
    • API response types
    • Configuration types
    • Authentication types
    • Error types
    • And all other shared types

    Have been moved from packages/types/src to packages/shared/src/types and are now exported via @clerk/shared/types.

  • Add debug logging to session update flows when browser is offline (#7113) by @jacekradko

  • Remove last used badge from rendering on sign-up. (#7100) by @alexcarpenter

  • Bug fix for Checkout success screen to not mention payment if a payment was not made. (#7140) by @panteliselef

  • Optimize Session.#hydrateCache to only cache token if it's new/different (#7105) by @jacekradko

  • Navigates to /sign-up/continue on sign-up with missing_requirements status using ticket as strategy (#7101) by @LauraBeatris

    It fixes IdP-initiated flows with missing requirements such as accepting legal consent

  • Updated dependencies [3e0ef92, 2587aa6]:

    • @clerk/shared@3.30.0
    • @clerk/localizations@3.26.5

5.103.1

Patch Changes

5.103.0

Minor Changes

  • Allow free trials without requiring a payment method, based on the configuration of an instance. (#7068) by @mauricioabreu

  • [Billing Beta] Remove unnecessary orgId from BillingPayerMethods interface. (#7087) by @panteliselef

Patch Changes

5.102.1

Patch Changes

  • Add title attribute to email address field with the recommended format. (#6956) by @alexcarpenter

  • Fixes an issue in SelectOption where the focus styles were not being properly applied when the option is focused. (#6999) by @alexcarpenter

    Increases SelectOption touch area to remove any dead spots between items.

  • Make avatar remove button size xs to be consistent with upload button sizing. (#7041) by @alexcarpenter

  • Improve avatar upload and removal UX to auto collapse the profile section upon successful save. (#7044) by @alexcarpenter

  • Updated dependencies [4d46e4e, 1217b87]:

    • @clerk/localizations@3.26.3
    • @clerk/types@4.95.1
    • @clerk/shared@3.28.3

5.102.0

Minor Changes

  • [Billing Beta]: Dropping paymentMethodId from subscription item. (#7017) by @panteliselef

Patch Changes

  • Add support for automatically sending the browser locale during the sign-in flow (#7011) by @guilherme6191

  • [Billing Beta] Extend support of forOrganizations prop by a few minors. (#7021) by @panteliselef

  • Updated dependencies [a172d51, 947d0f5]:

    • @clerk/types@4.95.0
    • @clerk/shared@3.28.2
    • @clerk/localizations@3.26.2

5.101.1

Patch Changes

  • Hide slug field on OrganizationProfile based on environment settings (#7001) by @LauraBeatris

  • Updated dependencies [d8147fb]:

    • @clerk/shared@3.28.1

5.101.0

Minor Changes

  • [Experimental] Add support for sign-in with passkey to new APIs (#6997) by @dstaley

Patch Changes

5.100.0

Minor Changes

  • [Billing Beta] Rename payment source descriptors to use "payment method". (#6951) by @panteliselef

  • When fetching a new Session token, broadcast the token value to other tabs so they can pre-warm their in-memory Session Token cache with the most recent token. (#6891) by @jacekradko

  • Add support for sign up locale (#6915) by @guilherme6191

  • [Experimental] Fix signIn.password emailAddress parameter name. (#6932) by @dstaley

  • [Experimental] Fix issue where calling this.create() would not correctly propagate errors. (#6932) by @dstaley

  • [Billing Beta] Rename payment source to payment method. (#6865) by @panteliselef

    Clerk.user.initializePaymentSource() -> Clerk.user.initializePaymentMethod() Clerk.user.addPaymentSource() -> Clerk.user.addPaymentMethod() Clerk.user.getPaymentSources() -> Clerk.user.getPaymentMethods()

    Clerk.organization.initializePaymentSource() -> Clerk.organization.initializePaymentMethod() Clerk.organization.addPaymentSource() -> Clerk.organization.addPaymentMethod() Clerk.organization.getPaymentSources() -> Clerk.organization.getPaymentMethods()

  • [Billing Beta] Rename payment sources to method methods. (#6959) by @panteliselef

    Updates localization keys from commerce -> billing and paymentSource to paymentMethod.

  • Introduce experimental step to choose enterprise connection on sign-in/sign-up (#6947) by @LauraBeatris

  • [Billing Beta] Replace forOrganizations: true with for: "organization" in <PricingTable/>. (#6978) by @panteliselef

Patch Changes

  • Ensure inputs are properly connected to feedback messages via aria-describedby usage. (#6914) by @alexcarpenter

  • Add enterpriseConnectionId to SamlAccount and EnterpriseAccount resources (#6961) by @LauraBeatris

    • Update checkbox checked background color and icon (#6934) by @alexcarpenter

    • Increase role select options contrast

    • Updates user preview subtitle text variant

  • Add success text descriptor to otp input field. (#6958) by @alexcarpenter

    • Add experimental property last_authenticated_at to SamlAccount resource, which represents the date when the SAML account was last authenticated (#6954) by @LauraBeatris

    • Add experimental support for enterprise_sso as a strategy param for session.prepareFirstFactorVerification

  • Only navigate to enterprise connections chooser when there are multiple enterprise_sso strategies as supported_first_factors (#6983) by @NicolasLopes7

  • Updated dependencies [65b7cc7, 6e09786, aa7210c, 2cd53cd, 1a2eee6, 2cd53cd, 1a2430a, 31a04fc, 9766c4a, 22b8e49, a66357e, 43a9c2b, dacc1af, b1ac445]:

    • @clerk/types@4.93.0
    • @clerk/shared@3.27.4
    • @clerk/localizations@3.26.0

5.99.0

Minor Changes

  • [Experimental] Add support for additional properties to Signal SignIn/SignUp (#6897) by @dstaley

Patch Changes

  • Display organization slug based on environment settings (#6903) by @LauraBeatris

  • Updated dependencies [fba4781, a1f6714]:

    • @clerk/types@4.92.0
    • @clerk/localizations@3.25.7
    • @clerk/shared@3.27.3

5.98.0

Minor Changes

  • Adding /oauth/oauth/end_session to frontendApiRedirectPathsNoUserInput (#6890) by @Ben2W

  • [Experimental] Add Signal support for Web3 APIs (#6840) by @dstaley

Patch Changes

  • Add auto focus behavior to otp input to enable pasting codes immediately (#6863) by @alexcarpenter

  • feat(clerk-js): Enable debugLogger for Next.js keyless applications. (#6886) by @heatlikeheatwave

  • Ensure the back navigation within SignUpVerificationCode returns to the appropriate step within combined flow. (#6909) by @alexcarpenter

  • Improve appearance selectors for tasks, such as including it within SignIn/SignUp components (#6861) by @iagodahlem

  • Updated dependencies [f737d26, 8777f35, 2c0128b]:

    • @clerk/types@4.91.0
    • @clerk/shared@3.27.2
    • @clerk/localizations@3.25.6

5.97.0

Minor Changes

  • [Billing Beta] Drop top level billing flags from environment. Instead, use the payer specific flags. (#6882) by @panteliselef

Patch Changes

  • Prevent leaking the data-component-status attribute for components other than <PricingTable/>. (#6884) by @panteliselef

  • Hide CTA for <PricingTable forOrganization/> when the user is does not have an active organization selected. (#6883) by @panteliselef

  • Updated dependencies [37028ca]:

    • @clerk/types@4.90.0
    • @clerk/localizations@3.25.5
    • @clerk/shared@3.27.1

5.96.0

Minor Changes

Patch Changes

  • Update active context cookie to properly set Secure attribute. (#6851) by @brkalow

  • Updated dependencies [e3e77eb, 9cf89cd, 090ca74, 5546352]:

    • @clerk/shared@3.27.0
    • @clerk/types@4.89.0
    • @clerk/localizations@3.25.4

5.95.0

Minor Changes

  • [Experimental] Add support for ticket sign-ins and sign-ups (#6806) by @dstaley

  • [Billing Beta] Rename types, interfaces and classes that contain commerce to use billing instead. (#6757) by @panteliselef

Patch Changes

  • Fix TaskChooseOrganizationScreen to render accepted suggestions properly (#6804) by @iagodahlem

  • Correct ticket field reference in SignUpStart.tsx handleSubmit logic gate (#6824) by @kduprey

  • Update jsdocs mentions of @experimental tag. (#6651) by @panteliselef

  • [Experimental] Correctly determine destination first factor based on identifier. (#6789) by @dstaley

  • Update <ArrowBlockButton /> icon sizing to be consistent with usage within billing components (#6803) by @alexcarpenter

  • Updated dependencies [4a142e9, 41e0a41, 1aa9e9f, 40e1b01, a88ee58, d6c7bbb]:

    • @clerk/localizations@3.25.3
    • @clerk/shared@3.26.1
    • @clerk/types@4.88.0

5.94.0

Minor Changes

  • [Experimental] Signal email link support (#6766) by @dstaley

  • Add retry attempt tracking to FAPI client GET requests (#6777) by @jacekradko

    The FAPI client now adds a _clerk_retry_attempt query parameter to retry attempts for GET requests, allowing servers to track and handle retry scenarios appropriately. This parameter is only added during retry attempts, not on the initial request.

  • [Billing Beta] Remove deprecated subscription attribute from Billing (#6788) by @mauricioabreu

Patch Changes

  • Fix ArrowButtonBlock truncation within payment sources (#6764) by @alexcarpenter

  • Hide flows inside UserProfile and OrganizationProfile that depend on Stripe.js when remotely hosted code is not permitted. (#6754) by @panteliselef

  • Add support for canceling past due subscriptions (#6783) by @aeliox

  • Hide payment methods from checkout if the new subscription does not result in an immediate change to the end user's plan. (#6786) by @panteliselef

  • Bug fix that allowed useStatements(), usePaymentMethods() and usePaymentAttempts() to fire a request when the billing feature was turned off for the instance. (#6785) by @panteliselef

  • Performance improvements for <Checkout />. (#6765) by @panteliselef

  • Updated dependencies [bcf24f2, f7c6b49, f070459, 1ceedad, de90ede, 9d4a95c, 428cd57, 9eac18f]:

    • @clerk/types@4.87.0
    • @clerk/localizations@3.25.2
    • @clerk/shared@3.26.0

5.93.0

Minor Changes

  • [Billing Beta] Removal of Billing experimental methods: organization.getSubscriptions() and billing.getSubscriptions() (#6738) by @mauricioabreu

  • [Experimental] Add support for additional params for SignUp (#6716) by @dstaley

Patch Changes

5.92.1

Patch Changes

  • Hides the subscription "Manage" button when no subscription items exist instead of the subscription itself being absent. (#6734) by @panteliselef

5.92.0

Minor Changes

  • Introduce "Last Used" functionality to Sign In and Up (#6722) by @tmilewski

Patch Changes

  • Change placement of the manage subscription button inside <UserProfile/> and <OrganizationProfile/> (#6428) by @panteliselef

  • Do not trigger organization roles query when the current user's membership lacks the required permissions (org:sys_memberships:read or org:sys_memberships:manage). (#6703) by @LauraBeatris

    This fixes an issue where the OrganizationSwitcher component was making unnecessary API calls to fetch roles, resulting in HTTP 403 errors.

  • Update search icon, payment source icon, and user preview identifier colors. (#6697) by @alexcarpenter

  • Updated dependencies [55490c3, f689d99, e8d21de, 637f2e8, 465369b]:

    • @clerk/localizations@3.25.0
    • @clerk/types@4.85.0
    • @clerk/shared@3.24.2

5.91.2

Patch Changes

  • Fixes issue where "prepare" API request would only fire once, preventing end users from receiving fresh otp codes. (#6695) by @panteliselef

  • Wait for pricing table data to be ready before hiding its fallback. (#6644) by @panteliselef

  • Fix double slash in FAPI client URLs when using a proxy configuration (avoids 308 redirects). (#6706) by @jacekradko

  • Hide billing tab when no paid plans exist, the user does not have a current or past subscription. (#6696) by @panteliselef

  • Update the experimental Errors interface to allow null for raw and global error arrays (#6677) by @nikosdouvlis

  • Updated dependencies [6e3f53e, fced4fc, e6e19d2, d0fe6ca, 1b1e8b1]:

    • @clerk/localizations@3.24.2
    • @clerk/types@4.84.1
    • @clerk/shared@3.24.1

5.91.1

Patch Changes

  • Add .lp.dev to list of origins that prefer the popup SSO flow. (#6686) by @brkalow

5.91.0

Minor Changes

  • [Experimental] Signal phone code support (#6650) by @dstaley

  • [Billing Beta] checkout.confirm() now infers the resource id resulting in less repetition and improved DX. (#6642) by @panteliselef

    After

    const checkout = Clerk.billing.startCheckout({ orgId });
checkout.confirm(); // orgId is always implied

    Before

    const checkout = clerk.billing.startCheckout({ orgId });
checkout.confirm({ orgId });

  • [Experimental] Signal MFA support (#6659) by @dstaley

Patch Changes

5.90.0

Minor Changes

Patch Changes

  • Updated dependencies [12b19d4, 823b80f, 600c648]:
    • @clerk/localizations@3.24.0
    • @clerk/shared@3.23.0
    • @clerk/types@4.83.0

5.89.0

Minor Changes

  • Rework the OTP input to use a single transparent input (via input-otp) to improve password manager compatibility and iOS/Android SMS-based autofill. Removes individual digit fields; a single invisible input drives the six visual slots. (#6551) by @tmilewski

    If you're using @clerk/testing, please ensure that you're using the latest version.

  • [Experimental] Signal transfer support (#6614) by @dstaley

  • [Experimental] Signals isLoaded removal (#6605) by @dstaley

Patch Changes

5.88.0

Minor Changes

  • [Experimental] Add support for captcha to Signal SignUp (#6574) by @dstaley

  • Adding /oauth/authorize-with-immediate-redirect to frontendApiRedirectPathsNoUserInput (#6579) by @Ben2W

  • [Billing Beta] Replace redirectUrl with navigate in checkout.finalize() (#6586) by @panteliselef

Patch Changes

  • [Billing Beta] Rename cancelFreeTrialDescription to cancelFreeTrialAccessUntil. (#6582) by @panteliselef

  • Update copies for create organization screen on session tasks (#6584) by @iagodahlem

  • Add class cl-planDetails-root to the parent div element that containes the plan details drawer. (#6573) by @panteliselef

  • Fix incorrect redirect when completing session tasks within SignIn and SignUp components (#6580) by @iagodahlem

  • Hide passkeys section when user has an enterprise account with the disable additional identifiers setting enabled (#6585) by @NicolasLopes7

  • Improve multi-session navigation to tasks (#6575) by @LauraBeatris

  • Update notice when cancelling a trial. (#6582) by @panteliselef

  • Add a development-mode warning when exactly one of routerPush or routerReplace is provided in ClerkOptions. Both must be defined together for custom router navigation to work correctly. (#6578) by @kduprey

  • Updated dependencies [e52bf8e, edd0f21, c043c19, c28d29c, 172e054]:

    • @clerk/localizations@3.23.0
    • @clerk/types@4.81.0
    • @clerk/shared@3.22.0

5.87.0

Minor Changes

Patch Changes

  • Fix server-side cache revalidation for Next.js when transitioning from active to pending session (#6572) by @LauraBeatris

  • Updated dependencies [8dc6bad, aa6a3c3, db50c47]:

    • @clerk/types@4.80.0
    • @clerk/localizations@3.22.0
    • @clerk/shared@3.21.2

5.86.0

Minor Changes

Patch Changes

  • Add error handling for setActive with stale organization data (#6550) by @LauraBeatris

  • Updated dependencies [f7e6d29, 413468c, 7b7eb1f]:

    • @clerk/localizations@3.21.3
    • @clerk/shared@3.21.1
    • @clerk/types@4.79.0

5.85.0

Minor Changes

  • [Experimental] Signals: Add support for calling signIn.password() without an identifier. (#6534) by @dstaley

Patch Changes

  • Remove flickers from PricingTable when signed in. (#6535) by @panteliselef

  • Display trial subscriptions in UserProfile and OrganizationProfile. (#6526) by @panteliselef

  • Updated dependencies [5b24129]:

    • @clerk/shared@3.21.0
    • @clerk/types@4.78.0
    • @clerk/localizations@3.21.2

5.84.0

Minor Changes

  • Add navigate parameter to clerk.setActive() for custom navigation before the session and/or organization is set. (#6486) by @LauraBeatris

    It's useful for handling pending session tasks for after-auth flows:

    await clerk.setActive({
  session,
  navigate: async ({ session }) => {
    const currentTask = session.currentTask;
    if (currentTask) {
      await router.push(`/onboarding/${currentTask.key}`);
      return;
    }

    await router.push('/dashboard');
  },
});

Patch Changes

  • Introduce debugLogger for internal debugging support (#6452) by @jacekradko

  • Updated dependencies [4db1e58, 69498df, 59f1559]:

    • @clerk/types@4.77.0
    • @clerk/shared@3.20.1
    • @clerk/localizations@3.21.1

5.83.0

Minor Changes

  • [Billing Beta] Replace usage of top level amounts in plan with fees for displaying prices. (#6490) by @panteliselef

  • Add support for trials in <Checkout/> (#6494) by @panteliselef

    • Added freeTrialEndsAt property to CommerceCheckoutResource interface.

  • Update billing resources with trial properties. (#6492) by @panteliselef

  • Update PricingTable with trial info. (#6493) by @panteliselef

  • [Experimental] Signals reset password flow (#6520) by @dstaley

Patch Changes

  • Add optional isExternal to ApplicationLogo (#6447) by @jfoshee

    Add optional oAuthApplicationUrl parameter to OAuth Consent mounting (which is used to provide a link to the OAuth App homepage).

    Harden Link component so it sanitizes the given href to avoid dangerous protocols.

  • Updated dependencies [69622af, 33e7a7b, 15fe106, 173837c, 8b52d7a, 854dde8, ae2e2d6, 037f25a, 6f73222, f8b38b7]:

    • @clerk/localizations@3.21.0
    • @clerk/types@4.76.0
    • @clerk/shared@3.20.0

5.82.0

Minor Changes

  • [Billing Beta] Cleanup naming inconsistencies in billing dates. (#6513) by @panteliselef

    Migration

    • subscriptionItem.periodStartDate → subscriptionItem.periodStart
    • subscriptionItem.periodEndDate → subscriptionItem.periodEnd
    • subscriptionItem.canceledAtDate → subscriptionItem.canceledAt

  • [Experimental] Signal Errors (#6495) by @dstaley

  • Remove treatPendingAsSignedOut from Clerk options (#6497) by @LauraBeatris

Patch Changes

  • Use throttling instead of sampling for telemetry events of UI components on keyless apps. (#6514) by @panteliselef

  • Refactor ApplicationLogo rendering logic to account for oAuth logos within OAuthConsent component. (#6518) by @alexcarpenter

  • Trigger Next.js hooks on session status transition from active to pending to update authentication context state (#6511) by @LauraBeatris

  • Add .v0.app as a preferred popup origin for OAuth flows. (#6519) by @brkalow

  • Updated dependencies [b72a3dd, d93b0ed, 6459f7d, 0ff648a, 9084759]:

    • @clerk/types@4.75.0
    • @clerk/shared@3.19.0
    • @clerk/localizations@3.20.9

5.81.0

Minor Changes

  • [Billing Beta] Update PlanDetailsProps to reflect that either planId or plan is allowed. (#6472) by @panteliselef

Patch Changes

  • Introduce TaskChooseOrganization component which replaces TaskSelectOrganization with a new UI that make the experience similar to the previous SignIn and SignUp steps (#6446) by @LauraBeatris

  • [Experimental] Signals (#6450) by @dstaley

  • Rename task key from select-organization to choose-organization (#6482) by @LauraBeatris

  • Updated dependencies [1ad16da, 4edef81, 696f8e1, f318d22, 1cc66ab]:

    • @clerk/localizations@3.20.8
    • @clerk/types@4.74.0
    • @clerk/shared@3.18.1

5.80.0

Minor Changes

  • [Billing Beta] Update checkout.status type to be 'needs_confirmation' | 'completed' instead of string. (#6474) by @panteliselef

Patch Changes

  • [Billing Beta] Stricter return type of useCheckout to improve inference of other properties. (#6473) by @panteliselef

  • Guard against navigation to root sign-in route during setActive in SignInFactorOne (#6462) by @LauraBeatris

  • Fix invalid DOM element prop being passed down to Input (#6458) by @jacekradko

  • Fix iframe detetction and ensure we prefer the oauth popup flow when in an iframe. (#6455) by @brkalow

  • Fix multi-session navigation for hash routing (#6461) by @LauraBeatris

  • Fix touchSession option to only affect session touch behavior to window focus events. (#6444) by @LauraBeatris

    Previously, when touchSession: false was provided, it incorrectly prevented session touching during setActive() calls when switching sessions or selecting organizations.

  • Updated dependencies [9368daf, f93965f, 7b6dcee, ef87617]:

    • @clerk/shared@3.18.0
    • @clerk/localizations@3.20.7
    • @clerk/types@4.73.0

5.79.0

Minor Changes

  • [Billing Beta]: Update prefix for checkout status (#6438) by @panteliselef

    Replaces awaiting_ with needs_.

  • [Billing Beta] Remove statement_id from the checkout resource. (#6437) by @panteliselef

Patch Changes

  • Add inputmode="email" to email fields to help prompt mobile devices to use a virtual keyboard optimized for entering email addresses. (#6440) by @alexcarpenter

  • Fix TelemetryCollector logic for clerk-js in browser to properly populate sdkMetadata for telemetry events. (#6448) by @panteliselef

  • Display alert on plan details error (#6384) by @panteliselef

  • Added proper type checking before using the in operator to prevent errors when modal state contains non-object values (#6433) by @jacekradko

  • Refactor billing statement page and payment attempt page data loading (#6420) by @aeliox

  • Added temporary patch for API keys pagination compatibility (#6451) by @wobsoriano

  • Fix SSO callback for after-auth custom flows (#6430) by @LauraBeatris

  • Updated dependencies [7a46679, 05cc5ec, 22c35ef, c69de58, e8d816a, aa9f185, af0e123, 3d1d871]:

    • @clerk/shared@3.17.0
    • @clerk/types@4.72.0
    • @clerk/localizations@3.20.6

5.78.0

Minor Changes

  • [Billing Beta]: Replace org for organization as payer type for billing APIs. (#6423) by @panteliselef

    This applies for all billing APIs, except the resources classes that represent data from Frontend API.

  • Refactor base theme approach to enable opting into simple theme. (#6371) by @alexcarpenter

    appearance={{
  theme: 'simple' // removes Clerk base theme
}}

Patch Changes

5.77.0

Minor Changes

  • Introduce <TaskSelectOrganization /> component. (#6376) by @LauraBeatris

    It allows you to eject the organization selection task flow from the default SignIn and SignUp components and render it on custom URL paths using taskUrls.

    Usage example:

    <ClerkProvider taskUrls={{ 'select-organization': '/onboarding/select-organization' }}>
  <App />
</ClerkProvider>

    function OnboardingSelectOrganization() {
  return <TaskSelectOrganization redirectUrlComplete='/dashboard/onboarding-complete' />;
}

Patch Changes

  • Remove cache revalidation hooks from pending session handling. This fixes unmounting issues from SignIn and SignUp AIOs during after-auth flows. (#6389) by @LauraBeatris

  • Updated dependencies [b0fdc9e]:

    • @clerk/types@4.70.1
    • @clerk/localizations@3.20.4
    • @clerk/shared@3.15.1

5.76.0

Minor Changes

  • [Billing Beta] Introduce top level subscription. (#6317) by @panteliselef

    Updated CommerceSubscriptionJSON to describe the top level subscription and renamed the existing type to CommerceSubscriptionItemJSON. Deprecated billing.getSubscriptions() in favour of billing.getSubscription.

  • [Billing Beta] Replace useSubscriptionItems with useSubscription. (#6317) by @panteliselef

Patch Changes

  • Updated dependencies [cd59c0e, cd59c0e]:
    • @clerk/types@4.70.0
    • @clerk/shared@3.15.0
    • @clerk/localizations@3.20.3

5.75.0

Minor Changes

Patch Changes

5.74.1

Patch Changes

  • Replace the /subscriptions FAPI endpoint with /subscription_items for cancelling subscription items. (#6341) by @panteliselef

  • Updated dependencies [4f2e0ad]:

    • @clerk/localizations@3.20.1

5.74.0

Minor Changes

  • [Billing Beta] Update clerk.billing.getPlans() to return paginated data and introduce the usePlans() hook. (#6327) by @panteliselef

Patch Changes

  • Marking root of subscription modal with cl-subscriptionDetails-root. (#6333) by @panteliselef

    • Render parsed colorRing at 15% vs 100% (#6334) by @alexcarpenter

    • Render parsed colorModalBackdrop at 73% vs 100%

    • Ensure avatarBackground and avatarBorder render with parsed neutral colors when colorNeutral is passed in via variables prop

  • Improve invalid plan change callout for monthly-only plans (#6248) by @aeliox

  • Navigate to tasks on sso-callback route (#6324) by @LauraBeatris

  • Updated dependencies [d2f6f9e, a329836, 6041c39, 3f1270d]:

    • @clerk/types@4.68.0
    • @clerk/shared@3.13.0
    • @clerk/localizations@3.20.0

5.73.2

Patch Changes

  • Do not trigger after-auth navigation from useMultisessionActions (#6323) by @LauraBeatris

  • Updated dependencies [2a90b68, af50905]:

    • @clerk/types@4.67.0
    • @clerk/shared@3.12.3
    • @clerk/localizations@3.19.2

5.73.1

Patch Changes

  • Refactor after-auth flows to keep navigation internally (#6319) by @LauraBeatris

  • Updated dependencies [8ee859c]:

    • @clerk/shared@3.12.2
    • @clerk/types@4.66.1
    • @clerk/localizations@3.19.1

5.73.0

Minor Changes

  • Expose Clerk CSS variables as an option for theming Clerk's components. This change introduces CSS custom properties that allow developers to customize Clerk's appearance using standard CSS variables, providing a more flexible theming approach. (#6275) by @alexcarpenter

    :root {
  --clerk-color-primary: #6d47ff;
  --clerk-color-primary-foreground: #ffffff;
}

    Deprecated variables

    DeprecatedNew
    colorTextcolorForeground
    colorTextOnPrimaryBackgroundcolorPrimaryForeground
    colorTextSecondarycolorMutedForeground
    spacingUnitspacing
    colorInputTextcolorInputForeground
    colorInputBackgroundcolorInput

    Deprecated variables will continue to work but will be removed in the next major version.

    New variables

    • colorRing - The color of the ring when an interactive element is focused.
    • colorMuted - The background color for elements of lower importance, eg: a muted background.
    • colorShadow - The base shadow color used in the components.
    • colorBorder - The base border color used in the components.
    • colorModalBackdrop - The background color of the modal backdrop.

  • Display past due subscriptions properly. (#6309) by @panteliselef

  • Extract SubscriptionDetails, into its own internal component, out of existing (also internal) PlanDetails component. (#6148) by @panteliselef

Patch Changes

  • Enhanced detection of password manangers (#6311) by @tmilewski

  • Updated dependencies [025e304, dedf487, b96114e]:

    • @clerk/types@4.66.0
    • @clerk/localizations@3.19.0
    • @clerk/shared@3.12.1

5.72.0

Minor Changes

  • [Billing Beta]: Introduce experimental Clerk.__experimental_checkout() for managing the state of a checkout session. (#6195) by @panteliselef

Patch Changes

  • Bugfix: Fixed incorrect field validation when using password authentication with email or phone number during sign-up. Optional email and phone fields now correctly display their requirement status. (#6259) by @bratsos

  • Force redirect to SSO callback route when force-an-org is enabled, ensuring task display and organization selection (#6271) by @LauraBeatris

  • Navigate to tasks when switching sessions (#6273) by @LauraBeatris

  • Updated dependencies [2be6a53, f6a1c35, 6826d0b, f6a1c35, 97a07f7]:

    • @clerk/types@4.65.0
    • @clerk/shared@3.12.0
    • @clerk/localizations@3.18.1

5.71.0

Minor Changes

  • Add CSS variable support to the appearance.variables object, enabling use of CSS custom properties. For example, you can now use colorPrimary: 'var(--brand-color)' to reference CSS variables defined in your stylesheets. (#6187) by @alexcarpenter

    This feature includes automatic fallback support for browsers that don't support modern CSS color manipulation features.

  • Added granular permission checks to <APIKeys /> component to support read-only and manage roles (#6253) by @wobsoriano

  • Remove @stripe/react-stripe-js dependency and only allow loading of stripe-js via Clerk.__internal_loadStripeJs(). (#6180) by @panteliselef

  • Password managers will now autofill OTP code verifications. (#6247) by @tmilewski

  • Adds Content Security Policy (CSP) nonce support to the Cloudflare Turnstile (#6226) by @jacekradko

Patch Changes

5.70.0

Minor Changes

  • Convert date properties from number to Date in CommerceSubscriptionResource (#6233) by @panteliselef

    Deprecates fields of type number

    • subscription.periodStart
    • subscription.periodEnd
    • subscription.canceledAt Introduces fields of type Date
    • subscription.periodStartDate
    • subscription.periodEndDate
    • subscription.canceledAtDate
    • subscription.createdAt

  • Add getPlan by id to the billing namespace. (#6230) by @panteliselef

Patch Changes

5.69.3

Patch Changes

  • Hide invitation in OrganizationSwitcher when user is already an active member of the organization (#6208) by @LauraBeatris

  • Updated dependencies [02a1f42, edc0bfd]:

    • @clerk/shared@3.10.1
    • @clerk/types@4.62.1
    • @clerk/localizations@3.17.2

5.69.2

Patch Changes

  • Fixes stale SignIn object on authenticateWithRedirect for saml and enterprise_sso custom flows (#6160) by @LauraBeatris

    Previously, the same connection identifier would be used on every authenticateWithRedirect call leading to redirecting to the wrong identity provider

  • Fix SVG masking cross-browser compatibility in checkout complete component (#6190) by @panteliselef

  • Use hooks exported from @clerk/shared to query commerce data. (#6159) by @panteliselef

  • Do not display create organization form after accepting organization invitation on after-auth flow (#6191) by @LauraBeatris

  • Updated dependencies [65ca8f5, f1be1fe, bffb42a]:

    • @clerk/localizations@3.17.1
    • @clerk/types@4.62.0
    • @clerk/shared@3.10.0

5.69.1

Patch Changes

  • Add element descriptors to <APIKeys /> component (#6095) by @wobsoriano

  • Fixed issues causing incorrect form fields or restricted access for users with existing sign-up tickets (#6143) by @jacekradko

  • Prevent organization list from displaying after creating an organization through the force organization selection flow (#6117) by @LauraBeatris

  • Replace expiration segmented list with dropdown and hide description field in <APIKeys /> component (#6153) by @wobsoriano

  • Add signInMode prop to PricingTable for configuring sign in behavior (#6154) by @aeliox

  • Reworked the cache key creation logic in SignInFactorOneCodeForm.tsx not to rely on sign_in.id, which can change after host app re-renders (#6134) by @jacekradko

  • Bug fix: Drawers would always act as prefered-reduced-motion was turned on on the first render. (#6149) by @alexcarpenter

  • Fixes a scenario where the session token would not immediately update after a call to Clerk.session.touch(). (#6144) by @brkalow

  • Updated dependencies [86f32ab, b495279, c3fa15d, 52d5e57, 15a945c, 9487346, 656851d, 72629b0, 0271fd3]:

    • @clerk/localizations@3.17.0
    • @clerk/types@4.61.0
    • @clerk/shared@3.9.8

5.69.0

Minor Changes

  • Add <APIKeys /> component. This component will initially be in early access and not recommended for production usage just yet. (#5858) by @wobsoriano

Patch Changes

  • Add payment history tab to UserProfile and OrgProfile (#6075) by @aeliox

  • Maintain current active organization when setActive({ organization: null }) is called with force organization selection enabled (#6103) by @LauraBeatris

  • Add .v0.dev as prefered origin for oauth flows with popup. (#6118) by @mwickett

  • Do not allow setActive({ organization: null }) when organization selection is forced (#6073) by @LauraBeatris

  • Fix Stripe Elements error handling (#6074) by @aeliox

  • Use error metadata for invalid change plan screen on Checkout component. (#6102) by @panteliselef

  • Add localizations for some commerce strings, general cleanups (#6101) by @aeliox

  • Display info tooltip for past due amounts at checkout. (#6097) by @panteliselef

  • Updated dependencies [19e9e11, 18bcb64, 138f733, 48be55b, 2c6f805, 97749d5]:

    • @clerk/localizations@3.16.5
    • @clerk/types@4.60.1
    • @clerk/shared@3.9.7

5.68.0

Minor Changes

  • Introduce cssLayerName option to allow users to opt Clerk styles into a native CSS layer. (#5552) by @alexcarpenter

Patch Changes

  • Get payment_method_order for Stripe payment elements from backend (#6034) by @aeliox

  • Use the is_removable flag on a payment source to determine if it can be removed. (#6033) by @aeliox

  • Clean up layout and logic of the PlanDetails drawer (#5928) by @aeliox

  • Initiate enterprise SSO from ticket flows, such as organization invitations. (#6009) by @LauraBeatris

  • Introduce internal <OAuthConsent /> component to be used internally in the machine auth OAuth flow in account portal. (#6021) by @alexcarpenter

  • feat(types,clerk-js): Update types; RoleSelect allows fallbackLabel (#6037) by @thiskevinwang

    • this updates OrganizationInvitation and OrganizationMembership resource+types to include roleName which is already present on frontend-api responses, as role_name.
    • this updates RoleSelect to allow rendering a fallbackLabel in the event that value does not map to any of the supplied roles

  • Updated dependencies [d8fa5d9, be2e89c, 85f3db4, 5644d94, b578225, 8838120]:

    • @clerk/types@4.60.0
    • @clerk/localizations@3.16.4
    • @clerk/shared@3.9.6

5.67.5

Patch Changes

  • Fixes a bug where the session cookie was getting incorrectly set from tabs that do not reflect the active session. (#5989) by @brkalow

  • Fix an issue where clerk-js was incorrectly emitting the new session's token during session switching. This impacts some applications that rely on Clerk's multi-session behavior. (#5986) by @brkalow

  • Fix issue where the combined flow wouldn't trigger if a phone number was used as an identifier while set as an optional field. (#5992) by @dstaley

  • Add "Past Due" amount on checkout flow when applicable (#6014) by @octoper

  • Handle missing publicUserData in OrganizationMembership (#6016) by @tmilewski

  • Add support for the signup_rate_limit_exceeded error on OAuth flows (#6028) by @anagstef

  • Updated dependencies [f897773, 2c6a0cc, 71e6a1f]:

    • @clerk/shared@3.9.5
    • @clerk/localizations@3.16.3
    • @clerk/types@4.59.3

5.67.4

Patch Changes

  • Replaces useFetch with useSWR or useSWRMutation in all commerce related components. (#5939) by @panteliselef

  • Fix logic for allowing removal of all payment methods if there are no paid subscriptions (#5975) by @aeliox

  • Pass the full statement id to the list item to ensure the full value is copied to clipboard. (#5984) by @alexcarpenter

  • Refactors checkout success highlight animation to fix an issue where background colors other that white, would not properly mask the highlight glow. (#5991) by @alexcarpenter

  • Drop throttling for multisession apps to fix edge cases when quickly switching between tabs with different sessions, in apps that have multisession support enabled. (#5990) by @nikosdouvlis

  • Updated dependencies [6ed3dfc, f6a4a7b]:

    • @clerk/types@4.59.2
    • @clerk/localizations@3.16.2
    • @clerk/shared@3.9.4

5.67.3

Patch Changes

  • Bug fix: Remove cancel subscription option when implicitly subscribed to the default free plan. (#5946) by @alexcarpenter

  • Maintain _ _clerk_ticket and _ _clerk_status query params through sign up verification flow (#5965) by @jacekradko

  • Maintain selected identifier when going through combined flow (#5972) by @jacekradko

  • Remove 'sms' channel parameter from phone code requests (#5966) by @anagstef

  • Updated dependencies [f237d76]:

    • @clerk/shared@3.9.3

5.67.2

Patch Changes

  • Add support for country-specific alternative phone code channels (#5937) by @anagstef

  • Allow removal of all payment methods when there are no active subscriptions (#5963) by @aeliox

  • Removes z-index from keyless prompt to prevent overlay issues with drawers. (#5951) by @alexcarpenter

  • Add checkout success animation highlight. (#5940) by @alexcarpenter

  • Fixes issue where min/max username lengths errors were not properly interpolated within profile component. (#5948) by @alexcarpenter

  • Updated dependencies [c305b31, 6bb480e]:

    • @clerk/localizations@3.16.1
    • @clerk/types@4.59.1
    • @clerk/shared@3.9.2

5.67.1

Patch Changes

  • Fix showing alternative phone code provider when no other SSO exists. (#5942) by @anagstef

5.67.0

Minor Changes

  • Introduce __experimental_startPath option for openOrganizationProfile. (#5926) by @alexcarpenter

    Example usage:

    clerk.openOrganizationProfile({
  __experimental_startPath: '/billing',
});

  • Replaces strings with localizations throughout billing components. (#5922) by @alexcarpenter

Patch Changes

  • Hide "Set as default" from the action menu of the default MFA method (#5933) by @octoper

  • Add oidcPrompt prop to SignIn and SignUp components and authenticateWithRedirect method to control the OIDC authentication prompt behavior during Enterprise SSO flows (#5925) by @LauraBeatris

    <SignUp oidcPrompt='select_account' />
<SignIn oidcPrompt='select_account' />

    signUp.authenticateWithRedirect({ redirectUrl: '/sso-callback', oidcPrompt: 'select_account' });

  • Replace useFetch with useSWRMutate on checkout. (#5932) by @panteliselef

  • Bug fix: Call setActive after closing Checkout to ensure RSCs re-render with the new auth context. (#5916) by @panteliselef

  • Add drawerRoot descriptor and adjust z-index approach. (#5924) by @alexcarpenter

  • Only lock scroll when Drawer is using fixed strategy (#5936) by @alexcarpenter

  • Fixing issues where checkout data being stale (#5921) by @octoper

  • Bug fix: Always invalidate checkout object when <Checkout/> unmounts. (#5929) by @panteliselef

  • Updated dependencies [b1337df, 65f0878, df6fefd, 4282bfa, 5491491]:

    • @clerk/types@4.59.0
    • @clerk/localizations@3.16.0
    • @clerk/shared@3.9.1

5.66.0

Minor Changes

  • Introduce WhatsApp as an alternative channel for phone code delivery. (#5894) by @anagstef

    The new channel property accompanies the phone_code strategy. Possible values: whatsapp and sms.

Patch Changes

  • Fixes incorrect heading spacing within PlanDetails drawer header (#5918) by @alexcarpenter

  • Display a better subscription list / button when empty and the free plan is hidden (#5912) by @aeliox

  • Improvements of flows for switching between plans (#5883) by @octoper

  • Bug fix: Revalidate payment methods after checking out with test card. (#5913) by @panteliselef

  • Ensure Checkout drawer animation and content respects RTL usage. (#5906) by @alexcarpenter

  • Fixes issue in Safari where navigating between profile tabs caused the navbar icons to shift unexpectedly. (#5887) by @alexcarpenter

  • Fixes newSubscriptionRedirectUrl usage on PricingTable. (#5909) by @alexcarpenter

  • Updated dependencies [36c6f8f, 1ff6d6e, 68a7b40, f288881, fbf3cf4]:

    • @clerk/localizations@3.15.3
    • @clerk/shared@3.9.0
    • @clerk/types@4.58.1

5.65.0

Minor Changes

  • Add handling of new Handshake nonce flow when authenticating requests (#5865) by @jacekradko

  • Fix issue where we were not correctly passing the checkoutProps through within the PricingTable component. Removes internal checkoutProps prefix from PricingTableBaseProps. (#5888) by @alexcarpenter

Patch Changes

  • Added a notice in tooltip when member no has permissions to manage billing for all manager related buttons (#5852) by @octoper

  • Fix and issue after paying with a new card where it was navigationg to existing payment sources and then complete checkout screen (#5882) by @octoper

  • Update profile components plans page heading from Switch plans to Plans (#5889) by @alexcarpenter

  • Sort payment sources so always default one is on top (#5875) by @octoper

  • Add element descriptor to the text element rendered within UserPreview component. (#5878) by @alexcarpenter

  • Remove no manage billing permissions alert from the of start billing page (#5873) by @octoper

  • Fix mobile <Drawer /> sizing. (#5880) by @alexcarpenter

  • Add descriptor ids to UserMembershipList and OrganizationSwitcherTrigger elements to improve styling experience. (#5881) by @alexcarpenter

  • Removes white space from PlanCard when the ctaPosition is top and there are no features (#5885) by @alexcarpenter

  • Fix the "Plan starts at" date when a user downgrades from a paid plan to the free plan (#5893) by @nikosdouvlis

  • Add loading state to <PaymentSources /> component. (#5879) by @alexcarpenter

  • Updated dependencies [d81c1c1, 0f5145e, afdfd18, b7c51ba, 437b53b, 5217155]:

    • @clerk/localizations@3.15.2
    • @clerk/types@4.58.0
    • @clerk/shared@3.8.2

5.64.2

Patch Changes

  • Fix PricingTable logic for plan button text. (#5869) by @brkalow

5.64.1

Patch Changes

5.64.0

Minor Changes

Patch Changes

5.63.5

Patch Changes

  • Use the total.proration.credit to show the proration credit on checkout flow (#5792) by @octoper

  • Adding Partitioned attribute to __client_uat cookie in CHIPS build variant (#5785) by @jacekradko

  • Fix wrong tax value on invoices (#5796) by @octoper

  • Fix credits section show check (#5795) by @octoper

  • Remove usage of totals.grandTotal from checkout flows (#5794) by @octoper

  • Remove unused properties from proration response in checkout (#5793) by @octoper

  • Updated dependencies [9ec0a73, d9222fc]:

    • @clerk/types@4.56.3
    • @clerk/localizations@3.14.4
    • @clerk/shared@3.7.8

5.63.4

Patch Changes

  • Brings back the free plan card in the PricingTable (#5787) by @aeliox

  • Fix issue where the checkout component was portaling into the wrong profile component when two profile components were rendered at once. (#5779) by @alexcarpenter

  • Only render add / select payment method UI during checkout when the total due is greater than $0 (#5762) by @aeliox

  • Updated dependencies [225b9ca]:

    • @clerk/types@4.56.2
    • @clerk/localizations@3.14.3
    • @clerk/shared@3.7.7

5.63.3

Patch Changes

  • Fix issue within profile components where the ProfileBox was removed when mounting the pricing table component causing padding issues. (#5777) by @alexcarpenter

5.63.2

Patch Changes

  • Retry checkout confirmation if there is another checkout in progress (#5771) by @octoper

  • Avoid opening checkout from <PricingTable /> without a session, when selecting a plan. (#5765) by @panteliselef

  • Forcing __session cookie to have SameSite=none attribute in the CHIPS build variant (#5775) by @jacekradko

  • Display upgrade and downgrade information on <Checkout />. (#5746) by @panteliselef

  • Fix handshake redirect loop in applications deployed to Netlify with a Clerk development instance. (#5656) by @wobsoriano

  • Throw error in development when opening <Checkout /> without a session. (#5767) by @panteliselef

  • Refactor PricingTable components to use RootBox component for top level element. (#5747) by @alexcarpenter

  • Updated dependencies [387bf62, 2716622, 294da82]:

    • @clerk/types@4.56.1
    • @clerk/shared@3.7.6
    • @clerk/localizations@3.14.2

5.63.1

Patch Changes

  • Correct the entry point for the clerk.chips.browser.js bundle (#5758) by @jacekradko

  • Update dependency qrcode.react from 3.1.0 to 4.2.0. This fixes peer dependency warnings with React 19. (#5760) by @LekoArts

5.63.0

Minor Changes

  • Introduce <PricingTable forOrganizations /> to display plans that available only for organizations. (#5740) by @panteliselef

  • Setting the Partitioned attribute on __session cookie (#5514) by @jacekradko

Patch Changes

  • Checkout confirm request handles both new/existing payment sources (#5745) by @octoper

  • Exclude matrix variant of <PricingTable />. (#5724) by @panteliselef

  • Fix layout shift caused by the invisible captcha mechanism (#5753) by @anagstef

  • For each plan inside the <PricingTable/> display "Switch to this plan" instead of "Get started" when a subscription already exists. (#5722) by @panteliselef

  • Renames all instances of SubscriptionDetails to PlanDetails to better reflect the capabilities, use cases, and params of the component. (#5749) by @aeliox

  • Split CommerceTotals to CommerceCheckoutTotals and CommerceInvoiceTotals. (#5726) by @panteliselef

    • Break out subscriptions and plans into different pages within UserProfile and OrgProfile (#5727) by @aeliox

    • Display free plan row when "active" and plan has features

    • Tidy up design of subscription rows and badging

    • Adds SubscriptionDetails support for plans without a current subscription

  • Bug fix: Checkout drawer not opening after user selected another account from UserButton. (#5743) by @panteliselef

  • Fix list spacing within PricingTable and PlanDetails components. (#5755) by @alexcarpenter

  • Replace "commerce" with "billing" in error message when components cannot render because the feature is disabled. (#5741) by @panteliselef

  • Remove stale properties from __experimental_CommerceInvoiceResource (#5738) by @panteliselef

  • Switch to "Payment method" terminology instead of "Payment source". (#5721) by @panteliselef

    • Removes userProfile.__experimental_billingPage.start.headerTitle__paymentSources
    • Adds userProfile.__experimental_billingPage.start.headerTitle__paymentMethods

  • Retry confrim checkout requests if any erros with >=500 status code occur (#5742) by @octoper

  • Add the CAPTCHA element on the SignIn component (#5739) by @anagstef

  • Update the text in Checkout buttons from "Pay $0" to "Subscribe". (#5720) by @panteliselef

  • Updated dependencies [b02e766, 5d78b28, d7f4438, 5866855, 0007106, 462b5b2, 447d7a9, 2beea29, 115601d]:

    • @clerk/types@4.56.0
    • @clerk/localizations@3.14.1
    • @clerk/shared@3.7.5

5.62.2

Patch Changes

  • Bug fix: Use the same cache key for payment sources across checkout and profiles. (#5706) by @panteliselef

  • Avoid laggy ui when closing drawer after canceling subscription. (#5711) by @panteliselef

  • Bug fix: on session switch, revalidate cached commerce resources. (#5712) by @panteliselef

  • Revalidate payment sources from <Checkout /> when a new payment source is added before the checkout is completed. (#5709) by @panteliselef

  • Invalidate invoices after successful checkout. (#5717) by @panteliselef

  • Incremental improvements for account funds in checkout. (#5705) by @panteliselef

    • Fixes CLS issues when rendering account funds
    • Renames "accounts funds" to "payment sources" for consistency
    • Auto opes the "Add a new payment source" drawer only if no payments sources exist

  • Update shortDate modifier to include year for future dates. (#5707) by @panteliselef

  • Add support for 2 new OAuth error codes (#5718) by @anagstef

  • Updated dependencies [f9c2dfa, 7cd1afa]:

    • @clerk/localizations@3.14.0

5.62.1

Patch Changes

  • Minor UI fixes for Billing pages in <UserProfile/> and <OrganizationProfile/>. (#5690) by @panteliselef

  • Updated dependencies [8b25035]:

    • @clerk/localizations@3.13.14
    • @clerk/types@4.55.1
    • @clerk/shared@3.7.4

5.62.0

Minor Changes

  • Introduce Clerk.status for tracking the state of the clerk singleton. (#5476) by @panteliselef

    Possible values for Clerk.status are:

    • "loading": Set during initialization
    • "error": Set when hotloading clerk-js failed or Clerk.load() failed
    • "ready": Set when Clerk is fully operational
    • "degraded": Set when Clerk is partially operational

    The computed value of Clerk.loaded is:

    • true when Clerk.status is either "ready" or "degraded".
    • false when Clerk.status is "loading" or "error".

  • Introduce clerk.legacy.browser.js for legacy browser support. (#5495) by @dstaley

Patch Changes

  • Fix duplicate checkout calls when clicking Get Started buttons (#5664) by @aeliox

  • Remove the experimental commerce flag (#5666) by @aeliox

    • Adds support for collecting and verifying user email (when they don't already have one associated with their payer) during checkout (#5671) by @aeliox

    • Fixes incorrect org invoices endpoint.

    • Extracts plan CTA button styling, labeling, and selecting into context methods.

    • Adds UserProfile / OrgProfile specific scrollbox IDs for drawer portal-ing (fixes issue where both could be open)

    • Fixes incorrect button action in SubscriptionList for active but expiring subscriptions.

  • Rollback change to lazy-loading suspense wrapper (#5670) by @aeliox

  • Add <SubscriptionsList /> to both UserProfile and OrgProfile components. (#5658) by @alexcarpenter

    Introduce experimental method for opening <SubscriptionDetails /> component.

    clerk.__experimental_openSubscriptionDetails(...)

  • Updated dependencies [68dc2b6, 33201bf, 4334598, 0ae0403]:

    • @clerk/localizations@3.13.13
    • @clerk/types@4.55.0
    • @clerk/shared@3.7.3

5.61.2

Patch Changes

5.61.1

Patch Changes

  • Fix: add default param to plans call (#5637) by @aeliox

  • Fix an issue where fallbackRedirectUrl and forceRedirectUrl were being improperly passed from sign up to sign in and vice versa. These props will now only apply to the specific flow they were passed to initially. (#5645) by @brkalow

  • Improve JSDoc comments (#5630) by @LekoArts

  • Fix: add missing context to PricingTable (#5638) by @aeliox

  • Add invoices data fetching and invoice UI to org and user profile. (#5627) by @alexcarpenter

  • Chore: tidy up checkout complete state for upcoming subscriptions (#5644) by @aeliox

  • Hide Billing tabs from UP and OP when no paid plans exist for an instance. (#5628) by @panteliselef

  • Updates PricingTable and SubscriptionDetailDrawer to handle upcoming and "expiring" subscriptions. (#5601) by @aeliox

  • Updated dependencies [ab939fd, 03284da, 7389ba3, f6ef841, b7b940c, e634830, f8887b2]:

    • @clerk/types@4.54.1
    • @clerk/shared@3.7.1
    • @clerk/localizations@3.13.11

5.61.0

Minor Changes

  • Add support for feature or plan based authorization (#5582) by @panteliselef

    Plan

    • Clerk.session.checkAuthorization({ plan: "my-plan" })

    Feature

    • Clerk.session.checkAuthorization({ feature: "my-feature" })

    Scoped per user or per org

    • Clerk.session.checkAuthorization({ feature: "org:my-feature" })
    • Clerk.session.checkAuthorization({ feature: "user:my-feature" })
    • Clerk.session.checkAuthorization({ plan: "user:my-plan" })
    • Clerk.session.checkAuthorization({ plan: "org:my-plan" })

Patch Changes

5.60.0

Minor Changes

Patch Changes

5.59.3

Patch Changes

  • Uses the helper function __experimental_JWTPayloadToAuthObjectProperties from @clerk/shared to handle the new JWT v2 schema. (#5549) by @octoper

  • Remove Stripe from non-RHC build (#5569) by @tmilewski

  • Add Payment Sources to <OrgProfile />, hook up all org-related payment source and checkout methods to the org-specific endpoints (#5554) by @aeliox

  • Fix issue where the SSO callback URL was incorrectly generated when using the transfer flow within a modal. (#5562) by @dstaley

  • Add copy and truncation options to <LineItems.Description /> component. (#5560) by @alexcarpenter

  • Update the supported API version to 2025-04-10 (#5568) by @octoper

  • Optionally handle the intent parameter on SSO redirects to reload specific resources. (#5553) by @dstaley

  • Updated dependencies [3ad3bc8, cfa94b8, 2033919, 5f3cc46]:

    • @clerk/shared@3.5.0
    • @clerk/types@4.52.0
    • @clerk/localizations@3.13.8

5.59.2

Patch Changes

  • Expose the 'external_account.phone_number' property. This represents the associated phone number, if exists, with the specific external account (#5557) by @chanioxaris

  • Stop retrying on /verify if the client cannot solve the challenge (#5526) by @anagstef

  • Handle two factor redirect when authenticate with web3 and multifactor has been enabled (#5352) by @nikospapcom

  • Updated dependencies [f6f275d]:

    • @clerk/types@4.51.1
    • @clerk/localizations@3.13.7
    • @clerk/shared@3.4.1

5.59.1

Patch Changes

  • Adds support for Apple Pay to AddPaymentSource component, and removes the unusable "collapsed" state. (#5506) by @aeliox

  • Fixes an issue where a race condition was caused by triggering navigations during a call to setActive. (#5515) by @dstaley

  • Introduce clerk.__internal_openCheckout() and clerk.__internal_closeCheckout() methods and remove <Checkout /> from within the <PricingTable /> component. (#5481) by @alexcarpenter

  • Add optional resourceId to useFetch hook (#5536) by @aeliox

  • Fix routing issue in <Checkout /> component by wrapping the LazyDrawerRenderer with nested VirtualRouter. (#5527) by @alexcarpenter

  • Fixes an issue where the SSO callback URL was incorrectly set for combined sign-in/sign-up. (#5515) by @dstaley

  • Trigger navigation to tasks on setActive for internal routing only (#5535) by @LauraBeatris

  • Updated dependencies [e1ec52b, bebb6d8, c3e7886, d0d5203, 6112420, 9b25e31, 26ce4c1]:

    • @clerk/types@4.51.0
    • @clerk/localizations@3.13.6
    • @clerk/shared@3.4.0

5.59.0

Minor Changes

  • Improve session refresh logic. (#5397) by @panteliselef

    • Switched from interval-based polling to timeout-based polling, ensuring retries for a getToken() call complete before the next poll begins.
    • Clerk.handleUnauthenticated() now sets the session to null when a /client request returns a 500 status code, preventing infinite request loops.
    • Improved error handling: If the /client request fails during initialization, the poller stops, a dummy client is created, a manual request to /tokens is attempted, and polling resumes.

  • Expose retryAfter value on ClerkAPIResponseError for 429 responses. (#5480) by @dstaley

Patch Changes

5.58.1

Patch Changes

  • Fallback to locally stored environment during an outage. (#5420) by @panteliselef

  • Fix Turnstile console warning when locale is used (#5463) by @anagstef

  • Remove console.error from transfer flow (#5462) by @anagstef

  • Add billing page to OrgProfile, use new usePlans hook, and adds new subscription methods (#5423) by @aeliox

  • Refactor <PricingTableDefault /> to use local sub components to align with <PricingTableMatrix /> implementation and descriptors. (#5450) by @alexcarpenter

  • Updated dependencies [e20fb6b, 77e6462]:

    • @clerk/localizations@3.13.4
    • @clerk/shared@3.2.3
    • @clerk/types@4.50.1

5.58.0

Minor Changes

  • Add support for the oauthFlow prop on <SignIn /> and <SignUp />, allowing developers to opt-in to using a popup for OAuth authorization instead of redirects. (#5239) by @dstaley

    With the new oauthFlow prop, developers can opt-in to using a popup window instead of redirects for their OAuth flows by setting oauthFlow to "popup". While we still recommend the default "redirect" for most scenarios, the "popup" option is useful in environments where the redirect flow does not currently work, such as when your application is embedded into an iframe. We also opt applications into the "popup" flow when we detect that your application is running on a domain that's typically embedded into an iframe, such as loveable.app.

Patch Changes

5.57.4

Patch Changes

  • Fix lazy-loading of BillingPage in UserProfile (#5445) by @aeliox

  • Remove Paypal option from <CheckoutForm /> (#5446) by @alexcarpenter

  • Wrap nested <Checkout /> component in its own AppearanceProvider to recieve its own appearance object. (#5443) by @alexcarpenter

  • Updated dependencies [466ed13]:

    • @clerk/types@4.49.2
    • @clerk/localizations@3.13.2
    • @clerk/shared@3.2.1

5.57.3

Patch Changes

5.57.2

Patch Changes

  • Add background color to <PricingTableMatrix /> elements to ensure sticky elements cover the scrollable content. (#5417) by @alexcarpenter

  • Use a new signUp attempt on SignUp component when there is no ticket flow and a phone number is provided to prevent rate-limiting issues. (#5415) by @anagstef

  • Add matrix layout option to <PricingTable /> component. (#5393) by @alexcarpenter

  • Updated dependencies [892bc0e]:

    • @clerk/shared@3.2.0

5.57.1

Patch Changes

  • Fix issue where unverified field weren't showing up when ToS was enabled (#5404) by @octoper

  • Lazy-loads experimental components within UserProfile, preventing unnecessary code from loading. (#5409) by @aeliox

  • Fix an edge case where window.Clerk is re-assigned if the Clerk script is injected multiple times. (#5406) by @brkalow

  • Export isReverificationCancelledError error helper (#5396) by @octoper

  • Introduce __experimental_nextTask method for navigating to next tasks on a after-auth flow (#5377) by @LauraBeatris

  • Update the resiliency logic for failed client attempts to allow the creation of a dev browser. (#5411) by @panteliselef

  • This introducing changes to useReverification, the changes include removing the array and returning the fetcher directly and also the dropping the options throwOnCancel and onCancel in favour of always throwing the cancellation error. (#5396) by @octoper

    import { useReverification } from '@clerk/clerk-react';
import { isReverificationCancelledError } from '@clerk/clerk-react/error';

type MyData = {
  balance: number;
};

export function MyButton() {
  const fetchMyData = () => fetch('/api/balance').then(res => res.json() as Promise<MyData>);
  const enhancedFetcher = useReverification(fetchMyData);

  const handleClick = async () => {
    try {
      const myData = await enhancedFetcher();
      //     ^ is typed as `MyData`
    } catch (e) {
      // Handle error returned from the fetcher here
      // You can also handle cancellation with the following
      if (isReverificationCancelledError(err)) {
        // Handle the cancellation error here
      }
    }
  };

  return <button onClick={handleClick}>Update User</button>;
}

    These changes are also adding a new handler in options called onNeedsReverification, which can be used to create a custom UI to handle re-verification flow. When the handler is passed the default UI our AIO components provide will not be triggered so you will have to create and handle the re-verification process.

    import { useReverification } from '@clerk/clerk-react';
import { isReverificationCancelledError } from '@clerk/clerk-react/error';

type MyData = {
  balance: number;
};

export function MyButton() {
  const fetchMyData = () => fetch('/api/balance').then(res => res.json() as Promise<MyData>);
  const enhancedFetcher = useReverification(fetchMyData, {
    onNeedsReverification: ({ complete, cancel, level }) => {
      // e.g open a modal here and handle the re-verification flow
    },
  });

  const handleClick = async () => {
    try {
      const myData = await enhancedFetcher();
      //     ^ is typed as `MyData`
    } catch (e) {
      // Handle error returned from the fetcher here

      // You can also handle cancellation with the following
      if (isReverificationCancelledError(err)) {
        // Handle the cancellation error here
      }
    }
  };

  return <button onClick={handleClick}>Update User</button>;
}

  • Updated dependencies [3910ebe, e513333]:

    • @clerk/types@4.49.1
    • @clerk/shared@3.1.0
    • @clerk/localizations@3.13.1

5.57.0

Minor Changes

  • Navigate to tasks on after sign-in/sign-up (#5280) by @LauraBeatris

  • Improve the resilience of the SDK against situations where the /v1/environment endpoint is not reachable. This is achieved by allowing the initialization of the environment with default values. (#5287) by @jacekradko

  • Allow user set primary web3 wallet in <UserProfile /> when more than one web3 wallets presented (#5353) by @nikospapcom

  • Deprecate out of date jwt types in favour of existing that are up-to-date. (#5354) by @panteliselef

Patch Changes

5.56.0

Minor Changes

  • Support passkeys as a first factor strategy for reverification (#5242) by @octoper

Patch Changes

5.55.1

Patch Changes

5.55.0

Minor Changes

  • Lazily load components related to <SignUp> functionality when used with the combined flow in <SignIn>. (#5237) by @panteliselef

Patch Changes

5.54.2

Patch Changes

  • Fixes a bug in Clerk.signOut() that was preventing the after sign out redirect from occurring in Next.js v15. (#5171) by @brkalow

5.54.1

Patch Changes

  • Fix modal issues by inlining scroll locking mechanism instead of using <FloatingOverlay/> which caused issues in Chromium based browsers (#5244) by @octoper

5.54.0

Minor Changes

  • Introduce the appearance.captcha property for the CAPTCHA widget (#5184) by @anagstef

  • Track usage of modal UI Components as part of telemetry. (#5185) by @panteliselef

    • Initialize new pending session status as an signed-in state (#5136) by @LauraBeatris

    • Deprecate Clerk.client.activeSessions in favor of Clerk.client.signedInSessions

    • Introduce Clerk.isSignedIn property as an explicit signed-in state check, instead of !!Clerk.session or !!Clerk.user:

    - if (Clerk.user) {
+ if (Clerk.isSignedIn) {
  // Mount user button component
  document.getElementById('signed-in').innerHTML = `
    <div id="user-button"></div>
  `

  const userbuttonDiv = document.getElementById('user-button')

  clerk.mountUserButton(userbuttonDiv)
}

Patch Changes

5.53.0

Minor Changes

  • Introduce EmailLinkErrorCodeStatus to support users in custom flows and mark EmailLinkErrorCode as deprecated. (#5142) by @alexcarpenter

    - import { EmailLinkErrorCode } from '@clerk/nextjs/errors'
+ import { EmailLinkErrorCodeStatus } from '@clerk/nextjs/errors'

  • Fix issue where unsafeMetadata was not associated with sign-ups in the combined sign-in-or-up flow. (#5161) by @dstaley

Patch Changes

5.52.3

Patch Changes

5.52.2

Patch Changes

5.52.1

Patch Changes

5.52.0

Minor Changes

5.51.0

Minor Changes

    • @clerk/clerk-js, @clerk/types: Add redirectUrl option to buildAfterSignInUrl() and buildAfterSignUpUrl() methods. (#5052) by @brkalow

    • @clerk/elements: Ensure redirect_url params passed to Elements components are always passed to Clerk's underlying build*Url() methods.

Patch Changes

5.50.2

Patch Changes

5.50.1

Patch Changes

  • Removes Turnstile remotely-hosted code from builds for unsupported environments (#5039) by @tmilewski

  • Opt out of combined flow when sign up mode is restricted. (#5020) by @alexcarpenter

  • Use a cookie instead of localStorage for the active org ID to avoid issues when localStorage is disabled at the browser level. (#4394) by @brkalow

  • Removes web3 provider options from progressive sign up step. web3 providers don't have the ability to fill in missing fields. (#5036) by @alexcarpenter

  • Remove 'virtual' from the routing option. The 'virtual' value is only used internally and should not be part of the public API. (#4977) by @alexcarpenter

  • Do not throw error on captchaHeartbeat if displayConfig is null. (#5032) by @jacekradko

  • Pass the signInUrl through to the sign up context when within the combined flow. (#5042) by @alexcarpenter

  • Updated dependencies [a309be354275b91a7b17d5a67e8ef6aa230a9935, 1345cb487970a7347351897e80dfb829d85c41ea]:

    • @clerk/shared@2.20.16
    • @clerk/types@4.44.2
    • @clerk/localizations@3.10.2

5.50.0

Minor Changes

  • Improve Keyless prompt's copy and add secondary CTA button for navigating to API keys page in the Dashboard. (#4993) by @kaftarmery

Patch Changes

5.49.0

Minor Changes

Patch Changes

5.48.0

Minor Changes

    • Introduced an upsert method to the SignUp resource, which reuses the existing sign-up attempt ID if it exists. (#4720) by @kostaspt

    • Fix a ticket flow issue on <SignUp /> component, where in some rare cases the initial ticket/context is lost, because of creating a new sign-up attempt ID.

  • Expand Keyless popover when a user signs-in. (#4969) by @kaftarmery

Patch Changes

5.47.0

Minor Changes

  • Display keyless prompt until the developer manually dismisses it. (#4940) by @panteliselef

  • Add a "Go to dashboard" link to the success state on the Keyless popover. (#4959) by @kaftarmery

Patch Changes

5.46.0

Minor Changes

  • Add a confirmation state that the Application has been successfully claimed on the Keyless prompt. (#4928) by @kaftarmery

Patch Changes

5.45.2

Patch Changes

5.45.1

Patch Changes

5.45.0

Minor Changes

Patch Changes

5.44.1

Patch Changes

  • Simplify animations on Keyless prompt. (#4868) by @kaftarmery

    Bug fix: Add base element styles to override default styling of elements on Keyless prompt.

  • Fixes an issue that caused Clerk's UI code to load even before components were rendered. (#4876) by @brkalow

  • Updated dependencies [fd7a5be73db3acaa7daeb9b15af73c2ce99d03a6]:

    • @clerk/localizations@3.9.8
    • @clerk/types@4.40.3
    • @clerk/shared@2.20.7

5.44.0

Minor Changes

  • Improve UX when adding a new phone number as an MFA option (#4860) by @octoper

Patch Changes

5.43.7

Patch Changes

  • Fixes username form field errors to display messages according to the respective code sent in the error response. (#4858) by @panteliselef

5.43.6

Patch Changes

5.43.5

Patch Changes

5.43.4

Patch Changes

5.43.3

Patch Changes

5.43.2

Patch Changes

  • Redirect to sign up start step within combined flow when there are optional fields. (#4795) by @alexcarpenter

5.43.1

Patch Changes

5.43.0

Minor Changes

  • Redirect to the current page when within modal mode and no redirect URL is provided. (#4768) by @alexcarpenter

Patch Changes

5.42.1

Patch Changes

5.42.0

Minor Changes

Patch Changes

5.41.0

Minor Changes

  • Switching to use ^ for semver ranges of internal @clerk/ production dependencies. (#4664) by @jacekradko

Patch Changes

5.40.3

Patch Changes

  • Bug fix: When the requested Web3 provider cannot be found, use any other available injected Web3 Wallet provider, instead of blocking the sign-in/sign-up flow. (#4734) by @chanioxaris

  • Introduce the navbarButtonText element descriptor. (#4635) by @alexcarpenter

  • Updated dependencies [cd72a27a75863dfd94b0a00ed5b2d03231556bc0]:

    • @clerk/types@4.39.2
    • @clerk/localizations@3.8.2
    • @clerk/shared@2.19.4

5.40.2

Patch Changes

5.40.1

Patch Changes

5.40.0

Minor Changes

  • Replace __internal_claimAccountlessKeysUrl with __internal_claimKeylessApplicationUrl. (#4602) by @panteliselef

Patch Changes

5.39.0

Minor Changes

  • Replace usage of OAUTH_PROVIDERS and WEB3_PROVIDERS from @clerk/types to @clerk/shared. (#4716) by @panteliselef

Patch Changes

5.38.0

Minor Changes

  • Introduce a new allowedRedirectProtocols option to pass additional allowed protocols for user-provided redirect validation. (#4705) by @BRKalow

Patch Changes

  • Fixes an issue in UserProfile where email and username forms could retain stale values from the previous render, leading to incorrect data being sent to FAPI (#4713) by @LauraBeatris

  • Remove side-effect from Session resource initialization that triggered a session cookie update. This cookie update is now explicitly part of the Clerk.load() flow. (#4555) by @BRKalow

  • Updated dependencies [4e5e7f463c12893a21cb3b5f9317fc3f2945879b]:

    • @clerk/types@4.37.0
    • @clerk/localizations@3.7.3
    • @clerk/shared@2.18.1

5.37.0

Minor Changes

  • Support OKW Wallet Web3 provider and authentication strategy (#4696) by @chanioxaris

Patch Changes

5.36.0

Minor Changes

    • Update the supported API version to 2024-10-01 that includes the following changes (#4596) by @Nikpolik

      • Notification for new sign ins to users' accounts feature becomes available.
      • The response for Sign Ins with an email address that matches a SAML connection is updated. Instead of responding with a status of needs_identifier the API will now return a status of needs_first_factor and the email address that matched will be returned in the identifier field. the only strategy that will be included in supported first factors is enterprise_sso

      Read more in the API Version docs

    • Update components to use the new enterprise_sso strategy for sign ins / sign ups that match an enterprise connection and handle the new API response.

      This strategy supersedes SAML to provide a single strategy as the entry point for Enterprise SSO regardless of the underlying protocol used to authenticate the user.

      For now there are two new types of connections that are supported in addition to SAML, Custom OAuth and EASIE (multi-tenant OAuth).

Patch Changes

5.35.1

Patch Changes

  • Fix a bug where the Clerk event listener was not emitting updates when a Session's user data changes. (#4661) by @BRKalow

  • Bug fix: Being able to revoke a session from UserProfile. (#4653) by @panteliselef

5.35.0

Minor Changes

  • Drop experimental tag related to reverification. (#4536) by @panteliselef

    Properties of Clerk class:

    • __experimental_openUserVerification -> __internal_openReverification
    • __experimental_closeUserVerification -> __internal_closeReverification
    • __experimental_UserVerificationProps -> __internal_ReverificationProps
    • __experimental_UserVerificationModalProps -> __internal_ReverificationModalProps

    Properties of Session:

    • __experimental_factorVerificationAge -> factorVerificationAge
    • __experimental_startVerification -> startVerification
    • __experimental_prepareFirstFactorVerification -> prepareFirstFactorVerification
    • __experimental_attemptFirstFactorVerification -> attemptFirstFactorVerification
    • __experimental_prepareSecondFactorVerification -> prepareSecondFactorVerification
    • __experimental_attemptSecondFactorVerification -> attemptSecondFactorVerification

  • If a nonce is provided, it is now made available to Clerk's internal components. This allows the nonce to be passed in to style-src in CSPs and work correctly. (#4509) by @jescalan

Patch Changes

5.34.6

Patch Changes

5.34.5

Patch Changes

5.34.4

Patch Changes

5.34.3

Patch Changes

5.34.2

Patch Changes

5.34.1

Patch Changes

5.34.0

Minor Changes

  • Surface enterprise accounts in UserProfile, allowing to display more protocols besides SAML (#4518) by @LauraBeatris

  • Introduce the experimental.rethrowOfflineNetworkErrors option to the ClerkProvider component. (#4525) by @anagstef

    When set to true, Clerk will rethrow network errors that occur while the user is offline.

Patch Changes

5.33.1

Patch Changes

5.33.0

Minor Changes

  • Replace redirectUrl with afterJoinWaitlistUrl in <Waitlist /> component (#4532) by @nikospapcom

Patch Changes

5.32.0

Minor Changes

  • Introduce experimental support for passkeys in Expo (iOS, Android, and Web). (#4352) by @AlexNti

    To use passkeys in Expo projects, pass the __experimental_passkeys object, which can be imported from @clerk/clerk-expo/passkeys, to the ClerkProvider component:

    import { ClerkProvider } from '@clerk/clerk-expo';
import { passkeys } from '@clerk/clerk-expo/passkeys';

<ClerkProvider __experimental_passkeys={passkeys}>{/* Your app here */}</ClerkProvider>;

    The API for using passkeys in Expo projects is the same as the one used in web apps:

    // passkey creation
const { user } = useUser();

const handleCreatePasskey = async () => {
  if (!user) return;
  try {
    return await user.createPasskey();
  } catch (e: any) {
    // handle error
  }
};

// passkey authentication
const { signIn, setActive } = useSignIn();

const handlePasskeySignIn = async () => {
  try {
    const signInResponse = await signIn.authenticateWithPasskey();
    await setActive({ session: signInResponse.createdSessionId });
  } catch (err: any) {
    //handle error
  }
};

  • The Legal consent feature is now stable. (#4487) by @octoper

    Removed the __experimental_ prefix.

  • Now sending the Frontend API version through query string params (#4457) by @jacekradko

Patch Changes

5.31.2

Patch Changes

  • Re-init window.Clerk options when ClerkProvider props change in @clerk/clerk-react (#4498) by @nikosdouvlis

5.31.1

Patch Changes

5.31.0

Minor Changes

  • New Feature: Introduce the <Waitlist /> component and the waitlist sign up mode. (#4376) by @nikospapcom
    • Allow users to request access with an email address via the new <Waitlist /> component.
    • Show Join waitlist prompt from <SignIn /> component when mode is waitlist.
    • Appropriate the text in the Sign Up component when mode is waitlist.
    • Added joinWaitlist() method in Clerk singleton.
    • Added redirectToWaitlist() method in Clerk singleton to allow user to redirect to waitlist page.

Patch Changes

5.30.3

Patch Changes

5.30.0

Minor Changes

    • Introduce redirectUrl property on setActive as a replacement for beforeEmit. (#4312) by @issuedat

    • Deprecates beforeEmit property on setActive.

Patch Changes

  • Experimental: asStandalone now accepts a callback that notifies if the standalone popover needs to unmount. (#4423) by @panteliselef

  • Improve checkbox label alignment to account for wrapping labels. (#4426) by @alexcarpenter

  • Remove unused fitTextInOneLine and textWidthForCurrentSize (#4407) by @zythosec

  • Chore: Replace beforeEmit with an explicit call after setActive, inside the experimental UserVerification. (#4362) by @panteliselef

    • Changed __experimental_legalAccepted checkbox Indicator element descriptor and element id (#4427) by @octoper

    • Changed __experimental_legalAccepted checkbox Label element descriptor and element id

    • Added two new element descriptors formFieldCheckboxInput, formFieldCheckboxLabel.

  • Updated dependencies [f875463da, 5be7ca9fd, c2f5071be, 08c5a2add, ae0621972, cd2189ac8, 159877be0, 434b432f8]:

    • @clerk/types@4.29.0
    • @clerk/localizations@3.4.1
    • @clerk/shared@2.11.0

5.29.1

Patch Changes

  • Move @clerk/ui to devDependencies (#4399) by @dstaley

  • Show an error on <UserProfile /> if the Web3 wallet is already claimed. (#4389) by @EmmanouelaPothitou

  • Fix for legal consent rendered on the component when only social sign up is enabled (#4403) by @octoper

5.29.0

Minor Changes

  • Adding experimental support for legal consent for <SignUp/> component (#4337) by @octoper

Patch Changes

  • Updated dependencies [3fdcdbf88, f9d53fe34]:
    • @clerk/localizations@3.4.0
    • @clerk/types@4.28.0
    • @clerk/ui@0.1.10
    • @clerk/shared@2.10.1

5.28.0

Minor Changes

  • Add experimental support for new UI components (#4114) by @BRKalow

Patch Changes

  • Bug fix: Always receive a new session verification object when UserVerification component mounts. (#4359) by @panteliselef

  • Updated dependencies [3b50b67bd, 3b50b67bd]:

    • @clerk/shared@2.10.0
    • @clerk/types@4.27.0
    • @clerk/localizations@3.3.1

5.27.0

Minor Changes

  • Drop maxAgeMinutes from __experimental_startVerification. (#4338) by @panteliselef

    Drop types __experimental_SessionVerificationConfig and __experimental_SessionVerificationMaxAgeMinutes.

  • The "Restricted access" screen has been improved for visual consistency and the ability to contact support. The displayed texts have been made more clear and the sign-in button has been moved to the bottom. (#4335) by @nikospapcom

  • Add experimental standalone mode for <UserButton /> and <OrganizationSwitcher />. (#4042) by @panteliselef

    When __experimental_asStandalone: true the component will not render its trigger, and instead it will render only the contents of the popover in place.

    APIs that changed:

    • (For internal usage) Added __experimental_prefetchOrganizationSwitcher as a way to mount an internal component that will render the useOrganizationList() hook and prefetch the necessary data for the popover of <OrganizationSwitcher />. This enhances the UX since no loading state will be visible and keeps CLS to the minimum.
    • New property for mountOrganizationSwitcher(node, { __experimental_asStandalone: true })
    • New property for mountUserButton(node, { __experimental_asStandalone: true })

  • Use EIP-4361 message spec for Web3 wallets sign in signature requests (#4334) by @chanioxaris

Patch Changes

5.26.5

Patch Changes

  • Only retry the OAuth flow if the captcha check failed. (#4329) by @nikosdouvlis

  • Improve bot detection by loading the Turnstile SDK directly from CloudFlare. (#4321) by @anagstef

    If loading fails due to CSP rules, load it through FAPI instead.

  • Bypass captcha for providers dynamically provided in environment (#4322) by @nikosdouvlis

  • Updated dependencies [d64e54c40, 2ba2fd148]:

    • @clerk/shared@2.9.1
    • @clerk/types@4.25.1
    • @clerk/localizations@3.2.1

5.26.4

Patch Changes

  • Correctly handle malformed or protocol-relative URLs before navigating to cross-origin URLs (#4317) by @nikosdouvlis

5.26.3

Patch Changes

5.26.2

Patch Changes

5.26.1

Patch Changes

5.26.0

Minor Changes

  • Rename __experimental_assurance to __experimental_reverification. (#4268) by @panteliselef
    • Supported levels are now are firstFactor, secondFactor, multiFactor.
    • Support maxAge is now replaced by maxAgeMinutes and afterMinutes depending on usage.
    • Introduced ____experimental_SessionVerificationTypes that abstracts away the level and maxAge
      • Allowed values 'veryStrict' | 'strict' | 'moderate' | 'lax'

Patch Changes

  • Updated dependencies [fb932e5cf]:
    • @clerk/shared@2.9.0
    • @clerk/types@4.25.0
    • @clerk/localizations@3.1.2

5.25.0

Minor Changes

  • Drop the experimental mounted variant of UserVerification. (#4266) by @panteliselef

    Removes:

    • <__experimental_UserVerification/>
    • __experimental_mountUserVerification()
    • __experimental_unmountUserVerification()

  • Experimental Feature: <UserProfile/> allows users to update their information. Mostly of this information is considered sensitive data. (#4127) by @panteliselef

    We want to ensure that only the users themselves can alter any sensitive data.

    To increase security we are now, require users to re-verify their credentials when they are about to perform these actions:

    OperationReverificationStrategyTimeframe
    Update account (first/last name)
    Update usernameStrongest available10m
    Delete accountStrongest available10m
    Create/Remove profile image
    Update passwordStrongest available10m
    Remove password
    Revoke sessionStrongest available10m
    Create identificationStrongest available10m
    Remove identificationStrongest available10m
    Change primary identificationStrongest available10m
    Update Passkey name
    Enable MFA (TOTP, Phone number)Strongest available10m
    Disable MFA (TOΤP, Phone number)Strongest available10m
    Create/Regenerate Backup CodesStrongest available10m
    Connect External AccountStrongest available10m
    Re-authorize External Account
    Remove External AccountStrongest available10m
    Leave organization

  • We recently shipped an experimental feature to persist the Clerk client (under persistClient flag) as an opt-in. This allows for matching a user's device with a client. We want to test this behavior with more users, so we're making it opt-out as the next step. After more successful testing we'll remove the experimental flag and enable it by default. (#4250) by @panteliselef

    If you're encountering issues, please open an issue. You can disable this new behavior like so:

    // React
<ClerkProvider experimental={{ persistClient: false }} />;

// Vanilla JS
await clerk.load({ experimental: { persistClient: false } });

Patch Changes

  • Allow single-character usernames in <UserProfile /> validation (#4243) by @nikospapcom

  • Handle gracefully yet unknown to our components Web3 providers (#4263) by @chanioxaris

  • Navigate to /choose when signing out during multi session. (#4203) by @alexcarpenter

  • Updated dependencies [f6fb8b53d, 4a8570590]:

    • @clerk/types@4.24.0
    • @clerk/localizations@3.1.1
    • @clerk/shared@2.8.5

5.24.1

Patch Changes

5.24.0

Minor Changes

  • Handle sign_up_mode_restricted error encountered in an oauth flow (#4232) by @nikospapcom

  • Render "Restricted access" screen in <SignUp /> component when signup.mode in userSettings is restricted (#4220) by @nikospapcom

Patch Changes

  • Correctly pass defaultOpen prop to OrganizationSwitcher popover instance. (#4233) by @alexcarpenter

  • Conditionally renders identification sections on UserProfile based on the SAML connection configuration for disabling additional identifiers. (#4211) by @NicolasLopes7

  • Updated dependencies [4749ed4c5, f1f17eaab, 2e35ac538]:

    • @clerk/types@4.23.0
    • @clerk/localizations@3.1.0
    • @clerk/shared@2.8.4

5.23.0

Minor Changes

  • Hide sign up url from <SignIn /> component when mode is restricted (#4206) by @nikospapcom

Patch Changes

  • Handle gracefully Coinbase Wallet initial configuration (#4218) by @chanioxaris

  • Supports default role on OrganizationProfile invitations. When inviting a member, the default role will be automatically selected, otherwise it falls back to the only available role. (#4210) by @LauraBeatris

  • Add type for __internal_country (#4215) by @dstaley

  • Updated dependencies [c9063853e, 19d3808d4, 737bcbb0f]:

    • @clerk/types@4.22.0
    • @clerk/localizations@3.0.6
    • @clerk/shared@2.8.3

5.22.4

Patch Changes

  • Fix UserProfile and OrganizationProfile wrong padding on footer for small screens when Development notice is enabled (#4191) by @octoper

  • Internal change to move iconImageUrl util to shared package. (#4188) by @alexcarpenter

  • Only render the Sign out of all accounts action within <UserButton /> when there are multiple sessions. (#4200) by @alexcarpenter

  • Updated dependencies [cb32aaf59, 2e5c550e4, 6275c242c, f9faaf031]:

    • @clerk/shared@2.8.2
    • @clerk/types@4.21.1
    • @clerk/localizations@3.0.5

5.22.3

Patch Changes

  • Restore behavior of MetaMask compatible Web3 wallets. Before, even if a user didn't use the MetaMask browser extension but a compatible one, such as Rabby Wallet, it was possible to use it as they share the same API to authenticate themselves. This behavior stopped working when we added support for EIP6963 regarding handling multiple injected providers. This commit restores the previous behavior by using the existing injected provider if there is a single one (#4185) by @chanioxaris

  • Updated dependencies [5dde18f6b]:

    • @clerk/localizations@3.0.4

5.22.2

Patch Changes

  • Add color to phone input select options to fix rendering within dark and shadesOfPurple themes. (#4176) by @alexcarpenter

  • Updated dependencies [3743eb911]:

    • @clerk/shared@2.8.1

5.22.1

Patch Changes

5.22.0

Minor Changes

  • Experimental support for has() with assurance. (#4118) by @panteliselef

    Example usage:

    has({
  __experimental_assurance: {
    level: 'L2.secondFactor',
    maxAge: 'A1.10min',
  },
});

    Created a shared utility called createCheckAuthorization exported from @clerk/shared

Patch Changes

5.21.2

Patch Changes

  • Updated dependencies [be3b119f8]:
    • @clerk/shared@2.7.2

5.21.1

Patch Changes

  • Update type of __experimental_factorVerificationAge to be [number, number] | null. (#4135) by @panteliselef

  • Updated dependencies [8c6909d46]:

    • @clerk/types@4.20.1
    • @clerk/localizations@3.0.1
    • @clerk/shared@2.7.1

5.21.0

Minor Changes

  • Experimental support: Expect a new sessionClaim called fva that tracks the age of verified factor groups. (#4061) by @panteliselef

    Server side

    This can be applied to any helper that returns the auth object

    Nextjs example

    auth().__experimental_factorVerificationAge;

    Client side

    React example

    const { session } = useSession();
session?.__experimental_factorVerificationAge;

Patch Changes

5.20.0

Minor Changes

  • Add support for the Coinbase Wallet web3 provider and authentication strategy. The Coinbase Wallet provider handles both Coinbase Wallet extension and Smart Wallet (#4082) by @chanioxaris

  • Experimental: Persist the Clerk client after signing out a user. (#3941) by @panteliselef

    This allows for matching a user's device with a client. To try out this new feature, enable it in your <ClerkProvider /> or clerk.load() call.

    // React
<ClerkProvider experimental={{ persistClient: true }} />;

// Vanilla JS
await clerk.load({ experimental: { persistClient: true } });

Patch Changes

  • Updated dependencies [8a3b9f079, e95c28196]:
    • @clerk/types@4.19.0
    • @clerk/localizations@2.8.1
    • @clerk/shared@2.6.2

5.19.0

Minor Changes

  • Add new UserVerification component (experimental feature). This UI component allows for a user to "re-enter" their credentials (first factor and/or second factor) which results in them being re-verified. (#4016) by @panteliselef

    New methods have been added:

    • __experimental_openUserVerification()
    • __experimental_closeUserVerification()
    • __experimental_mountUserVerification(targetNode: HTMLDivElement)
    • __experimental_unmountUserVerification(targetNode: HTMLDivElement)

  • Move SessionVerification methods from UserResource to SessionResource: (#4073) by @panteliselef

    • user.__experimental_verifySession -> session.__experimental_startVerification
    • user.__experimental_verifySessionPrepareFirstFactor -> session.__experimental_prepareFirstFactorVerification
    • user.__experimental_verifySessionAttemptFirstFactor -> session.__experimental_attemptFirstFactorVerification
    • user.__experimental_verifySessionPrepareSecondFactor -> session.__experimental_prepareSecondFactorVerification
    • user.__experimental_verifySessionAttemptSecondFactor -> session.__experimental_attemptSecondFactorVerification

Patch Changes

5.18.0

Minor Changes

  • Add support for Coinbase Wallet strategy during sign in/up flows. Users can now authenticate using their Coinbase Wallet browser extension in the same way as MetaMask (#4052) by @chanioxaris

Patch Changes

5.17.0

Minor Changes

Patch Changes

  • Fix 404s after signing out in NextJS apps by keeping the session cookie while cache is being invalidated (#4001) by @nikosdouvlis

  • Updated dependencies [7ca43acae, c1389492d]:

    • @clerk/localizations@2.7.0
    • @clerk/types@4.16.0
    • @clerk/shared@2.5.5

5.16.1

Patch Changes

  • Remove sessionId parameter from all experimental verify session methods. (#4026) by @panteliselef

  • Introduce Coinbase Wallet Web3 provider types (#4028) by @chanioxaris

  • Change the webpackChunkName of GoogleOneTap from "oneTap" to "onetap" for consistency. (#4036) by @panteliselef

  • Fixes issue where createFlexGapPropertyIosCompat was incorrectly detecting a modern Chrome for iOS user agent. (#4034) by @alexcarpenter

  • Introduce support for the Hugging Face OAuth Provider. (#4021) by @Nikpolik

  • Updated dependencies [0158c774a, 8be1a7abc]:

    • @clerk/types@4.15.1
    • @clerk/localizations@2.6.3
    • @clerk/shared@2.5.4

5.16.0

Minor Changes

  • Expose SessionVerification as an experimental resource. (#4011) by @panteliselef

    Update UserResource with 5 new experimental methods:

    • experimental_verifySession for creating a new SessionVerification record and initiating a new flow.
    • experimental_verifySessionPrepareFirstFactor for preparing a supported first factor like phone_code
    • experimental_verifySessionAttemptFirstFactor for attempting a supported first factor like password
    • experimental_verifySessionPrepareSecondFactor for preparing a supported second factor like phone_code
    • experimental_verifySessionAttemptSecondFactor for attempting a supported second factor like totp

  • Fixes a bug where multiple tabs with different active organizations would not always respect the selected organization. Going forward, when a tab is focused the active organization will immediately be updated to the tab's last active organization. (#3786) by @BRKalow

    Additionally, Clerk.session.getToken() now accepts an organizationId option. The provided organization ID will be used to set organization-related claims in the generated session token.

Patch Changes

    • Fixes an issue in Connected Accounts menu that was related to Custom OAuth Providers: (#4014) by @nikospapcom

    • Resolves undefined properties error that occurred when a Custom OAuth Provider was enabled but authenticatable was set to false.

  • Fix issue where MFA two-factor UI was incorrectly rendering set default action in SMS code when TOTP strategy was defined. (#4003) by @alexcarpenter

  • Updated dependencies [247b3fd75]:

    • @clerk/types@4.15.0
    • @clerk/localizations@2.6.2
    • @clerk/shared@2.5.3

5.15.1

Patch Changes

5.15.0

Minor Changes

Patch Changes

5.14.1

Patch Changes

  • Add development mode warning in the browser console when load() happens. Companion PR for Add dev mode warning to components. (#3930) by @LekoArts

  • Fix unresponsive behavior when clicking placeholder logo in the <CreateOrganization /> component (#3921) by @wobsoriano

  • In certain situations the Frontend API response contains supported_first_factors with a null value while the current code always assumed to receive an array. SignInResource['supportedFirstFactors'] has been updated to account for that and any code accessing this value has been made more resilient against null values. (#3938) by @dstaley

  • Updated dependencies [7e0ced3da, b6f0613dc]:

    • @clerk/shared@2.5.1
    • @clerk/types@4.13.1
    • @clerk/localizations@2.5.8

5.14.0

Minor Changes

  • Add a nonce to clerk-js' script loading options. Also adds a nonce prop to ClerkProvider. This can be used to thread a nonce value through to the clerk-js script load to support apps using a strict-dynamic content security policy. For next.js applications, the nonce will be automatically pulled from the CSP header and threaded through without needing any props so long as the provider is server-rendered. (#3858) by @jescalan

  • Introduce transferable prop for <SignIn /> to disable the automatic transfer of a sign in attempt to a sign up attempt when attempting to sign in with a social provider when the account does not exist. Also adds a transferable option to Clerk.handleRedirectCallback() with the same functionality. (#3845) by @BRKalow

Patch Changes

  • Updated dependencies [59d5f19d3, 4e6c94e3f]:
    • @clerk/shared@2.5.0
    • @clerk/types@4.13.0
    • @clerk/localizations@2.5.7

5.13.2

Patch Changes

  • Add option to hide the slug field in the <CreateOrganization />, <OrganizationSwitcher />, and <OrganizationList /> components (#3882) by @wobsoriano

  • Updated dependencies [9b2aeacb3]:

    • @clerk/types@4.12.1
    • @clerk/localizations@2.5.6
    • @clerk/shared@2.4.5

5.13.1

Patch Changes

  • Fix missing horizonatal padding when page urls are used within <UserButton />. (#3903) by @alexcarpenter

5.13.0

Minor Changes

  • Add createOrganizationsLimit param in @clerk/backend method User.updateUser() (#3823) by @NicolasLopes7

    Example:

        import { createClerkClient }  from '@clerk/backend';

    const clerkClient = createClerkClient({...});
    // Update user with createOrganizationsLimit equals 10
    await clerkClient.users.updateUser('user_...', { createOrganizationsLimit: 10 })

    // Remove createOrganizationsLimit
    await clerkClient.users.updateUser('user_...', { createOrganizationsLimit: 0 })

Patch Changes

  • Updated dependencies [7e94fcf0f]:
    • @clerk/types@4.12.0
    • @clerk/localizations@2.5.5
    • @clerk/shared@2.4.4

5.12.0

Minor Changes

  • Introducing a development mode warning when in development mode in order to mitigate going to production with development keys. (#3870) by @octoper

    In case need to deactivate this UI change temporarily to simulate how components will look in production, you can do so by adding the unsafe_disableDevelopmentModeWarnings layout appearance prop to <ClerkProvider>

    Example:

    <ClerkProvider
  appearance={{
    layout: {
      unsafe_disableDevelopmentModeWarnings: true,
    },
  }}
/>

  • Removed __experimental_startPath from OrganizationProfileProps in @clerk/clerk-js and @clerk/types. (#3888) by @nikospapcom

Patch Changes

  • Updated dependencies [568186cad, 407195270]:
    • @clerk/types@4.11.0
    • @clerk/localizations@2.5.4
    • @clerk/shared@2.4.3

5.11.0

Minor Changes

  • Introduce support for custom menu items in <UserButton/>. (#3784) by @nikospapcom

    • Use <UserButton.MenuItems> as a child component to wrap custom menu items.
    • Use <UserButton.Link/> for creating external or internal links.
    • Use <UserButton.Action/> for opening a specific custom page of "UserProfile" or to trigger your own custom logic via onClick.
    • If needed, reorder existing items like manageAccount and signOut

    New usage example:

    <UserButton>
  <UserButton.MenuItems>
    <UserButton.Link
      label='Terms'
      labelIcon={<Icon />}
      href='/terms'
    />
    <UserButton.Action
      label='Help'
      labelIcon={<Icon />}
      open='help'
    />{' '}
    // Navigate to `/help` page when UserProfile opens as a modal. (Requires a custom page to have been set in
    `/help`)
    <UserButton.Action
      label='manageAccount'
      labelIcon={<Icon />}
    />
    <UserButton.Action
      label='Chat Modal'
      labelIcon={<Icon />}
      onClick={() => setModal(true)}
    />
  </UserButton.MenuItems>
</UserButton>

Patch Changes

5.10.2

Patch Changes

  • Add support for opening the UserProfileModal and OrganizationProfileModal to specific navigation items through the UserButton and OrganizationSwitcher. (#3732) by @EmmanouelaPothitou

  • Adjust how we pass captcha tokens to the Clerk API when signing in with Google, Microsoft, and Apple (#3806) by @BRKalow

  • Add signUp.start.actionLink__use_email and signUp.start.actionLink__use_phone localization keys. (#3826) by @alexcarpenter

  • Updated dependencies [b48689705, 4e61f8d27]:

    • @clerk/types@4.9.1
    • @clerk/localizations@2.5.2
    • @clerk/shared@2.4.1

5.10.1

Patch Changes

  • Updated dependencies [24465035c]:
    • @clerk/localizations@2.5.1

5.10.0

Minor Changes

  • Support reading / writing / removing suffixed/un-suffixed cookies from @clerk/clerk-js and @clerk/backend. by @dimkl

    The __session, __clerk_db_jwt and __client_uat cookies will now include a suffix derived from the instance's publishakeKey. The cookie name suffixes are used to prevent cookie collisions, effectively enabling support for multiple Clerk applications running on the same domain.

  • Improve UX in ConnectedAccounts by converting the error into a useful, user-friendly message with a visible way to take action. (#3723) by @panteliselef

Patch Changes

5.9.0

Minor Changes

  • Added support for Custom OAuth providers by @nikosdouvlis
    • Updated strategy types to include CustomOAuthStrategy:
      • Added the CustomOAuthStrategy type with the value oauth_custom_${string}
      • Modified OAuthStrategy to include CustomOAuthStrategy: export type OAuthStrategy = oauth_${OAuthProvider} | CustomOAuthStrategy;
    • Added the CustomOauthProvider type with value custom_${string} and extended OAuthProvider type to include CustomOauthProvider
    • Added support for displaying provider initials when logo_url is null for custom OAuth providers
    • Created new ProviderInitialIcon internal component in order to display custom oauth provider initials if provider logo_url is null

Patch Changes

  • Bug Fix: Navigation during signing out requires a router which was missing from the ImpersonationFab by @nikosdouvlis

  • Updated dependencies [df7d856d5]:

    • @clerk/types@4.8.0
    • @clerk/localizations@2.4.8
    • @clerk/shared@2.3.3

5.8.1

Patch Changes

  • Bug fix: Clear session cookie after a user deletes their account (#3628) by @octoper

  • Set the localhost cookies with the Secure attribute (#3604) by @anagstef

5.8.0

Minor Changes

  • Deprecate afterSignOutUrl and afterMultiSessionSingleSignOutUrl from UserButton. (#3544) by @panteliselef

    Developers can now configure these directly in ClerkProvider and have them work properly without in UserButton, UserProfile and in impersonation mode.

Patch Changes

  • Bug fix: Requests failing due to incorrect parsing of value false when content type is x-www-form-urlencoded (#3630) by @EmmanouelaPothitou

  • When organization changes, display/fetch the corresponding organization roles. (#3624) by @panteliselef

  • Updated dependencies [d6b5006c4]:

    • @clerk/types@4.7.0
    • @clerk/localizations@2.4.7
    • @clerk/shared@2.3.2

5.7.2

Patch Changes

  • Correctly use updated protocol verification in all code paths (#3605) by @LekoArts

  • Updated dependencies [72888323b]:

    • @clerk/localizations@2.4.6

5.7.1

Patch Changes

  • Bug fix: Skip password strategy for users who authenticate with SAML. (#3578) by @panteliselef

  • Add organizationAvatarUploaderContainer descriptor which is used e.g. for the logo upload box inside "Create Organization" flow (#3596) by @LekoArts

  • Remove the qs library and use the native URLSearchParams API instead. (#3430) by @EmmanouelaPothitou

  • Allow chrome-extension: protocol in validation (#3584) by @LekoArts

  • In a previous release the protocol validation for window navigation was added (ref). Since then only http: and https: were allowed. (#3564) by @LekoArts

    With this release wails: is also supported again. If you think that the mentioned commit introduced a regression for you and your protocol should be supported, please open an issue.

  • Add the title attribute to <OrganizationPreview> component so that truncated organization names can be previewed e.g. through hovering (#3522) by @davemo

  • Updated dependencies [1273b04ec]:

    • @clerk/types@4.6.1
    • @clerk/localizations@2.4.5
    • @clerk/shared@2.3.1

5.7.0

Minor Changes

  • Move isWebAuthnSupported, isWebAuthnAutofillSupported, isWebAuthnPlatformAuthenticatorSupported to @clerk/shared/webauthn. (#3472) by @panteliselef

Patch Changes

  • Updated dependencies [4ec3f63e2]:
    • @clerk/shared@2.3.0

5.6.0

Minor Changes

  • Add descriptor for formatted dates in tables. Those elements can be identified by the cl-formattedDate__tableCell css class. (#3465) by @panteliselef

Patch Changes

  • In some instances your application logo (shown at the top of the sign-in/sign-up form of the prebuilt components) might have been distorted in browsers like Firefox. By applying object-fit: contain to the image's CSS the logo now fills its bounding box without being distorted. (#3501) by @LekoArts

  • Support remounting ClerkProvider multiple times by making sure that the updateProps call during the loading phase does not override any defaults set by Clerk.load() for values that are missing (#3455) by @nikosdouvlis

  • Sms phone code verification lists available phone numbers on cancel. (#3479) by @panteliselef

  • Only render active sessions in the active devices section. Fixes the bug where a device with no information would render upon revoking. (#3497) by @desiprisg

  • Fixed a bug where Clerk components rendered in modals were wrapped with aria-hidden. (#3508) by @BRKalow

  • Bug fix: statically loading a resource would result in an increase in bundle size for clerk.browser.js. (#3519) by @panteliselef

  • Updated dependencies [86a27f693, 478c49b41, 02bed2e00, cd424c590, 73e5d61e2, 68f247444, b8e46328d]:

    • @clerk/shared@2.2.2
    • @clerk/localizations@2.4.4
    • @clerk/types@4.6.0

5.5.3

Patch Changes

  • Bug fix: Use the correct returnBack url when GoogleOneTap remains open across navigations. (#3410) by @panteliselef

    Previously it will only use the url that existed in the browser url bar at the time the component was initially rendered.

  • Add aria-label and aria-expanded in menu trigger to improve accessibility (#3446) by @panteliselef

  • Add experimental support for hCaptcha captcha provider (#3422) by @anagstef

  • Updated dependencies [4beb00672]:

    • @clerk/types@4.5.1

5.5.2

Patch Changes

  • Validate protocol on window navigation by @tmilewski

5.5.1

Patch Changes

  • Add a custom logger to allow logging a message or warning to the console once per session, in order to avoid consecutive identical logs due to component rerenders. (#3383) by @desiprisg

  • Updated dependencies [ff31f7255, 8e5969d82, 0e48fc210]:

    • @clerk/shared@2.2.1
    • @clerk/localizations@2.4.3

5.5.0

Minor Changes

  • Add support for GoogleOneTap. New APIs listed: (#3392) by @panteliselef

    React component

    • <GoogleOneTap/>

    Customize the UX of the prompt

    <GoogleOneTap
  cancelOnTapOutside={false}
  itpSupport={false}
  fedCmSupport={false}
/>

    Use the component from with Vanilla JS

    • Clerk.openGoogleOneTap(props: GoogleOneTapProps)
    • Clerk.closeGoogleOneTap()

    Low level APIs for custom flows

    • await Clerk.authenticateWithGoogleOneTap({ token: 'xxxx'})
    • await Clerk.handleGoogleOneTapCallback()

    We recommend using this two methods together in order and let Clerk to perform the correct redirections.

    google.accounts.id.initialize({
  callback: async response => {
    const signInOrUp = await Clerk.authenticateWithGoogleOneTap({
      token: response.credential,
    });
    await Clerk.handleGoogleOneTapCallback(signInOrUp, {
      signInForceRedirectUrl: window.location.href,
    });
  },
});

    In case you want to handle the redirection and session management yourself you can do so like this

    google.accounts.id.initialize({
  callback: async response => {
    const signInOrUp = await Clerk.authenticateWithGoogleOneTap({
      token: response.credential,
    });
    if (signInOrUp.status === 'complete') {
      await Clerk.setActive({
        session: signInOrUp.createdSessionId,
      });
    }
  },
});

Patch Changes

  • A bug was fixed to not override the existing sign-up state on the OAuth callback. (#3401) by @LauraBeatris

    When continuing a sign-up flow with social connections, @clerk/clerk-js was creating a new SignUpResource object, instead of patching the existing one.

    This was affecting Web3 sign-up flows, since the wallet ID was being overridden on the browser redirect.

  • Updated dependencies [d6a9b3f5d, 456b06849]:

    • @clerk/types@4.5.0
    • @clerk/shared@2.2.0

5.4.0

Minor Changes

  • Replace mount with open for GoogleOneTap. New api is __experimental_openGoogleOneTap. (#3379) by @panteliselef

Patch Changes

  • Remove cookie when signing out before running onBeforeSetActive to resolve issues where we do navigations in onBeforeSetActive. (#3371) by @octoper

  • Updated dependencies [3d790d5ea, e84090db0]:

    • @clerk/types@4.4.0
    • @clerk/localizations@2.4.2

5.3.2

Patch Changes

5.3.1

Patch Changes

  • Re-organize cookie codebase into a central place, fix TokenUpdate event to be triggered on sign-out and drop duplicate event on refreshing token. (#3362) by @dimkl

  • Updated dependencies [9d02df655, ec84d51e7]:

    • @clerk/localizations@2.4.1
    • @clerk/shared@2.1.1

5.3.0

Minor Changes

  • Updates related to experimental Google One Tap support (#3250) by @panteliselef

    • By default we are returning back to the location where the flow started. To accomplish that internally we will use the redirect_url query parameter to build the url.
    <__experimental_GoogleOneTap />
    • In the above example if there is a SIGN_UP_FORCE_REDIRECT_URL or SIGN_IN_FORCE_REDIRECT_URL set then the developer would need to pass new values as props like this
    <__experimental_GoogleOneTap
  signInForceRedirectUrl=''
  signUpForceRedirectUrl=''
/>
    • Let the developer configure the experience they want to offer. (All these values are true by default)
    <__experimental_GoogleOneTap
  cancelOnTapOutside={false}
  itpSupport={false}
  fedCmSupport={false}
/>
    • Moved authenticateWithGoogleOneTap to Clerk singleton
    Clerk.__experimental_authenticateWithGoogleOneTap;
    • Created the handleGoogleOneTapCallback in Clerk singleton
    Clerk.__experimental_handleGoogleOneTapCallback;

  • Introduce new client_mismatch verification status for email link sign-in and sign-up. This error (and its message) will be shown if a verification link was opened in another device/browser from which the user initiated the sign-in/sign-up attempt. This functionality needs to be enabled in the Clerk dashboard. (#3367) by @mzhong9723

Patch Changes

  • Improve logging for CAPTCHA script loading errors (#3374) by @anagstef

  • Respect the signInForceRedirectUrl, signInFallbackRedirectUrl, signUpForceRedirectUrl and signUpFallbackRedirectUrl props passed to SignInButton, SignUpButton and the low-level window.Clerk.buildSignInUrl & window.Clerk.buildSignUpUrl methods. These props allow you to control the redirect behavior of the SignIn and SignUp components. For more information, refer to the Custom Redirects guide. (#3361) by @nikosdouvlis

  • Updated dependencies [6f61130e3, 94197710a, b27ca8366, 201b28d37, b27ca8366]:

    • @clerk/localizations@2.4.0
    • @clerk/types@4.3.0
    • @clerk/shared@2.1.0

5.2.4

Patch Changes

  • Fix a bug where client_uat domain detection would not handle hostnames with a single part. This impacts locally defined custom hostnames used as aliases. (#3357) by @BRKalow

  • Fix Cypress setting cookies as third-party (#3245) by @anagstef

5.2.3

Patch Changes

5.2.2

Patch Changes

  • Fix UI for Phone Input and OTP inputs (#3302) by @octoper

  • Specify an explicit domain when setting the client_uat cookie. This ensures there are no duplicate cookie issues when also receiving cookies from the API. (#3318) by @BRKalow

  • Updated dependencies [df4525f87, 1662aaae9, 9d7a79841, f70c885f7, f5804a225]:

    • @clerk/localizations@2.3.1
    • @clerk/shared@2.0.2
    • @clerk/types@4.2.1

5.2.1

Patch Changes

  • Fixes issue where email field is required but is not shown after user tries to edit email, when already tried another email before when trying to sign up with a method that not provides and email (e.g Metamask) (#3291) by @octoper

5.2.0

Minor Changes

  • Allow localization of text in social buttons when many are listed. (#3282) by @panteliselef

Patch Changes

  • Allow users to display the email address field after selecting to input a phone number. Previously that was not possible when passkeys were enabled. (#3286) by @panteliselef

  • Avoid throwing error for missing an active organization when no user is signed in (#3290) by @panteliselef

  • Use default value for signIn.userData. This will prevent the SignIn modal from breaking when an appearance prop is used in Next.js App Router. (#3280) by @panteliselef

  • Remove deprecated __clerk_frontend_api from Window interface (#3288) by @LauraBeatris

  • Updated dependencies [a78bc447c, c7d626292, 19cd42434]:

    • @clerk/shared@2.0.1
    • @clerk/localizations@2.3.0
    • @clerk/types@4.2.0

5.1.1

Patch Changes

  • Default to text type for all inputs. This resolved inconsistencies with @tailwindcss/forms. (#3260) by @desiprisg

  • Prevent form submission for deleting user account when confirmation value is incorrect but submission is triggered via an "Enter" keystroke. (#3265) by @panteliselef

  • Set the card error when encountering an error on preparing verification via code for email or phone on sign up. (#3256) by @desiprisg

  • Updated dependencies [0a825dcc4]:

    • @clerk/localizations@2.2.0

5.1.0

Minor Changes

  • Remove experimental Passkeys APIs. This includes any API that is marked as experimental or has the __experimental_ prefix. (#3233) by @panteliselef

    This prepares the Passkeys release to move further along towards a beta release and eventual stable release.

Patch Changes

  • Check if any legacy properties have value before displaying a warning (#3254) by @EmmanouelaPothitou

  • Hide "Create Organization" in when it's disabled for user (#3249) by @dimkl

  • Warn when a legacy redirect prop is being shadowed by "fallbackRedirectUrl" or "forceRedirectUrl" by @nikosdouvlis

  • Updated dependencies [de1d75d1a, 956d8792f]:

    • @clerk/localizations@2.1.0
    • @clerk/types@4.1.0

5.0.0

Major Changes

  • 043801f2a: All the components that using routing will throw a runtime error if the a path property is provided with a routing strategy other than path.

    Example that will throw an error:

    <SignIn
  routing='hash'
  path='/sign-in'
/>

  • c2a090513: Change the minimal Node.js version required by Clerk to 18.17.0.

  • deac67c1c: Drop default exports from all packages. Migration guide:

    • use import { Clerk } from '@clerk/backend';
    • use import { clerkInstance } from '@clerk/clerk-sdk-node';
    • use import { Clerk } from '@clerk/clerk-sdk-node';
    • use import { Clerk } from '@clerk/clerk-js';
    • use import { Clerk } from '@clerk/clerk-js/headless';
    • use import { IsomorphicClerk } from '@clerk/clerk-react'

  • 7f6a64f43: - By default, all the components with routing will have the routing prop assigned as 'path' by default when the path prop is filled.

    • The <UserButton /> component will set the default value of the userProfileMode prop to 'navigation' if the userProfileUrl prop is provided.
    • The <OrganizationSwitcher /> component will have the organizationProfileMode and createOrganizationMode props assigned with 'navigation' by default if the organizationProfileUrl and createOrganizationUrl props are filled accordingly.

  • 7f833da9e: Drop deprecations. Migration steps:

    • use publishableKey instead of frontendApi
    • use Clerk.handleEmailLinkVerification() instead of Clerk.handleMagicLinkVerification()
    • use isEmailLinkError instead of isMagicLinkError
    • use EmailLinkErrorCode instead of MagicLinkErrorCode
    • use useEmailLink instead of useMagicLink
    • drop orgs jwt claim from session token
    • use ExternalAccount.imageUrl instead of ExternalAccount.avatarUrl
    • use Organization.imageUrl instead of Organization.logoUrl
    • use User.imageUrl instead of User.profileImageUrl
    • use OrganizationMembershipPublicUserData.imageUrl instead of OrganizationMembershipPublicUserData.profileImageUrl
    • use useOrganizationList instead of useOrganizations
    • use userProfileProps instead of userProfile in Appearance
    • use Clerk.setActive() instead of Clerk.setSession()
    • drop password param in User.update()
    • use afterSelectOrganizationUrl instead of afterSwitchOrganizationUrl in OrganizationSwitcher
    • drop Clerk.experimental_canUseCaptcha / Clerk.Clerk.experimental_captchaSiteKey / Clerk.experimental_captchaURL (were meant for internal use)
    • use User.getOrganizationMemberships() instead of Clerk.getOrganizationMemberships()
    • drop lastOrganizationInvitation / lastOrganizationMember from Clerk emitted events
    • drop Clerk.__unstable__invitationUpdate / Clerk.__unstable__membershipUpdate
    • drop support for string param in Organization.create()
    • use Organization.getInvitations() instead of Organization.getPendingInvitations()
    • use pageSize instead of limit in OrganizationMembership.retrieve()
    • use initialPage instead of offset in OrganizationMembership.retrieve()
    • drop lastOrganizationInvitation / lastOrganizationMember from ClerkProvider
    • use invitations instead of invitationList in useOrganization
    • use memberships instead of membershipList in useOrganization
    • use redirectUrl instead of redirect_url in User.createExternalAccount()
    • use signature instead of generatedSignature in Signup.attemptWeb3WalletVerification()

  • 71663c568: Internal update default apiUrl domain from clerk.dev to clerk.com

  • cfea3d9c0: Path-based routing is now the default routing strategy if the path prop is filled. Additionally, if the path and routing props are not filled, an error will be thrown.

    
// Without path or routing props, an error with be thrown
<UserProfile />
<CreateOrganization />
<OrganizationProfile />
<SignIn />
<SignUp />

// Alternative #1
<UserProfile path="/whatever"/>
<CreateOrganization path="/whatever"/>
<OrganizationProfile path="/whatever"/>
<SignIn path="/whatever"/>
<SignUp path="/whatever"/>

// Alternative #2
<UserProfile routing="hash_or_virtual"/>
<CreateOrganization routing="hash_or_virtual"/>
<OrganizationProfile routing="hash_or_virtual"/>
<SignIn routing="hash_or_virtual"/>
<SignUp routing="hash_or_virtual"/>

  • d18cae5fd: Make the user name on clickable, i.e. part of the button's trigger. This change inverts the positions of cl-userButtonTrigger and cl-userButtonBox, the latter now being a child of the former.

  • 7bffc47cb: Drop Clerk.isReady(). Use Clerk.loaded instead.

  • 5f58a2274: Remove hashing and third-party cookie functionality related to development instance session syncing in favor of URL-based session syncing with query parameters.

  • 5f58a2274: - buildUrlWithAuth no longer accepts an options argument.

  • 52ff8fe6b: Upgrade React version to >=18 and add react-dom as peer dependency to fix issues with vite & rollup building.

  • ab4eb56a5: Drop redirectToHome redirect method in favour of redirectToAfterSignUp or redirectToAfterSignIn.

    When the <SignIn/> and <SignUp/> components are rendered while a user is already logged in, they will now redirect to the configured afterSignIn and afterSignUp URLs, respectively. Previously, the redirect URL was set to the home URL configured in the dashboard.

  • 97407d8aa: Dropping support for Node 14 and 16 as they both reached EOL status. The minimal Node.js version required by Clerk is 18.18.0 now.

  • 4bb57057e: Breaking Changes:

    • Drop isLegacyFrontendApiKey from @clerk/shared
    • Drop default exports from @clerk/clerk-js
      • on headless Clerk type
      • on ui and ui.retheme Portal
    • Use isProductionFromSecretKey instead of isProductionFromApiKey
    • Use isDevelopmentFromSecretKey instead of isDevelopmentFromApiKey

    Changes:

    • Rename HeadlessBrowserClerkConstrutor / HeadlessBrowserClerkConstructor (typo)
    • Use isomorphicAtob / isomorhpicBtoa to replace base-64 in @clerk/expo
    • Refactor merging build-time and runtime props in @clerk/backend clerk client
    • Drop node-fetch dependency from @clerk/backend
    • Drop duplicate test in @clerk/backend

  • f5fb63cf1: Consolidate afterSignOutOneUrl & afterSignOutAllUrl to afterSignOutUrl and drop usage of Dashboard settings in ClerkJS components. The Dashboard settings should only apply to the Account Portal application.

  • 9a1fe3728: Use the new routerPush and routerReplace props for <ClerkProvider /> instead of navigate.

  • d30ea1faa: Change the default behavior of afterSignOutUrl, afterSignIn and afterSignUp props to be redirected to / instead of the Account Portal defined URL.

  • 7886ba89d: Refresh the look and feel of the Clerk UI components

    For more info, refer to the upgrade guide from v4 to v5 in Clerk docs.

  • 41ae1d2f0: Avatar Shimmer will be enabled by default for <UserButton/> and <OrganizationSwitcher/>.

  • 429d030f7: Introducing some changes and some addition for the appearence descriptors for the organization preview in <OrganizationSwitcher/>:

    • .cl-organizationPreview__organizationSwitcher has been renamed to .cl-organizationPreview__organizationSwitcherTrigger.
    • .cl-organizationPreview__organizationSwitcherListedOrganization was added to allow you to customize the appearance of all the listed organization previews.
    • .cl-organizationPreview__organizationSwitcherActiveOrganizationn was added to allow you to customize the appearance of the active organization.

Minor Changes

  • 4b8bedc66: Move usage of internal useCoreX hooks to useX hooks

  • 0d0b1d89a: List passkeys under security in UserProfile.

    • Supports renaming a passkey.
    • Supports deleting a passkey.

  • 08dd88c4a: Introducing sign out from all open tabs at once.

  • afec17953: Improved error handling for registration and retrieval of passkeys. ClerkRuntimeError codes introduced:

    • passkey_not_supported
    • passkeys_pa_not_supported
    • passkey_invalid_rpID_or_domain
    • passkey_already_exists
    • passkey_operation_aborted
    • passkey_retrieval_cancelled
    • passkey_retrieval_failed
    • passkey_registration_cancelled
    • passkey_registration_failed

    Example usage:

    try {
  await __experimental_authenticateWithPasskey(...args);
}catch (e) {
  if (isClerkRuntimeError(e)) {
      if (err.code === 'passkey_operation_aborted') {
          ...
      }
  }
}

  • 0699fa496: Add support for different CAPTCHA widget types

  • 0293f29c8: Add support for custom roles in <OrganizationProfile/>.

    The previous roles (admin and basic_member), are still kept as a fallback.

  • 9180c8b80: Deprecate supported_identifiers and remove supported_external_accounts.

  • e400fa9e3: Introducing default values for allowedRedirectOrigins. If no value is provided, default values similar to the example below will apply.

    Let's assume the host of the application is test.host, the origins will be

    • https://test.host/
    • https://yourawesomeapp.clerk.accounts.dev/
    • https://*.yourawesomeapp.clerk.accounts.dev/

  • fc3ffd880: Support for prompting a user to reset their password if it is found to be compromised during sign-in.

  • 31570f138: During sign in, navigate to the reset-password route if the user needs a new password. This happens when you enforce password usage during sign-in in your dashboard. Previously this case wasn't handled in the password form.

    The signIn.resetPassword.requiredMessage localization was updated to 'For security reasons, it is required to reset your password.'.

  • 492b8a7b1: Increase the duration until data become stale for organization hooks.

  • 2352149f6: Move passkey related apis to stable:

    • Register passkey for a user Usage: await clerk.user.createPasskey()

    • Authenticate with passkey Usage: await clerk.client.signIn.authenticateWithPasskey()

      try {
  await clerk.client.signIn.authenticateWithPasskey(...args);
}catch (e) {
  if (isClerkRuntimeError(e)) {
      if (err.code === 'passkey_operation_aborted') {
          ...
      }
  }
}

    • ClerkRuntimeError codes introduced:

      • passkey_not_supported
      • passkeys_pa_not_supported
      • passkey_invalid_rpID_or_domain
      • passkey_already_exists
      • passkey_operation_aborted
      • passkey_retrieval_cancelled
      • passkey_retrieval_failed
      • passkey_registration_cancelled
      • passkey_registration_failed

    • Get the user's passkeys clerk.user.passkeys

    • Update the name of a passkey clerk.user.passkeys?.[0].update({name:'Company issued passkey'})

    • Delete a passkey clerk.user.passkeys?.[0].delete()

  • ff803ff20: Throw an error in development when there is an invalid mount or modal open. This includes mounting a component when the resource is not available (i.e. mountUserProfile() when the user does not exist) as well as mounting a component without the feature being enabled via the clerk dashboard (i.e. mountOrganizationProfile() without having organizations enabled).

  • ff08fe237: Introduce experimental support for Google One Tap

    • React Component <__experimental_GoogleOneTap/>
    • JS clerk.__experimental_mountGoogleOneTap(node,props)

  • 73849836f: Use sigUpUrl from props / context / repo-level to construct a redirectUrl in sign-in from email-link flow.

  • 9737ef510: Accept skipInvitationScreen as a prop from OrganizationSwitcher.

    skipInvitationScreen hides the screen for sending invitations after an organization is created. By default, Clerk will automatically hide the screen if the number of max allowed members is equal to 1

  • fafa76fb6: Experimental support for a user to register a passkey for their account. Usage: await clerk.user.__experimental__createPasskey()

  • 1f650f30a: Experimental support for authenticating with a passkey. Example usage: await signIn.authenticateWithPasskey().

  • d941b902f: Drop firebase legacy integration code and start using sessions/:sid/tokens/:template endpoint for the firebase tokens.

  • 57e0972bb: Remove fallback data and allow promise to throw for paginated endpoint methods. Affected methods:

    • Organization.getDomains
    • Organization.getInvitations
    • Organization.getMembershipRequests
    • Organization.getMemberships
    • User.getOrganizationInvitations
    • User.getOrganizationSuggestions
    • User.getOrganizationMemberships

  • fe2607b6f: Remove MembershipRole. The type MembershipRole would always include the old role keys admin, basic_member, guest_member. If developers still depend on them after the introduction of custom roles, the can provide them as their custom types for authorization.

    // clerk.d.ts
interface ClerkAuthorization {
  permission: '';
  role: 'admin' | 'basic_member' | 'guest_member';
}

  • c7e6d00f5: Experimental support for <Gate/> with role checks.

  • ef72c0ae6: Remove unused error helpers.

    • clerkErrorInvalidColor()
    • clerkCoreErrorUserIsNotDefined()
    • clerkCoreErrorSessionIsNotDefined()
    • clerkCoreErrorOrganizationIsNotDefined()

  • 663243220: Remove the unused appearance keys for accordion and breadcrumb elements.

  • d1b524ffb: Handle user_locked error encountered in an oauth flow by redirecting to /sign-up or /sign-in

  • 12962bc58: Re-use common pagination types for consistency across types.

    Types introduced in @clerk/types:

    • ClerkPaginationRequest : describes pagination related props in request payload
    • ClerkPaginatedResponse : describes pagination related props in response body
    • ClerkPaginationParams : describes pagination related props in api client method params

  • 2e4a43017: Update @clerk/clerk-js and @clerk/clerk-react to support the following examples:

    Clerk.signOut({ redirectUrl: '/' })

<SignOutButton redirectUrl='/' />
// uses Clerk.signOut({ redirectUrl: '/' })
<UserButton afterSignOutUrl='/after' />
// uses Clerk.signOut({ redirectUrl: '/after' })
<ClerkProvider afterSignOutUrl='/after' />
// uses Clerk.signOut({ redirectUrl: '/after' })

  • 5aab9f04a: Add routerDebug option in Clerk.load() to log the destination URLs when navigating

  • 46040a2f3: Introduce Protect for authorization. Changes in public APIs:

    • Rename Gate to Protect
    • Support for permission checks. (Previously only roles could be used)
    • Remove the experimental tags and prefixes
    • Drop some from the has utility and Protect. Protect now accepts a condition prop where a function is expected with the has being exposed as the param.
    • Protect can now be used without required props. In this case behaves as <SignedIn>, if no authorization props are passed.
    • has will throw an error if neither permission or role is passed.
    • auth().protect() for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.
      • inside a page or layout file it will render the nearest not-found component set by the developer
      • inside a route handler it will return empty response body with a 404 status code

  • 9e57e94d2: Greatly improve the UX when users are creating their passwords. The hints below the input fields now have smoother animations and show more types of feedback based on different conditions. Additionally, the password validation is now debounced.

  • 7f751c4ef: Add support for X/Twitter v2 OAuth provider

  • 18c0d015d: Pass environment into sdkMetadata in order to detect if production clerk-js is used by other sdks in dev mode. When it is log dev warning from clerk-js.

  • 0d1052ac2: Add a private __navigateWithError util function to clerk for use in User Lockout scenarios

  • 5471c7e8d: Move and export the following from @clerk/clerk-js and @clerk/nextjs to @clerk/shared: - DEV_BROWSER_SSO_JWT_PARAMETER - DEV_BROWSER_JWT_MARKER - DEV_BROWSER_SSO_JWT_KEY - setDevBrowserJWTInURL - getDevBrowserJWTFromURL - getDevBrowserJWTFromResponse

  • 5d6937c9f: Use signInUrl from props / context / repo-level to construct a redirectUrl in sign-up from email-link flow.

  • ebf9be77f: Allow users to authenticate with passkeys via the <SignIn/>.

  • 008ac4217: Experimental support for reading, updating, and deleting a user's registered passkeys.

    • Get the user's passkeys clerk.user.__experimental__passkeys
    • Update the name of a passkey clerk.user.__experimental__passkeys?.[0].update({name:'work laptop passkey'})
    • Delete a passkey clerk.user.__experimental__passkeys?.[0].delete()

Patch Changes

  • 3daa937a7: Bug fix: Respect navigateAfterCreateOrganization in <OrganizationList/>.

  • 69ce3e185: Update @zxcvbn-ts/core from 2.2.1 to 3.0.4. Update @zxcvbn-ts/language-common from 3.0.2 to 3.0.4.

  • 3ba3f383b: Internal refactoring of form fields, deprecation of Form.Control and introduction of Form.PlainInput.

  • 1ddffb67e: A bug fix for prefetching data for OrganizationSwitcher and correctly displaying a notification count in the switcher as well.

  • 1834a3ee4: fix(shared,clerk-js): Do not replace current URL if it does not contain a clerk token

  • 64d3763ec: Fix incorrect pagination counters in data tables inside <OrganizationProfile/>.

  • 0a108ae3b: Inform developers who are using legacy Clerk development instances that in V5 URL Based Session Syncing must be enabled. For more information refer to https://clerk.com/docs/upgrade-guides/url-based-session-syncing.

  • e214450e9: Reset OTP field when pressing "Cancel" in VerifyDomainPage inside <OrganziatoinProfile/>.

  • 034abeb76: Use strict equality operator to check for lockout errors in handleRedirectCallback

  • d08d96971: Fixes errant act output from unit tests

  • 17a6158e8: Warn about legacy redirect search params

  • 9dc46b2c1: Fix the PhoneInput country ISO text color

  • d422dae67: Fixes memebership count in <OrganizationProfile/> Members page for members with org:sys_memberships:read permission

  • a2ab0d300: Align country code position with phone number input.

  • 6c2d88ee8: Add data-1p-ignore to input fields that do not benefit from password manager suggestions.

  • d37d44a68: Shows list of domains if member has the org:sys_domain:read permission.

  • 434a96ebe: Hide backup codes when adding phone_code mfa and instance setting is off.

  • 791c49807: Rename the @staging tag to @canary. Drop support for @next tag.

  • 5f49568f6: Emit session when permissions or role of the active memberships change.

  • 8b40dc7a3: Enhance CreateOrganizationForm by replacing AvatarPreview with an upload button to prevent layout shifts

  • dd49f93da: Fallback to custom role name if localization is not provided.

  • 7466fa505: Update cookie setting to ensure cookies can be set to be read when an application is embedded in an iframe.

  • 2de442b24: Rename beta-v5 to beta

  • db18787c4: Always drop **clerk_db_jwt and **dev_session params from the URL

  • 6a769771c: Update README for v5

  • 6d3b422c8: Avoid depending on count as it can be zero but invitations may still exist.

  • 23ebc89e9: Bug fix: Avoid triggering prepare verification twice. (Affects only dev mode)

  • 9e10d577e: Return reject(err) in factor one & two code forms

  • 2684f1d5c: Fix checkbox styling issues

  • beac05f39: Fix SSO callback Turnstile widget alignment

  • 097ec4872: The organizationPreviewSecondaryIdentifier element will no longer be rendered empty inside the organization switcher's list.

  • 06d2b4fca: Resolve type issues when importing @clerk/clerk-js directly

  • bab2e7e05: Support but warn when afterSignInUrl and afterSignUpUrl are used

  • 27052469e: Use userMemberships instead of organizationList inside <OrganizationSwitcher/>.

  • 9e99eb727: Update @clerk/nextjs error messages to refer to clerkMiddleware() and deprecated authMiddleware() and fix a typo in cannotRenderSignUpComponentWhenSessionExists error message.

  • 846a4c24d: Update user memberships when user creates, leaves or deletes an organization.

  • 491fba5ad: Throw error for unsupported method OrganizationMembership.reload

  • d65d36fc6: Tests for internal PlainInput component.

  • 94bbdf7df: Fix font size inconsistencies when selecting method to sign in.

  • 98b194b2a: Fix badge misalignment on members list when title is empty

  • 1c199d1d2: Fix for input group components with prefix or suffix to match the rest of the design

  • 676d23a59: Revalidate invitations table after invitation screen submit.

  • 12f3c5c55: Update the debBrowser handling logic to remove hash-based devBrowser JWTs from the URL. Even if v5 does not use the hash-based JWT at all, we still need to remove it from the URL in case clerk-js is initialised on a page after a redirect from an older clerk-js version, such as an AccountPortal using the v4 components

  • 394cecc6b: Prevent submitting on enter in Organization Profile form when submit button is disabled.

  • d9f265fcb: Fallback to invisible CAPTCHA if the element to render to is not found in the DOM

  • d005992e0: Require role to be selected before sending organization invite, affects <OrganizationProfile/> and `.

  • d1dc44cc7: Correct chunk loading logic in clerk.headless.browser variant

  • 141f09fdc: Fix the input box-shadow on iOS 16 devices

  • b6c4e1cfe: Display a warning in the browser's console when organization components are mounted but the "Organizations" feature is disabled for the instance.

  • 7d3aa44d7: Disable emailAdress field in SignUp if fields.emailAddress.disabled is true

  • fbbb1afc2: Exclude external custom links from route matching. Previously adding external links to custom pages would cause all pages that are defined below it to throw an error.

  • e7414cb3f: Remove legacy roles fallback After the release of Custom Roles, roles should always be dynamically fetched.

  • 63373bf21: Correct the HTML structure of the UI components to ensure validity

  • 0ee1777e0: Allow retries for all 300xxx error codes for CF Turnstile.

  • 78fc5eec0: Introduces new element appearance descriptors:

    • activeDeviceListItem allows you to customize the appearance of the active device list (accordion) item
      • activeDeviceListItem__current allows you to customize the appearance of the current active device list (accordion) item
    • activeDevice allows you to customize the appearance of the active device item
      • activeDevice__current allows you to customize the appearance of the current active device item

  • 6e54b1b59: Sync IsomorphicClerk with the clerk singleton and the LoadedClerk interface. IsomorphicClerk now extends from LoadedClerk.

  • 4edb77632: Replace Form.Control with Form.PlainInput for text and email inputs.

  • 4aff3d936: Bug Fix: When authenticating with a passkey and user was looked out an error was thrown for accessing an undefined variable

  • 976c6a07e: Fixes an icon misalignment in account switcher.

  • 6a33709cc: Drop org:sys_domains:delete and org:sys_memberships:delete as those have now been merged with the respective manage ones.

  • 45c92006c: Ensure the token returned from getToken() and the token in the session cookie remain in sync.

  • d9bd2b4ea: Fix: fallback to other first factors when preferred strategy is passkey but the user has not registered a passkey yet.

  • f77e8cdbd: Add Autocomplete TS generic for union literals

  • 8b466a9ba: Prevent Clerk component flickering when mounted in a Next.js app using App Router

  • 4063bd8e9: Introduce more component animations

  • 8cc45d2af: Allow dynamic values components props, even if these values change after the components are rendered. For example, a SignIn component with a redirectUrl prop passed in will always respect the latest value of redirectUrl.

  • fe6215dea: Fix the OAuth errors coming from the server to use localizations

  • c6a5e0f5d: Add maintenance mode banner to the SignIn and SignUp components. The text can be customized by updating the maintenanceMode localization key.

  • 4edb77632: Localize placeholder of confirmation field when deleting a user account from <UserProfile/>.

  • b0ca7b801: Refactor of internal input group, password field, and checkbox inputs in forms.

  • 30dfdf2aa: Fallback to the API error message when the password is pwned and there is no translation available.

  • 8b261add2: Use pattern for email input fields.

  • 9955938d6: Hide members page of if user doesn't have any membership related permissions.

  • 1affbb22a: Replace semver with custom regex in versionSelector

  • 8ca8517bf: Warn instead of erroring when a legacy redirect prop ('redirectUrl', 'afterSignInUrl', 'afterSignUpUrl') is used

  • f00fd2dfe: Support legacy redirectUrl prop on SignIn and SignUp

  • 046224177: Make useAwaitableNavigate handle navigations between pages reliably

  • e4c0ae028: Users will no longer see an error the SignIn component when they try to close popups due to passkey autofill.

  • 75ea300bc: Add useAssertWrappedByClerkProvider to internal code. If you use hooks like useAuth outside of the <ClerkProvider /> context an error will be thrown. For example:

    @clerk/clerk-react: useAuth can only be used within the <ClerkProvider /> component

  • db3eefe8c: Refactor of internal radio input in forms.

  • 93a611570: Re-initialize the Client to default values when is destroyed

  • aaa457097: Escape characters in pattern for inputs of [type="email"]

  • fc36e2e54: We are rolling back support for password complexity / strength checks during sign-in. Feature will be limited to HIBP for now. Hence, the password form need not expect a sign_in status of needs_new_password.

  • 920c9e1b5: Hide "Add domain" button inside <OrganizationProfile/> when user is missing the org:sys_domains:manage permission.

  • e7ae9c36a: Show counter of members/invitations/requests even if it is 0.

  • ebf9f165f: Fix transfer flow when having the Smart Bot Protection enabled

  • 445026ab7: Make the instant password field focusable if it is autofilled.

  • f540e9843: Return to localhost when SSO callback fails on SignIn or SignUp

  • 4705d63a8: Ensures we don't attempt to access window.addEventListener() in non-browser environments.

  • 7b40924e4: Remove handshake-related query parameters on load of clerk-js. It's possible that these parameters will be returned from Clerk's API, but they are only applicable for SSR-compatible frameworks and so on the client they are unused.

  • bf09d18d6: Bug fix: Clear feedback of input field if setError is called with undefined.

  • 59336d3d4: Refresh invited members upon revocation

  • 5dea004b1: Fix invite members to an Organization form to show error when invalid email addresses are submitted.

  • c3dccfc34: Update token refresh mechanism to handle network failures without raising an error

  • 2f6306fd3: Fix Custom Pages freeze error by using useMemo for when creating the custom pages

  • 6fd303b99: Take account custom pages when redirecting inside OrganizationProfile.

  • 750337633: Fix redirect flow for OAuth2 IDP flow with email_link verification.

  • 859b5495f: Removed hoverable state from no-interactive sections in <UserProfile/>

  • 9040549d6: Bug fix: fetch custom roles in OrganizationSwitcher

  • f02482bb5: Add spacing between Add domain button and it's subtitle that's under the Verified Domains section in <OrganizationProfile/> component.

  • 8fbe8ba2f: Make UI-triggered redirects default to hash-based routing. If a routing strategy is not provided, default to hash routing. All routing strategies know how to convert a hash-based url to their own format.

  • fb794ce7b: Support older iOS 13.3 and 13.4 mobile devices

  • b9dd8e7c0: Height misalignment fixes for Password section in <UserProfile/>

  • 94519aa33: Renaming passkeys_pa_not_supported to passkey_pa_not_supported to align with the rest passkey error codes.

  • d11aa60eb: Align action buttons with user preview in <UserButton/>

  • 79040966f: Inputs will now trim usernames and email addresses since whitespace as a prefix or suffix is invalid in these fields.

  • 63ef35ec5: Hide "Add passkey" button in UP when app is satellite.

  • 40ac4b645: Introduces telemetry collection from Clerk's SDKs. Collected telemetry will be used to gain insights into product usage and help drive roadmap priority. For more information, see https://clerk.com/docs/telemetry.

  • 9c6411aa8: Avoid passing some of the new feedback properties down to the HTML basic elements to avoid react warnings in the console.

  • 22f19d3bf: Fixed issue that prevented backup codes showing up for TOTP

  • 11fbfdeec: Give application logo correct CSS width to prevent incorrect widths

  • 6eab66050: Remove legacy __dev_session from URL search params

  • 5db6dbb90: Remove the __clerk_ticket and __clerk_invitation_token query params after they are consumed.

  • 6d89f2687: Hide maintenance banner when card has global error

  • 0551488fb: Add setter for sdkMetadata on Clerk to address issues arising from older versions of the SDK.

  • Updated dependencies [178907ff6]

  • Updated dependencies [08118edfa]

  • Updated dependencies [743c4d204]

  • Updated dependencies [4b8bedc66]

  • Updated dependencies [78ed58da4]

  • Updated dependencies [1db1f4068]

  • Updated dependencies [c2a090513]

  • Updated dependencies [0d0b1d89a]

  • Updated dependencies [1834a3ee4]

  • Updated dependencies [896cb6104]

  • Updated dependencies [64d3763ec]

  • Updated dependencies [af80d7074]

  • Updated dependencies [8350109ab]

  • Updated dependencies [f8328deb9]

  • Updated dependencies [88d5d2ca0]

  • Updated dependencies [1dc28ab46]

  • Updated dependencies [83e9d0846]

  • Updated dependencies [d37d44a68]

  • Updated dependencies [fe356eebd]

  • Updated dependencies [791c49807]

  • Updated dependencies [164ca116c]

  • Updated dependencies [ea4933655]

  • Updated dependencies [7f6a64f43]

  • Updated dependencies [afec17953]

  • Updated dependencies [0699fa496]

  • Updated dependencies [a68eb3083]

  • Updated dependencies [2de442b24]

  • Updated dependencies [0293f29c8]

  • Updated dependencies [5f58a2274]

  • Updated dependencies [9180c8b80]

  • Updated dependencies [db18787c4]

  • Updated dependencies [7f833da9e]

  • Updated dependencies [ef2325dcc]

  • Updated dependencies [9f5491357]

  • Updated dependencies [fc3ffd880]

  • Updated dependencies [840636a14]

  • Updated dependencies [13ed9ac54]

  • Updated dependencies [31570f138]

  • Updated dependencies [bab2e7e05]

  • Updated dependencies [71663c568]

  • Updated dependencies [492b8a7b1]

  • Updated dependencies [2352149f6]

  • Updated dependencies [e5c989a03]

  • Updated dependencies [ff08fe237]

  • Updated dependencies [7ecd6f6ab]

  • Updated dependencies [12f3c5c55]

  • Updated dependencies [244de5ea3]

  • Updated dependencies [c776f86fb]

  • Updated dependencies [d9f265fcb]

  • Updated dependencies [7bffc47cb]

  • Updated dependencies [4e31fca12]

  • Updated dependencies [9737ef510]

  • Updated dependencies [fafa76fb6]

  • Updated dependencies [75d6bf9ad]

  • Updated dependencies [2b8fe238a]

  • Updated dependencies [27fb9b728]

  • Updated dependencies [b473ad862]

  • Updated dependencies [1f650f30a]

  • Updated dependencies [97407d8aa]

  • Updated dependencies [2a22aade8]

  • Updated dependencies [69ce3e185]

  • Updated dependencies [5b8d85886]

  • Updated dependencies [78fc5eec0]

  • Updated dependencies [a9fe242be]

  • Updated dependencies [5f58a2274]

  • Updated dependencies [6a33709cc]

  • Updated dependencies [eb796dd9e]

  • Updated dependencies [52ff8fe6b]

  • Updated dependencies [f77e8cdbd]

  • Updated dependencies [8b466a9ba]

  • Updated dependencies [fe2607b6f]

  • Updated dependencies [c7e6d00f5]

  • Updated dependencies [8cc45d2af]

  • Updated dependencies [390a70732]

  • Updated dependencies [663243220]

  • Updated dependencies [b8599d700]

  • Updated dependencies [c6a5e0f5d]

  • Updated dependencies [4edb77632]

  • Updated dependencies [ab4eb56a5]

  • Updated dependencies [a9fe242be]

  • Updated dependencies [5c239d973]

  • Updated dependencies [97407d8aa]

  • Updated dependencies [12962bc58]

  • Updated dependencies [e6f8928f1]

  • Updated dependencies [4bb57057e]

  • Updated dependencies [d4ff346dd]

  • Updated dependencies [7644b7472]

  • Updated dependencies [2ec9f6b09]

  • Updated dependencies [2e4a43017]

  • Updated dependencies [2d383e413]

  • Updated dependencies [6b316611f]

  • Updated dependencies [f3b6f32b3]

  • Updated dependencies [5aab9f04a]

  • Updated dependencies [46040a2f3]

  • Updated dependencies [f00fd2dfe]

  • Updated dependencies [8daf8451c]

  • Updated dependencies [75ea300bc]

  • Updated dependencies [9a1fe3728]

  • Updated dependencies [7f751c4ef]

  • Updated dependencies [370b17b12]

  • Updated dependencies [f5d55bb1f]

  • Updated dependencies [18c0d015d]

  • Updated dependencies [1a0268509]

  • Updated dependencies [0d1052ac2]

  • Updated dependencies [d30ea1faa]

  • Updated dependencies [7886ba89d]

  • Updated dependencies [1fd2eff38]

  • Updated dependencies [9a1fe3728]

  • Updated dependencies [5471c7e8d]

  • Updated dependencies [f540e9843]

  • Updated dependencies [477170962]

  • Updated dependencies [1078e8c58]

  • Updated dependencies [38d8b3e8a]

  • Updated dependencies [be991365e]

  • Updated dependencies [8350f73a6]

  • Updated dependencies [34fe88f73]

  • Updated dependencies [d6a7ea61a]

  • Updated dependencies [e0e79b4fe]

  • Updated dependencies [41ae1d2f0]

  • Updated dependencies [fb794ce7b]

  • Updated dependencies [48ca40af9]

  • Updated dependencies [94519aa33]

  • Updated dependencies [ebf9be77f]

  • Updated dependencies [008ac4217]

  • Updated dependencies [40ac4b645]

  • Updated dependencies [6f755addd]

  • Updated dependencies [429d030f7]

  • Updated dependencies [844847e0b]

  • Updated dependencies [6eab66050]

    • @clerk/localizations@2.0.0
    • @clerk/shared@2.0.0
    • @clerk/types@4.0.0

5.0.0-beta.49

Patch Changes

  • Support legacy redirectUrl prop on SignIn and SignUp by @nikosdouvlis

  • Updated dependencies [f00fd2dfe]:

    • @clerk/types@4.0.0-beta.30

5.0.0-beta.48

Patch Changes

5.0.0-beta.47

Patch Changes

  • Warn instead of erroring when a legacy redirect prop ('redirectUrl', 'afterSignInUrl', 'afterSignUpUrl') is used by @nikosdouvlis

5.0.0-beta.46

Patch Changes

  • Bug fix: Respect navigateAfterCreateOrganization in <OrganizationList/>. (#3209) by @panteliselef

  • Introduce forceRedirectUrl and fallbackRedirectUrl (#3162) by @nikosdouvlis

  • Updated dependencies [bab2e7e05]:

    • @clerk/shared@2.0.0-beta.23
    • @clerk/types@4.0.0-beta.29

5.0.0-beta.45

Minor Changes

  • Introduce experimental support for Google One Tap (#3176) by @panteliselef
    • React Component <__experimental_GoogleOneTap/>
    • JS clerk.__experimental_mountGoogleOneTap(node,props)

Patch Changes

  • Align country code position with phone number input. (#3199) by @octoper

  • Fix SSO callback Turnstile widget alignment (#3205) by @anagstef

  • Fallback to invisible CAPTCHA if the element to render to is not found in the DOM (#3191) by @anagstef

  • Fix transfer flow when having the Smart Bot Protection enabled (#3202) by @anagstef

  • Removed hoverable state from no-interactive sections in <UserProfile/> (#3201) by @octoper

  • Make UI-triggered redirects default to hash-based routing. If a routing strategy is not provided, default to hash routing. All routing strategies know how to convert a hash-based url to their own format. (#3061) by @nikosdouvlis

  • Support older iOS 13.3 and 13.4 mobile devices (#3188) by @nikosdouvlis

  • Align action buttons with user preview in <UserButton/> (#3200) by @octoper

  • Fixed issue that prevented backup codes showing up for TOTP (#3194) by @octoper

  • Updated dependencies [ff08fe237, d9f265fcb, 2b8fe238a, 1078e8c58, fb794ce7b]:

    • @clerk/types@4.0.0-beta.28
    • @clerk/localizations@2.0.0-beta.24
    • @clerk/shared@2.0.0-beta.22

5.0.0-beta.44

Patch Changes

  • Bug Fix: When authenticating with a passkey and user was looked out an error was thrown for accessing an undefined variable (#3172) by @panteliselef

  • Renaming passkeys_pa_not_supported to passkey_pa_not_supported to align with the rest passkey error codes. (#3173) by @panteliselef

  • Updated dependencies [94519aa33]:

    • @clerk/localizations@2.0.0-beta.23
    • @clerk/types@4.0.0-beta.27

5.0.0-beta.43

Minor Changes

Patch Changes

  • Updated dependencies [0699fa496]:
    • @clerk/types@4.0.0-beta.26

5.0.0-beta.42

Minor Changes

  • Move passkey related apis to stable: (#3134) by @panteliselef

    • Register passkey for a user Usage: await clerk.user.createPasskey()

    • Authenticate with passkey Usage: await clerk.client.signIn.authenticateWithPasskey()

      try {
  await clerk.client.signIn.authenticateWithPasskey(...args);
}catch (e) {
  if (isClerkRuntimeError(e)) {
      if (err.code === 'passkey_operation_aborted') {
          ...
      }
  }
}

    • ClerkRuntimeError codes introduced:

      • passkey_not_supported
      • passkeys_pa_not_supported
      • passkey_invalid_rpID_or_domain
      • passkey_already_exists
      • passkey_operation_aborted
      • passkey_retrieval_cancelled
      • passkey_retrieval_failed
      • passkey_registration_cancelled
      • passkey_registration_failed

    • Get the user's passkeys clerk.user.passkeys

    • Update the name of a passkey clerk.user.passkeys?.[0].update({name:'Company issued passkey'})

    • Delete a passkey clerk.user.passkeys?.[0].delete()

Patch Changes

  • Resolve type issues when importing @clerk/clerk-js directly (#3142) by @nikosdouvlis

  • Updated dependencies [2352149f6]:

    • @clerk/localizations@2.0.0-beta.22
    • @clerk/types@4.0.0-beta.25

5.0.0-beta.41

Patch Changes

  • Hide maintenance banner when card has global error by @nikosdouvlis

5.0.0-beta.40

Minor Changes

  • Deprecate supported_identifiers and remove supported_external_accounts. (#3089) by @panteliselef

Patch Changes

  • Fixes memebership count in <OrganizationProfile/> Members page for members with org:sys_memberships:read permission (#3093) by @octoper

  • Avoid depending on count as it can be zero but invitations may still exist. (#3092) by @panteliselef

  • Fixes an icon misalignment in account switcher. (#3108) by @octoper

  • Add maintenance mode banner to the SignIn and SignUp components. The text can be customized by updating the maintenanceMode localization key. by @nikosdouvlis

  • Ensures we don't attempt to access window.addEventListener() in non-browser environments. (#3097) by @BRKalow

  • Updated dependencies [88d5d2ca0, 9180c8b80, c6a5e0f5d, e6f8928f1, f3b6f32b3]:

    • @clerk/localizations@2.0.0-beta.21
    • @clerk/types@4.0.0-beta.24

5.0.0-beta.39

Minor Changes

  • Support for prompting a user to reset their password if it is found to be compromised during sign-in. (#3034) by @yourtallness

Patch Changes

  • Correct chunk loading logic in clerk.headless.browser variant (#3062) by @LekoArts

  • Return to localhost when SSO callback fails on SignIn or SignUp (#2955) by @anagstef

  • Update token refresh mechanism to handle network failures without raising an error (#3035) by @dimkl

  • Height misalignment fixes for Password section in <UserProfile/> (#3081) by @octoper

  • Hide "Add passkey" button in UP when app is satellite. (#3070) by @panteliselef

  • Updated dependencies [fc3ffd880, 840636a14, 1fd2eff38, f540e9843]:

    • @clerk/localizations@2.0.0-beta.20
    • @clerk/shared@2.0.0-beta.21
    • @clerk/types@4.0.0-beta.23

5.0.0-beta.38

Patch Changes

  • We are rolling back support for password complexity / strength checks during sign-in. Feature will be limited to HIBP for now. Hence, the password form need not expect a sign_in status of needs_new_password. (#3050) by @yourtallness

5.0.0-beta.37

Patch Changes

  • Updated dependencies [8350109ab]:
    • @clerk/shared@2.0.0-beta.20

5.0.0-beta.36

Minor Changes

  • Improved error handling for registration and retrieval of passkeys. (#3025) by @panteliselef

    ClerkRuntimeError codes introduced:

    • passkey_not_supported
    • passkeys_pa_not_supported
    • passkey_invalid_rpID_or_domain
    • passkey_already_exists
    • passkey_operation_aborted
    • passkey_retrieval_cancelled
    • passkey_retrieval_failed
    • passkey_registration_cancelled
    • passkey_registration_failed

    Example usage:

    try {
  await __experimental_authenticateWithPasskey(...args);
}catch (e) {
  if (isClerkRuntimeError(e)) {
      if (err.code === 'passkey_operation_aborted') {
          ...
      }
  }
}

Patch Changes

5.0.0-beta.35

Minor Changes

  • List passkeys under security in UserProfile. (#2958) by @panteliselef

    • Supports renaming a passkey.
    • Supports deleting a passkey.

  • During sign in, navigate to the reset-password route if the user needs a new password. This happens when you enforce password usage during sign-in in your dashboard. Previously this case wasn't handled in the password form. (#2984) by @yourtallness

    The signIn.resetPassword.requiredMessage localization was updated to 'For security reasons, it is required to reset your password.'.

  • Throw an error in development when there is an invalid mount or modal open. This includes mounting a component when the resource is not available (i.e. mountUserProfile() when the user does not exist) as well as mounting a component without the feature being enabled via the clerk dashboard (i.e. mountOrganizationProfile() without having organizations enabled). (#2976) by @desiprisg

  • Experimental support for authenticating with a passkey. (#2970) by @panteliselef

    Example usage: await signIn.authenticateWithPasskey().

  • Remove unused error helpers. (#2978) by @panteliselef

    • clerkErrorInvalidColor()
    • clerkCoreErrorUserIsNotDefined()
    • clerkCoreErrorSessionIsNotDefined()
    • clerkCoreErrorOrganizationIsNotDefined()

  • Remove the unused appearance keys for accordion and breadcrumb elements. (#2956) by @desiprisg

  • Allow users to authenticate with passkeys via the <SignIn/>. (#3000) by @panteliselef

Patch Changes

5.0.0-beta.34

Patch Changes

  • Fix the input box-shadow on iOS 16 devices (#2946) by @anagstef

  • Fix the OAuth errors coming from the server to use localizations (#2957) by @anagstef

  • Remove the __clerk_ticket and __clerk_invitation_token query params after they are consumed. (#2949) by @desiprisg

5.0.0-beta.33

Minor Changes

  • Experimental support for reading, updating, and deleting a user's registered passkeys. (#2926) by @panteliselef
    • Get the user's passkeys clerk.user.__experimental__passkeys
    • Update the name of a passkey clerk.user.__experimental__passkeys?.[0].update({name:'work laptop passkey'})
    • Delete a passkey clerk.user.__experimental__passkeys?.[0].delete()

Patch Changes

  • The organizationPreviewSecondaryIdentifier element will no longer be rendered empty inside the organization switcher's list. (#2936) by @desiprisg

  • Correct the HTML structure of the UI components to ensure validity (#2894) by @anagstef

  • Show counter of members/invitations/requests even if it is 0. (#2935) by @desiprisg

  • Fix invite members to an Organization form to show error when invalid email addresses are submitted. (#2928) by @octoper

  • Updated dependencies [178907ff6, 008ac4217]:

    • @clerk/localizations@2.0.0-beta.17
    • @clerk/types@4.0.0-beta.20

5.0.0-beta.32

Patch Changes

  • Updated dependencies [8350f73a6]:
    • @clerk/shared@2.0.0-beta.19

5.0.0-beta.31

Minor Changes

  • Experimental support for a user to register a passkey for their account. (#2884) by @panteliselef

    Usage: await clerk.user.__experimental__createPasskey()

Patch Changes

  • Updated dependencies [fafa76fb6]:
    • @clerk/types@4.0.0-beta.19

5.0.0-beta.30

Patch Changes

  • Fix badge misalignment on members list when title is empty (#2908) by @octoper

  • Fix Custom Pages freeze error by using useMemo for when creating the custom pages (#2897) by @desiprisg

  • Add spacing between Add domain button and it's subtitle that's under the Verified Domains section in <OrganizationProfile/> component. (#2910) by @octoper

  • Updated dependencies [e5c989a03, 2ec9f6b09]:

    • @clerk/shared@2.0.0-beta.18

5.0.0-beta.29

Minor Changes

  • Pass environment into sdkMetadata in order to detect if production clerk-js is used by other sdks in dev mode. When it is log dev warning from clerk-js. (#2802) by @panteliselef

Patch Changes

  • Updated dependencies [af80d7074, 18c0d015d]:
    • @clerk/localizations@2.0.0-beta.16
    • @clerk/types@4.0.0-beta.18

5.0.0-beta.28

Patch Changes

  • Fix the PhoneInput country ISO text color (#2893) by @anagstef

  • Make useAwaitableNavigate handle navigations between pages reliably (#2899) by @nikosdouvlis

  • Inputs will now trim usernames and email addresses since whitespace as a prefix or suffix is invalid in these fields. (#2881) by @desiprisg

  • Updated dependencies [fe356eebd]:

    • @clerk/types@4.0.0-beta.17

5.0.0-beta.27

Patch Changes

  • fix(shared,clerk-js): Do not replace current URL if it does not contain a clerk token (#2879) by @nikosdouvlis

  • Updated dependencies [1834a3ee4, f8328deb9]:

    • @clerk/shared@2.0.0-beta.17
    • @clerk/localizations@2.0.0-beta.15

5.0.0-beta.26

Patch Changes

  • Always drop **clerk_db_jwt and **dev_session params from the URL by @nikosdouvlis

  • Updated dependencies [db18787c4]:

    • @clerk/shared@2.0.0-beta.16

5.0.0-beta.25

Patch Changes

  • Remove legacy __dev_session from URL search params (#2867) by @nikosdouvlis

  • Updated dependencies [6eab66050]:

    • @clerk/shared@2.0.0-beta.15

5.0.0-beta.24

Patch Changes

  • Update the debBrowser handling logic to remove hash-based devBrowser JWTs from the URL. Even if v5 does not use the hash-based JWT at all, we still need to remove it from the URL in case clerk-js is initialised on a page after a redirect from an older clerk-js version, such as an AccountPortal using the v4 components (#2858) by @nikosdouvlis

  • Updated dependencies [12f3c5c55]:

    • @clerk/shared@2.0.0-beta.14

5.0.0-beta.23

Patch Changes

  • Updated dependencies [5c239d973]:
    • @clerk/types@4.0.0-beta.16

5.0.0-beta.22

Minor Changes

  • Use sigUpUrl from props / context / repo-level to construct a redirectUrl in sign-in from email-link flow. (#2756) by @dimkl

Patch Changes

  • Rename beta-v5 to beta by @nikosdouvlis

  • Ensure the token returned from getToken() and the token in the session cookie remain in sync. (#2809) by @nikosdouvlis

  • Updated dependencies [2de442b24]:

    • @clerk/localizations@2.0.0-beta.14
    • @clerk/shared@2.0.0-beta.13
    • @clerk/types@4.0.0-beta.15

5.0.0-beta-v5.21

Minor Changes

  • Accept skipInvitationScreen as a prop from OrganizationSwitcher. (#2713) by @panteliselef

    skipInvitationScreen hides the screen for sending invitations after an organization is created. By default, Clerk will automatically hide the screen if the number of max allowed members is equal to 1

  • Add support for X/Twitter v2 OAuth provider (#2690) by @kostaspt

  • Use signInUrl from props/ context / repo-level to construct a redirectUrl in email-link flow. (#2727) by @dimkl

Patch Changes

5.0.0-beta-v5.20

Patch Changes

5.0.0-beta-v5.19

Major Changes

Patch Changes

  • Inform developers who are using legacy Clerk development instances that in V5 URL Based Session Syncing must be enabled. For more information refer to https://clerk.com/docs/upgrade-guides/url-based-session-syncing. (#2614) by @SokratisVidros

  • Display a warning in the browser's console when organization components are mounted but the "Organizations" feature is disabled for the instance. (#2603) by @panteliselef

  • Remove handshake-related query parameters on load of clerk-js. It's possible that these parameters will be returned from Clerk's API, but they are only applicable for SSR-compatible frameworks and so on the client they are unused. (#2624) by @BRKalow

  • Updated dependencies [d4ff346dd, 7886ba89d]:

    • @clerk/shared@2.0.0-beta-v5.11
    • @clerk/localizations@2.0.0-beta-v5.12
    • @clerk/types@4.0.0-beta-v5.13

5.0.0-alpha-v5.18

Patch Changes

  • Update @clerk/nextjs error messages to refer to clerkMiddleware() and deprecated authMiddleware() and fix a typo in cannotRenderSignUpComponentWhenSessionExists error message. (#2589) by @dimkl

  • Throw error for unsupported method OrganizationMembership.reload (#2604) by @panteliselef

  • Use pattern for email input fields. (#2575) by @panteliselef

  • Take account custom pages when redirecting inside OrganizationProfile. (#2600) by @panteliselef

5.0.0-alpha-v5.17

Patch Changes

  • Hide backup codes when adding phone_code mfa and instance setting is off. (#2583) by @panteliselef

  • Update README for v5 (#2577) by @LekoArts

  • Updated dependencies [34fe88f73]:

    • @clerk/localizations@2.0.0-alpha-v5.11

5.0.0-alpha-v5.16

Patch Changes

  • Allow dynamic values components props, even if these values change after the components are rendered. For example, a SignIn component with a redirectUrl prop passed in will always respect the latest value of redirectUrl. (#2515) by @nikosdouvlis

  • Updated dependencies [8cc45d2af]:

    • @clerk/shared@2.0.0-alpha-v5.10

5.0.0-alpha-v5.15

Minor Changes

  • Remove fallback data and allow promise to throw for paginated endpoint methods. (#2491) by @panteliselef

    Affected methods:

    • Organization.getDomains
    • Organization.getInvitations
    • Organization.getMembershipRequests
    • Organization.getMemberships
    • User.getOrganizationInvitations
    • User.getOrganizationSuggestions
    • User.getOrganizationMemberships

Patch Changes

  • Exclude external custom links from route matching. Previously adding external links to custom pages would cause all pages that are defined below it to throw an error. (#2519) by @panteliselef

  • Updated dependencies [6b316611f]:

    • @clerk/localizations@2.0.0-alpha-v5.10

5.0.0-alpha-v5.14

Patch Changes

5.0.0-alpha-v5.13

Patch Changes

  • Bug fix: Avoid triggering prepare verification twice. (Affects only dev mode) (#2459) by @panteliselef

  • Bug fix: fetch custom roles in OrganizationSwitcher (#2430) by @panteliselef

  • Updated dependencies [7ecd6f6ab, 390a70732]:

    • @clerk/shared@2.0.0-alpha-v5.8
    • @clerk/localizations@2.0.0-alpha-v5.8

5.0.0-alpha-v5.12

Major Changes

  • Path-based routing is now the default routing strategy if the path prop is filled. Additionally, if the path and routing props are not filled, an error will be thrown. (#2338) by @octoper

    
// Without path or routing props, an error with be thrown
<UserProfile />
<CreateOrganization />
<OrganizationProfile />
<SignIn />
<SignUp />

// Alternative #1
<UserProfile path="/whatever"/>
<CreateOrganization path="/whatever"/>
<OrganizationProfile path="/whatever"/>
<SignIn path="/whatever"/>
<SignUp path="/whatever"/>

// Alternative #2
<UserProfile routing="hash_or_virtual"/>
<CreateOrganization routing="hash_or_virtual"/>
<OrganizationProfile routing="hash_or_virtual"/>
<SignIn routing="hash_or_virtual"/>
<SignUp routing="hash_or_virtual"/>

  • Make the user name on clickable, i.e. part of the button's trigger. (#2411) by @marcelscruz

    This change inverts the positions of cl-userButtonTrigger and cl-userButtonBox, the latter now being a child of the former.

  • Consolidate afterSignOutOneUrl & afterSignOutAllUrl to afterSignOutUrl and drop usage of Dashboard settings in ClerkJS components. The Dashboard settings should only apply to the Account Portal application. (#2414) by @dimkl

Minor Changes

  • Remove MembershipRole. The type MembershipRole would always include the old role keys admin, basic_member, guest_member. (#2388) by @panteliselef

    If developers still depend on them after the introduction of custom roles, the can provide them as their custom types for authorization.

    // clerk.d.ts
interface ClerkAuthorization {
  permission: '';
  role: 'admin' | 'basic_member' | 'guest_member';
}

  • Update @clerk/clerk-js and @clerk/clerk-react to support the following examples: (#2412) by @dimkl

    Clerk.signOut({ redirectUrl: '/' })

<SignOutButton redirectUrl='/' />
// uses Clerk.signOut({ redirectUrl: '/' })
<UserButton afterSignOutUrl='/after' />
// uses Clerk.signOut({ redirectUrl: '/after' })
<ClerkProvider afterSignOutUrl='/after' />
// uses Clerk.signOut({ redirectUrl: '/after' })

Patch Changes

  • Prevent submitting on enter in Organization Profile form when submit button is disabled. (#2400) by @panteliselef

  • Bug fix: Clear feedback of input field if setError is called with undefined. (#2399) by @panteliselef

  • Updated dependencies [fe2607b6f, 2e4a43017]:

    • @clerk/types@4.0.0-alpha-v5.12

5.0.0-alpha-v5.11

Major Changes

  • Remove hashing and third-party cookie functionality related to development instance session syncing in favor of URL-based session syncing with query parameters. (#2367) by @tmilewski

    • buildUrlWithAuth no longer accepts an options argument. (#2367) by @tmilewski

Patch Changes

5.0.0-alpha-v5.10

Major Changes

  • Drop redirectToHome redirect method in favour of redirectToAfterSignUp or redirectToAfterSignIn. (#2251) by @octoper

    When the <SignIn/> and <SignUp/> components are rendered while a user is already logged in, they will now redirect to the configured afterSignIn and afterSignUp URLs, respectively. Previously, the redirect URL was set to the home URL configured in the dashboard.

Minor Changes

  • Introduce Protect for authorization. (#2170) by @panteliselef

    Changes in public APIs:

    • Rename Gate to Protect
    • Support for permission checks. (Previously only roles could be used)
    • Remove the experimental tags and prefixes
    • Drop some from the has utility and Protect. Protect now accepts a condition prop where a function is expected with the has being exposed as the param.
    • Protect can now be used without required props. In this case behaves as <SignedIn>, if no authorization props are passed.
    • has will throw an error if neither permission or role is passed.
    • auth().protect() for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated.
      • inside a page or layout file it will render the nearest not-found component set by the developer
      • inside a route handler it will return empty response body with a 404 status code

Patch Changes

  • Update @zxcvbn-ts/core from 2.2.1 to 3.0.4. Update @zxcvbn-ts/language-common from 3.0.2 to 3.0.4. (#2326) by @LekoArts

  • Add useAssertWrappedByClerkProvider to internal code. If you use hooks like useAuth outside of the <ClerkProvider /> context an error will be thrown. For example: (#2299) by @tmilewski

    @clerk/clerk-react: useAuth can only be used within the <ClerkProvider /> component

  • Updated dependencies [896cb6104, 69ce3e185, ab4eb56a5, 46040a2f3, 75ea300bc, 370b17b12, 844847e0b]:

    • @clerk/shared@2.0.0-alpha-v5.6
    • @clerk/types@4.0.0-alpha-v5.10
    • @clerk/localizations@2.0.0-alpha-v5.7

5.0.0-alpha-v5.9

Major Changes

  • Drop Clerk.isReady(). Use Clerk.loaded instead. (#2294) by @dimkl

Patch Changes

  • Fixes errant act output from unit tests (#2289) by @tmilewski

  • Fallback to the API error message when the password is pwned and there is no translation available. (#2273) by @desiprisg

  • Make the instant password field focusable if it is autofilled. (#2283) by @desiprisg

  • Updated dependencies [1db1f4068, 7bffc47cb]:

    • @clerk/types@4.0.0-alpha-v5.9

5.0.0-alpha-v5.8

Major Changes

  • Change the default behavior of afterSignOutUrl, afterSignIn and afterSignUp props to be redirected to / instead of the Account Portal defined URL. (#2020) by @octoper

Patch Changes

  • Drop org:sys_domains:delete and org:sys_memberships:delete as those have now been merged with the respective manage ones. (#2256) by @panteliselef

  • Hide "Add domain" button inside <OrganizationProfile/> when user is missing the org:sys_domains:manage permission. (#2240) by @panteliselef

  • Add setter for sdkMetadata on Clerk to address issues arising from older versions of the SDK. (#2237) by @BRKalow

  • Updated dependencies [6a33709cc, 2d383e413, d30ea1faa]:

    • @clerk/types@4.0.0-alpha-v5.8
    • @clerk/localizations@2.0.0-alpha-v5.6
    • @clerk/shared@2.0.0-alpha-v5.5

5.0.0-alpha-v5.7

Minor Changes

  • Move usage of internal useCoreX hooks to useX hooks (#2111) by @LekoArts

Patch Changes

  • Sync IsomorphicClerk with the clerk singleton and the LoadedClerk interface. IsomorphicClerk now extends from LoadedClerk. (#2226) by @panteliselef

  • Updated dependencies [4b8bedc66, c776f86fb, d6a7ea61a]:

    • @clerk/shared@2.0.0-alpha-v5.4
    • @clerk/types@4.0.0-alpha-v5.7

5.0.0-alpha-v5.6

Major Changes

  • Use the new routerPush and routerReplace props for <ClerkProvider /> instead of navigate. (#1304) by @desiprisg

Minor Changes

  • Add routerDebug option in Clerk.load() to log the destination URLs when navigating (#2223) by @dimkl

Patch Changes

5.0.0-alpha-v5.5

Major Changes

  • All the components that using routing will throw a runtime error if the a path property is provided with a routing strategy other than path. (#2208) by @octoper

    Example that will throw an error:

    <SignIn
  routing='hash'
  path='/sign-in'
/>

Minor Changes

  • Re-use common pagination types for consistency across types. (#2210) by @dimkl

    Types introduced in @clerk/types:

    • ClerkPaginationRequest : describes pagination related props in request payload
    • ClerkPaginatedResponse : describes pagination related props in response body
    • ClerkPaginationParams : describes pagination related props in api client method params

Patch Changes

  • Updated dependencies [b8599d700, 12962bc58]:
    • @clerk/localizations@2.0.0-alpha-v5.5
    • @clerk/types@4.0.0-alpha-v5.5

5.0.0-alpha-v5.4

Major Changes

    • By default, all the components with routing will have the routing prop assigned as 'path' by default when the path prop is filled. (#1957) by @octoper

    • The <UserButton /> component will set the default value of the userProfileMode prop to 'navigation' if the userProfileUrl prop is provided.

    • The <OrganizationSwitcher /> component will have the organizationProfileMode and createOrganizationMode props assigned with 'navigation' by default if the organizationProfileUrl and createOrganizationUrl props are filled accordingly.

Minor Changes

  • Drop firebase legacy integration code and start using sessions/:sid/tokens/:template endpoint for the firebase tokens. (#2190) by @dimkl

Patch Changes

  • Reset OTP field when pressing "Cancel" in VerifyDomainPage inside <OrganziatoinProfile/>. (#2200) by @panteliselef

  • Fallback to custom role name if localization is not provided. (#2194) by @panteliselef

  • Revalidate invitations table after invitation screen submit. (#2195) by @panteliselef

  • Updated dependencies [164ca116c, 7f6a64f43]:

    • @clerk/localizations@2.0.0-alpha-v5.4
    • @clerk/types@4.0.0-alpha-v5.4

5.0.0-alpha-v5.3

Major Changes

  • Upgrade React version to >=18 and add react-dom as peer dependency (#2164) by @dimkl

    to fix issues with vite & rollup building.

  • Breaking Changes: (#2169) by @dimkl

    • Drop isLegacyFrontendApiKey from @clerk/shared
    • Drop default exports from @clerk/clerk-js
      • on headless Clerk type
      • on ui and ui.retheme Portal
    • Use isProductionFromSecretKey instead of isProductionFromApiKey
    • Use isDevelopmentFromSecretKey instead of isDevelopmentFromApiKey

    Changes:

    • Rename HeadlessBrowserClerkConstrutor / HeadlessBrowserClerkConstructor (typo)
    • Use isomorphicAtob / isomorhpicBtoa to replace base-64 in @clerk/expo
    • Refactor merging build-time and runtime props in @clerk/backend clerk client
    • Drop node-fetch dependency from @clerk/backend
    • Drop duplicate test in @clerk/backend

  • Introducing some changes and some addition for the appearence descriptors for the organization preview in <OrganizationSwitcher/>: (#2158) by @octoper

    • .cl-organizationPreview__organizationSwitcher has been renamed to .cl-organizationPreview__organizationSwitcherTrigger.
    • .cl-organizationPreview__organizationSwitcherListedOrganization was added to allow you to customize the appearance of all the listed organization previews.
    • .cl-organizationPreview__organizationSwitcherActiveOrganizationn was added to allow you to customize the appearance of the active organization.

Patch Changes

5.0.0-alpha-v5.2

Major Changes

  • Change the minimal Node.js version required by Clerk to 18.17.0. (#2162) by @dimkl

Patch Changes

  • Updated dependencies [c2a090513]:
    • @clerk/localizations@2.0.0-alpha-v5.2
    • @clerk/shared@2.0.0-alpha-v5.2
    • @clerk/types@4.0.0-alpha-v5.2

5.0.0-alpha-v5.1

Major Changes

  • Drop default exports from all packages. Migration guide: (#2150) by @dimkl

    • use import { Clerk } from '@clerk/backend';
    • use import { clerkInstance } from '@clerk/clerk-sdk-node';
    • use import { Clerk } from '@clerk/clerk-sdk-node';
    • use import { Clerk } from '@clerk/clerk-js';
    • use import { Clerk } from '@clerk/clerk-js/headless';
    • use import { IsomorphicClerk } from '@clerk/clerk-react'

  • Drop deprecations. Migration steps: (#2082) by @dimkl

    • use publishableKey instead of frontendApi
    • use Clerk.handleEmailLinkVerification() instead of Clerk.handleMagicLinkVerification()
    • use isEmailLinkError instead of isMagicLinkError
    • use EmailLinkErrorCode instead of MagicLinkErrorCode
    • use useEmailLink instead of useMagicLink
    • drop orgs jwt claim from session token
    • use ExternalAccount.imageUrl instead of ExternalAccount.avatarUrl
    • use Organization.imageUrl instead of Organization.logoUrl
    • use User.imageUrl instead of User.profileImageUrl
    • use OrganizationMembershipPublicUserData.imageUrl instead of OrganizationMembershipPublicUserData.profileImageUrl
    • use useOrganizationList instead of useOrganizations
    • use userProfileProps instead of userProfile in Appearance
    • use Clerk.setActive() instead of Clerk.setSession()
    • drop password param in User.update()
    • use afterSelectOrganizationUrl instead of afterSwitchOrganizationUrl in OrganizationSwitcher
    • drop Clerk.experimental_canUseCaptcha / Clerk.Clerk.experimental_captchaSiteKey / Clerk.experimental_captchaURL (were meant for internal use)
    • use User.getOrganizationMemberships() instead of Clerk.getOrganizationMemberships()
    • drop lastOrganizationInvitation / lastOrganizationMember from Clerk emitted events
    • drop Clerk.__unstable__invitationUpdate / Clerk.__unstable__membershipUpdate
    • drop support for string param in Organization.create()
    • use Organization.getInvitations() instead of Organization.getPendingInvitations()
    • use pageSize instead of limit in OrganizationMembership.retrieve()
    • use initialPage instead of offset in OrganizationMembership.retrieve()
    • drop lastOrganizationInvitation / lastOrganizationMember from ClerkProvider
    • use invitations instead of invitationList in useOrganization
    • use memberships instead of membershipList in useOrganization
    • use redirectUrl instead of redirect_url in User.createExternalAccount()
    • use signature instead of generatedSignature in Signup.attemptWeb3WalletVerification()

Minor Changes

  • Introducing sign out from all open tabs at once. (#2094) by @octoper

  • Introducing default values for allowedRedirectOrigins. If no value is provided, default values similar to the example below will apply. (#2128) by @octoper

    Let's assume the host of the application is test.host, the origins will be

    • https://test.host/
    • https://yourawesomeapp.clerk.accounts.dev/
    • https://*.yourawesomeapp.clerk.accounts.dev/

  • Increase the duration until data become stale for organization hooks. (#2093) by @panteliselef

  • Handle user_locked error encountered in an oauth flow by redirecting to /sign-up or /sign-in (#2019) by @yourtallness

  • Add a private __navigateWithError util function to clerk for use in User Lockout scenarios (#2043) by @yourtallness

  • Move and export the following from @clerk/clerk-js and @clerk/nextjs to @clerk/shared: (#2149) by @dimkl

    - `DEV_BROWSER_SSO_JWT_PARAMETER`
- `DEV_BROWSER_JWT_MARKER`
- `DEV_BROWSER_SSO_JWT_KEY`
- `setDevBrowserJWTInURL`
- `getDevBrowserJWTFromURL`
- `getDevBrowserJWTFromResponse`

Patch Changes

5.0.0-alpha-v5.0

Major Changes

  • Internal update default apiUrl domain from clerk.dev to clerk.com (#1878) by @dimkl

  • Dropping support for Node 14 and 16 as they both reached EOL status. The minimal Node.js version required by Clerk is 18.18.0 now. (#1864) by @dimkl

  • Avatar Shimmer will be enabled by default for <UserButton/> and <OrganizationSwitcher/>. (#1972) by @octoper

Minor Changes

  • Add support for custom roles in <OrganizationProfile/>. (#2004) by @panteliselef

    The previous roles (admin and basic_member), are still kept as a fallback.

  • Experimental support for <Gate/> with role checks. (#1942) by @panteliselef

  • Greatly improve the UX when users are creating their passwords. The hints below the input fields now have smoother animations and show more types of feedback based on different conditions. Additionally, the password validation is now debounced. (#1776) by @desiprisg

Patch Changes

  • Internal refactoring of form fields, deprecation of Form.Control and introduction of Form.PlainInput. (#1912) by @panteliselef

  • Shows list of domains if member has the org:sys_domain:read permission. (#1988) by @panteliselef

  • Rename the @staging tag to @canary. Drop support for @next tag. (#2015) by @anagstef

  • Enhance CreateOrganizationForm by replacing AvatarPreview with an upload button to prevent layout shifts (#2014) by @nikospapcom

  • Tests for internal PlainInput component. (#2029) by @panteliselef

  • Introduces new element appearance descriptors: (#1994) by @tmilewski

    • activeDeviceListItem allows you to customize the appearance of the active device list (accordion) item
      • activeDeviceListItem__current allows you to customize the appearance of the current active device list (accordion) item
    • activeDevice allows you to customize the appearance of the active device item
      • activeDevice__current allows you to customize the appearance of the current active device item

  • Replace Form.Control with Form.PlainInput for text and email inputs. (#2036) by @panteliselef

  • Localize placeholder of confirmation field when deleting a user account from <UserProfile/>. (#2036) by @panteliselef

  • Re-initialize the Client to default values when is destroyed (#1913) by @octoper

  • Avoid passing some of the new feedback properties down to the HTML basic elements to avoid react warnings in the console. (#1977) by @desiprisg

  • Updated dependencies [743c4d204, d37d44a68, 791c49807, a68eb3083, 0293f29c8, ef2325dcc, 71663c568, 97407d8aa, 78fc5eec0, c7e6d00f5, 4edb77632, 97407d8aa, 7644b7472, f5d55bb1f, 41ae1d2f0, 48ca40af9, 6f755addd]:

    • @clerk/shared@2.0.0-alpha-v5.0
    • @clerk/types@4.0.0-alpha-v5.0
    • @clerk/localizations@1.26.8-alpha-v5.0

4.63.0

Minor Changes

  • Introduce customization in UserProfile and OrganizationProfile (#1822) by @anagstef

    The <UserProfile /> component now allows the addition of custom pages and external links to the navigation sidebar. Custom pages can be created using the <UserProfile.Page> component, and external links can be added using the <UserProfile.Link> component. The default routes, such as Account and Security, can be reordered.

    Example React API usage:

    <UserProfile>
  <UserProfile.Page
    label='Custom Page'
    url='custom'
    labelIcon={<CustomIcon />}
  >
    <MyCustomPageContent />
  </UserProfile.Page>
  <UserProfile.Link
    label='External'
    url='/home'
    labelIcon={<Icon />}
  />
  <UserProfile.Page label='account' />
  <UserProfile.Page label='security' />
</UserProfile>

    Custom pages and links should be provided as children using the <UserButton.UserProfilePage> and <UserButton.UserProfileLink> components when using the UserButton component.

    The <OrganizationProfile /> component now supports the addition of custom pages and external links to the navigation sidebar. Custom pages can be created using the <OrganizationProfile.Page> component, and external links can be added using the <OrganizationProfile.Link> component. The default routes, such as Members and Settings, can be reordered.

    Example React API usage:

    <OrganizationProfile>
  <OrganizationProfile.Page
    label='Custom Page'
    url='custom'
    labelIcon={<CustomIcon />}
  >
    <MyCustomPageContent />
  </OrganizationProfile.Page>
  <OrganizationProfile.Link
    label='External'
    url='/home'
    labelIcon={<Icon />}
  />
  <OrganizationProfile.Page label='members' />
  <OrganizationProfile.Page label='settings' />
</OrganizationProfile>

    Custom pages and links should be provided as children using the <OrganizationSwitcher.OrganizationProfilePage> and <OrganizationSwitcher.OrganizationProfileLink> components when using the OrganizationSwitcher component.

Patch Changes

4.62.1

Patch Changes

  • Added formFieldInputPlaceholder__password to the placeholder of the password input in the <SignInFactorOnePasswordCard/> component (#1909) by @octoper

  • Internal fix for deprecation warning when using limi & offset. (#1904) by @panteliselef

  • Remove custom Alert from invitation page and display it as a global error instead (at the top of the component). (#1903) by @panteliselef

  • Deprecate experimental captcha from Clerk singleton. (#1905) by @panteliselef

  • Append query params for sign-in and sign-up initial values after the hash in order to be readable via hash routing. (#1855) by @desiprisg

  • Updated dependencies [ccfb0e8ed, 9ca215702]:

    • @clerk/localizations@1.26.6
    • @clerk/types@3.56.1

4.62.0

Minor Changes

  • Introduces three new element appearance descriptors: (#1803) by @octoper

    • tableHead let's you customize the tables head styles.
    • paginationButton let's you customize the pagination buttons.
    • paginationRowText let's you customize the pagination text.

  • Add new /sign-up/continue/verify-phone-number and /sign-up/continue/verify-email-address routes in order to allow navigating back to the /sign-up/continue step when editing the extra identifier that is provided in the /sign-up/continue step. (#1870) by @desiprisg

Patch Changes

  • Improve accessibility of <UserButton /> and <OrganizationSwitcher /> by using aria-* attributes (where appropriate) and roles like menu and menuitem. (#1826) by @panteliselef

  • Update default organization permissions with a sys_ prefix as part of the entitlement. This changes makes it easy to distinguish between clerk reserved permissions and custom permissions created by developers. (#1865) by @mzhong9723

  • Mark the following SAML related types as stable: (#1876) by @dimkl

    • User.samlAccounts
    • SamlAccount
    • UserSettingsResource.saml
    • UserSettingsJSON.saml
    • SamlSettings
    • UserResource.samlAccounts
    • SamlAccountResource
    • SamlStrategy
    • UserJSON.saml_accounts
    • SamlAccountJSON
    • SamlConfig
    • SamlFactor
    • HandleSamlCallbackParams

  • Deprecate the organization.__unstable__invitationUpdate and organization.__unstable__membershipUpdate methods. (#1879) by @panteliselef

  • Enforce LTR direction in code inputs (#1873) by @desiprisg

  • Replace role based check with permission based checks inside the OrganizationSwitcher component. (#1851) by @panteliselef

  • Update @emotion/react from 11.10.5 to 11.11.1 to allow internal usage of TypeScript v5 (Emotion commit) (#1877) by @LekoArts

  • Replace role based check with permission based checks inside the OrganizationSettings component. (#1850) by @panteliselef

  • Fix methods in clerk-js that consumede paginated endpoints in order to retrieve single resources. (#1871) by @panteliselef

  • Fix incorrect deprecation message for __unstable__membershipUpdate. (#1889) by @panteliselef

  • Replace role based check with permission based checks inside the OrganizationMembers component. (#1849) by @panteliselef

  • In invite members screen of the component, consume any invalid email addresses as they are returned in the API error and remove them from the input automatically. (#1869) by @chanioxaris

  • Updated dependencies [35be8709d, e38488c92, a11f962bc, 9b644d799, a9894b445, 834dadb36, 70f251007, a46d6fe99]:

    • @clerk/types@3.56.0
    • @clerk/shared@0.24.5
    • @clerk/localizations@1.26.5

4.61.0

Minor Changes

  • The sign-in form will now switch to the phone input if the only initial value provided was that of the phone number. (#1861) by @desiprisg

  • Add support for LinkedIn OIDC (#1772) by @fragoulis

Patch Changes

  • Warn about MagicLink deprecations: (#1836) by @dimkl

    • MagicLinkError
    • isMagicLinkError
    • MagicLinkErrorCode
    • handleMagicLinkVerification
    • createMagicLinkFlow
    • useMagicLink

  • Updated the OAuth buttons in the SignIn and SignUp components to prevent layout shifts while loading. (#1838) by @octoper

  • Introduces a new isAuthorized() method in the Session class. Returns a promise and checks whether the active user is allowed to perform an action based on the passed (required) permission and the ones attached to the membership. (#1834) by @panteliselef

  • Introduce a new property on the core Clerk singleton, sdkMetadata. This will be populated by each host SDK. This metadata will be used to make logging and debugging easier. (#1857) by @BRKalow

  • Fix incorrect path of types for the clerk-js headless variant. (#1848) by @panteliselef

  • Throw an error if the signInUrl is on the same origin of a satellite application or if it is of invalid format (#1845) by @desiprisg

  • Introduces an internal <Gate/> component (supporting hook and HOC) which enables us to conditionally render parts of our components based on a users permissions. (#1834) by @panteliselef

  • Correctly set idle card state when an error occurs during the MFA set up phase. (#1825) by @desiprisg

  • Introduce new *EmailLink* helpers that will replace the *MagicLink* helpers. (#1833) by @dimkl

    Also marked all the *MagicLink* as deprecated using JSDocs.

  • Disable country picker button when form is submitted (#1853) by @desiprisg

  • Updated dependencies [977336f79, 997b8e256, 7fb229688, 91e9a55f4, 91014880d, 7f4d4b942]:

    • @clerk/shared@0.24.4
    • @clerk/types@3.55.0
    • @clerk/localizations@1.26.4

4.60.1

Patch Changes

  • Apply deprecation warnings for @clerk/types: (#1823) by @dimkl

    • orgs jwt claims
    • apiKey
    • frontendApi
    • redirect_url
    • password
    • generateSignature
    • afterSwitchOrganizationUrl
    • profileImageUrl

  • Fixes an issue where the phone number value was not properly copied onto the input when pasting on the email or username field in the <SignIn/> component after autoswitching to the phone number field. The issue was introduced with the changes for the Prefill <SignIn/> and <SignUp/> feature. by @nikosdouvlis

  • Updated dependencies [1136c7c15, 1e212c19d, 1136c7c15, 1136c7c15]:

    • @clerk/shared@0.24.3

4.60.0

Minor Changes

  • Introduce a new user resource method to leave an organization. You can now call 'user.leaveOrganization(<org_id>)' when a user chooses to leave an organization instead of 'organization.removeMember(<user_id>)' which is mostly meant for organization based actions. (#1809) by @chanioxaris

Patch Changes

    • Introduce organizationProfileProps as prop in <OrganizationSwitcher/>. (#1801) by @panteliselef

    • Introduce appearance in userProfileProps in <UserButton/>.

    • Deprecate the usage of appearance.userProfile in <UserButton/>.

  • Introduce ClerkRuntimeError class for localizing error messages in ClerkJS components (#1813) by @panteliselef

  • Enables you to translate the tooltip hint while creating an organization through the formFieldHintText__slug key (#1811) by @LekoArts

  • Pins the internal dependency versions. This ensures that users installing our main framework SDKs will get consistent versions across all @clerk/ packages. (#1798) by @BRKalow

  • Fixes a UI bug on Safari, that was causing the border of tables to be displayed incorrectly (#1814) by @panteliselef

  • Warn about publicUserData.profileImageUrl nested property deprecation in OrganizationMembership & OrganizationMembershipRequest resources. (#1812) by @dimkl

  • Fix internal subpath imports by replacing them with top level imports. (#1804) by @dimkl

  • Removes it.skip from the LeaveOrganizationPage tests. (#1820) by @panteliselef

  • Updated dependencies [b59b6b75d, 164f3aac7, 68259a2bb, 33e927c59, 0636ff779, 9514618d6, ccf42105b, c7c6912f3, e3451443e, 71bb1c7b5]:

    • @clerk/types@3.54.0
    • @clerk/localizations@1.26.3
    • @clerk/shared@0.24.2

4.59.1

Patch Changes

  • Apply deprecation warnings for @clerk/clerk-js: (#1800) by @dimkl

    • Clerk.setSession

  • Updated dependencies [cecf74d79]:

    • @clerk/shared@0.24.1

4.59.0

Minor Changes

  • <SignIn/>, <SignUp/>, <RedirectToSignin/>, <RedirectToSignUp/>, clerk.redirectToSignIn() and clerk.redirectToSignUp() now accept the initialValues option, which will prefill the appropriate form fields with the values provided. (#1701) by @desiprisg

Patch Changes

  • Use our deprecate utility to log warnings about deprecated usage of Organization.getMemberships (#1779) by @dimkl

  • Fix: localized key for invalid email addresses in InviteMembers form. (#1781) by @panteliselef

  • Apply deprecation warnings clerk-js package for: (#1779) by @dimkl

    • Organization.create() using string parameter
    • Organization.retrieve() limit & offset
    • Clerk.getOrganizationMemberships()
    • svgUrl
    • avatarUrl/logoUrl/faviconUrl/profileImageUrl

  • Updated the OAuth buttons in the SignIn and SignUp components to prevent layout shifts while loading. (#1728) by @octoper

  • Updated dependencies [7ffa6fac3, cc8851765, 5c8754239, 2f6a6ac99, 753f7bbda, 55c8ebd39]:

    • @clerk/shared@0.24.0
    • @clerk/localizations@1.26.2
    • @clerk/types@3.53.0

4.58.2

Patch Changes

  • Safer usage of localStorage by checking if window is available in current environment (#1774) by @LekoArts

  • Some minor TypeScript type fixes to internal components. Also applying some ESLint recommendations. (#1756) by @LekoArts

  • Introduces a new method for fetching organization invitations called Organization.getInvitations. (#1766) by @panteliselef

    Deprecate Organization.getPendingInvitations

  • Adds the ability to force users to reset their password. (#1757) by @kostaspt

  • Updated dependencies [07ede0f95, 0eb666118, 3b85311c9, ffcc78c06, c61ddf5bf, 0366e0b20]:

    • @clerk/shared@0.23.1
    • @clerk/types@3.52.1
    • @clerk/localizations@1.26.1

4.58.1

Patch Changes

  • Fixed a bug where the "Unverified" badge was missing on email or phone number fields when those where marked as "Primary" (#1749) by @panteliselef

  • Removing the __clerk_referrer_primary that was marked as deprecated. It was introduced to support the multi-domain featured, but was replaced shortly after. (#1755) by @panteliselef

  • Updated dependencies [6706b154c, 086a2e0b7]:

    • @clerk/shared@0.23.0

4.58.0

Minor Changes

  • Introduce the new brand-new component OrganizationList (#1692) by @panteliselef
    • Lists all the memberships, invitations or suggestions an active user may have
    • Powered by our useOrganizationList react hook

Patch Changes

  • Organization.getMemberships now supports paginated responses by passing {paginated:true} (#1708) by @panteliselef

  • Change README to include updated links to issue templates and update Discord link. (#1750) by @LekoArts

  • Add support for redirecting to "factor-one" during account transfer flow. (#1696) by @kostaspt

  • Disable role selection for the last admin in OrganizationProfile (#1721) by @panteliselef

  • This PR replaces The verification link expired. Please resend it. message with the localization key formFieldError__verificationLinkExpired. The english message was also adjust to The verification link expired. Please request a new link. to make the second sentence clearer. (#1738) by @LekoArts

  • Improve color contrast in Badges (#1716) by @panteliselef

  • The issue #1557 uncovered that when using @clerk/nextjs together with next-intl the error "Failed to execute 'removeChild' on 'Node'" was thrown. (#1726) by @LekoArts

    That error came from @floating-ui/react which @clerk/clerk-js used under the hood. Its version was upgraded from 0.19.0 to 0.25.4 to fix this error.

    This error is probably not isolated to next-intl so if you encountered a similar error in the past, try upgrading.

  • Fix bug with missing or incorrect breadcrumbs in Organization and User profiles (#1722) by @panteliselef

  • Fixes minor bug in UI of a success page (#1725) by @panteliselef

  • Improve spacing consistency OrganizationList (#1717) by @panteliselef

  • Updated dependencies [e6b52ae34, e99df0a0d, 4327b91f9, 4e16d39f3, 8b9a7a360, 30bb9eccb, 01b024c57, b0f396bc5]:

    • @clerk/localizations@1.26.0
    • @clerk/types@3.52.0
    • @clerk/shared@0.22.1

4.57.0

Minor Changes

  • Introduced a new firstFactorUrl property in sign-in callback to handle unverified emails. (#1629) by @kostaspt

Patch Changes

  • Organization Switcher now displays organization invitations and suggestions in a more compact form. (#1675) by @panteliselef

  • Updated dependencies [463ff84f5, 1426e5eb3, 060b2bd6b]:

    • @clerk/types@3.51.0
    • @clerk/localizations@1.25.2

4.56.3

Patch Changes

  • Display a notification counter for admins with pending request in the active organization. The counter is it visible in OrganizationSwitcher and OrganizationProfile ("Requests" tab) (#1670) by @panteliselef

  • Previously users could leave or delete an organization by submitting the form without the macthing organization name (#1677) by @panteliselef

  • Support swapping the Clerk publishableKey at runtime to allow users to toggle the instance being used. (#1655) by @BRKalow

  • Updated dependencies [169bc3d26]:

    • @clerk/localizations@1.25.1

4.56.2

Patch Changes

  • Set SameSite=Lax for dev browser cookie, instead of Strict, so that it can be read from the server after redirects (#1638) by @yourtallness

4.56.1

Patch Changes

  • Disable chunking for @clerk/clerk-js/headless to ensure the library doesn't attempt to dynamically load chunks in a non-browser environment. (#1654) by @BRKalow

4.56.0

Minor Changes

  • Introducing validatePassword for SignIn and SignUp resources (#1445) by @panteliselef

    • Validate a password based on the instance's configuration set in Password Policies in Dashboard

  • Introduce a new resource called OrganizationSuggestion along with retrieve() & accept() methods (#1574) by @chanioxaris

    Also make available the user's suggestions from the useOrganizationList hook

  • Introduces userInvitations from useOrganizationList (#1520) by @panteliselef

    userInvitations is a paginated list of data. It can be used to create Paginated tables or Infinite lists.

  • Implement Resend OTP functionality as part of the Organization Domain verification flow (#1583) by @chanioxaris

  • Introduce hasImage in User / Organization / Session resources (#1544) by @dimkl

  • Improve redirects on OAuth callback. Now, if you try to sign up with a provider that allows unverified accounts, it will (#1563) by @kostaspt

    navigate to the appropriate change when needed, fixing the broken flow.

  • Introduce logoLinkUrl prop in appearance.layout (#1449) by @nikospapcom

    A new logoLinkUrl prop has been added to appearance.layout and used in ApplicationLogo to change the href of the link. By default, the logo link url will be the Home URL you've set in the Clerk Dashboard.

Patch Changes

  • Pass dev_browser to AP via query param, fix AP origin detection util (#1567) by @yourtallness

  • Introduces a new resource called OrganizationMembership (#1572) by @panteliselef

    • useOrganization has been updated in order to return a list of domain with the above type

  • Introduces Membership Requests in (#1576) by @panteliselef

    • This is a list of users that have requested to join the active organization

  • Updates signature of OrganizationMembership.retrieve to support backwards compatibility while allowing using the new paginated responses. (#1606) by @panteliselef

    • userMemberships is now also part of the returned values of useOrganizationList

  • Introduces the accept method in UserOrganizationInvitation class (#1550) by @panteliselef

  • Display a notification counter for organization invitations in OrganizationSwitcher (#1627) by @panteliselef

  • Introduces a new resource called OrganizationDomain (#1569) by @panteliselef

    • useOrganization has been updated in order to return a list of domain with the above type

  • Introduces domains and invitations in (#1560) by @panteliselef

    • The "Members" page now accommodates Domain and Individual invitations
    • The "Settings" page allows for the addition, edit and removal of a domain

  • Fix a bug where it was not possible to delete the username if it was optional. (#1580) by @raptisj

  • A OrganizationMembershipRequest can now be rejected (#1612) by @panteliselef

    • New OrganizationMembershipRequest.reject method alongside accept
    • As an organization admin, navigate to Organization Profile > Members > Requests. You can now reject a request from the table.

  • Ensure the session token is updated when calling setActive() in a non-browser environment. (#1623) by @BRKalow

  • Introduces an invitation list within (#1554) by @panteliselef

    • Users can accept the invitation that is sent to them

  • When updating enrollment mode of a domain uses can now delete any pending invitations or suggestions. (#1632) by @panteliselef

  • Construct urls based on context in (#1503) by @panteliselef

    • Deprecate afterSwitchOrganizationUrl
    • Introduce afterSelectOrganizationUrl & afterSelectPersonalUrl

    afterSelectOrganizationUrl accepts

    • Full URL -> 'https://clerk.com/'
    • relative path -> '/organizations'
    • relative path -> with param '/organizations/:id'
    • function that returns a string -> (org) => /org/${org.slug} afterSelectPersonalUrl accepts
    • Full URL -> 'https://clerk.com/'
    • relative path -> '/users'
    • relative path -> with param '/users/:username'
    • function that returns a string -> (user) => /users/${user.id}

  • Introduces list of suggestions within (#1577) by @panteliselef

    • Users can request to join a suggested organization

  • Updated dependencies [96cc1921c, 8d1e7d76d, 435d2cff5, 8873841fc, 0a5f632f8, 34da40a50, 3158752c7, 8538cd0c1, a412a5014, 4ea30e883, 17b3de961, 86de584dd, e404b98f7, e02a1aff2, 09bfb793e, b2296d630, dcabc22c5, 52ce79108, 4764e40c7, 1e117beec, 89bc5de04]:

    • @clerk/shared@0.22.0
    • @clerk/types@3.50.0
    • @clerk/localizations@1.25.0

4.55.0

Minor Changes

  • Handle the construction of zxcvbn errors with information from FAPI (#1526) by @raptisj

  • Eliminate pre/post onBlur states for password field and prioritize minimum character count error message over other complexity errors. (#1531) by @raptisj

  • Introduce Clerk.client.clearCache() method (#1545) by @SokratisVidros

Patch Changes

  • Deprecate usage of old image fields in favor of imageUrl (#1543) by @dimkl

  • Introduce the ability to read multiple errors. Used for password complexity errors coming from BE. (#1505) by @raptisj

  • Introduces a new internal class UserOrganizationInvitation that represents and invitation to join an organization with the organization data populated (#1527) by @panteliselef

    Additions to support the above

    • UserOrganizationInvitationResource
    • UserOrganizationInvitationJSON
    • ClerkPaginatedResponse

    ClerkPaginatedResponse represents a paginated FAPI response

  • Updated dependencies [ea95525a4, 24a46ae7e, be7a18cc0, d433b83b9, 5e1a09df4, 0a59e122d]:

    • @clerk/types@3.49.0
    • @clerk/shared@0.21.0
    • @clerk/localizations@1.24.1

4.54.2

Patch Changes

  • Updated dependencies [30cf15c10]:
    • @clerk/localizations@1.24.0

4.54.1

Patch Changes

  • Introduce the skipInvitationScreen prop on <CreateOrganization /> component (#1501) by @panteliselef

  • Removes identifier from Personal Workspace in the OrganizationSwitcher list (UI) (#1502) by @panteliselef

    • Address spacing issues when password feedback message changes (#1482) by @raptisj

    • Add a full stop in form feedback(errors and warnings) when needed

  • In <OrganizationProfile /> component, allow an admin to leave the current organization if there are more admins present. (#1498) by @chanioxaris

  • Updated dependencies [6fa4768dc]:

    • @clerk/types@3.48.1
    • @clerk/localizations@1.23.2

4.54.0

Minor Changes

Patch Changes

4.53.0

Minor Changes

  • Add a confirmation input as an additional check when doing destructive actions such as: (#1454) by @raptisj

    • delete an organization
    • delete a user account
    • leave an organization

    Νew localization keys were introduced to support the above

Patch Changes

  • Add missing property 'maxAllowedMemberships' in Organization resource (#1468) by @chanioxaris

  • Add form_username_invalid_character unstable error localization key. (#1475) by @desiprisg

  • Fixed a bug where overriding some localization values in the sign in/up start pages with an empty string would result in showing the english translation. (#1474) by @desiprisg

  • Changes to OrganizationSwitcher (#1462) by @panteliselef

    • Removal of user identifier from the trigger & popover
    • Hidden avatar of active user when hidePersonal is true

  • Enable the ability to target the avatar upload and remove action buttons (#1455) by @tmilewski

  • In the component, if the newly created organization has max allowed membership equal to 1, skip the invitation page (#1471) by @chanioxaris

  • Updated dependencies [73c9c1d0e, ae9fc247a, 1a151e701, 090bab66e, 8bd5b3d38, 5ecbb0a37, 592911196, cd361e169]:

    • @clerk/types@3.47.0
    • @clerk/localizations@1.23.0
    • @clerk/shared@0.20.0

4.52.1

Patch Changes

  • Updated dependencies [561a78bd7]:
    • @clerk/localizations@1.22.1

4.52.0

Minor Changes

  • The password field will now autofocus on the sign in factor one page. (#1447) by @desiprisg

Patch Changes

  • Move UI for deleting account to bottom of user profile component in the security section (#1407) by @jescalan

4.51.0

Minor Changes

  • Navigate to the signUp url if user visits the verify-email-address/verify-phone-number route without the proper identifier present (#1405) by @desiprisg

Patch Changes

4.50.1

Patch Changes

4.50.0

Minor Changes

  • Add ability for organization admins to delete an organization if they have permission to do so (#1368) by @jescalan

Patch Changes

  • Support cross-origin iframe to use session cookie (#1389) by @dimkl

  • Updated dependencies [bfb3af28]:

    • @clerk/localizations@1.21.0
    • @clerk/types@3.46.0

4.49.0

Minor Changes

  • If user does not have permission to create an org, create org button will not display in the OrganizationSwitcher UI (#1373) by @jescalan

Patch Changes

  • Fix to pull from the correct permissions set when displaying user delete self UI (#1372) by @jescalan

  • Updated dependencies [11954816, 32148490]:

    • @clerk/types@3.45.0
    • @clerk/localizations@1.20.1

4.48.1

Patch Changes

  • Updated dependencies [e67e0fb2, 17cc14ec]:
    • @clerk/localizations@1.20.0
    • @clerk/types@3.44.0

4.48.0

Minor Changes

  • Adds the ability for users to delete their own accounts, as long as they have permission to do so (#1307) by @jescalan

Patch Changes

4.47.2

Patch Changes

  • Optimize all images displayed within the Clerk components, such as Avatars, static OAuth provider assets etc. All images are now resized and compressed. Additionally, all images are automatically converted into more efficient formats (avif, webp) if they are supported by the user's browser, otherwise all images fall back to jpeg. (#1367) by @nikosdouvlis

  • Updated dependencies [59bc649a]:

    • @clerk/shared@0.19.1

4.47.1

Patch Changes

  • Updated dependencies [0d5caa84]:
    • @clerk/localizations@1.18.1

4.47.0

Minor Changes

  • Add base64 string support in Organization.setLogo (#1309) by @raptisj

  • Fix magic link flows for development instances when url-based session syncing is used. (#1343) by @alex-ntousias

Patch Changes

4.46.0

Minor Changes

  • Add missing appearance keys for the "Manage Organization" button within <OrganizationSwitcher/> by @nikosdouvlis

Patch Changes

  • Make first name, last name & password readonly for users with active SAML accounts by @nikosdouvlis

  • Load CF turnstile from FAPI by @nikosdouvlis

  • ESM/CJS support for @clerk/clerk-react by @nikosdouvlis

    Changes that should affect users and OS contributors:

    • Better source map support for @clerk/clerk-react, @clerk/shared. This affects anyone developing in our monorepo or anyone using a debugger with Clerk installed in their app.
    • Easier node_modules debugging as @clerk/clerk-react, @clerk/shared and @clerk/nextjs are no longer getting bundled as a single-file package. This also improves error logging in nextjs a lot, as nextjs usually logs the line that threw the error - a minified, single-file package, usually consists of a very long single-line module, so logging error in NextJS wasn't ideal.
    • Headless clerk-js bundle size reduced by ~10kb, normal clerk-ks by ~6kb
    • A new clerkJSVersion prop has been added on ClerkProvider allowing to fetch a specific clerk-js version.

  • Add support for dataURLs in User.setProfileImage by @nikosdouvlis

  • Support OTP autofill for Chrome on iOS by @nikosdouvlis

    • Fixes a bug preventing OTP being correctly autofilled when received via SMS

  • Preview known SAML error messages during failed Sign in/up flows by @nikosdouvlis

  • Updated dependencies [b66ea0a5, b66ea0a5, b66ea0a5, b66ea0a5]:

    • @clerk/localizations@1.17.1
    • @clerk/types@3.41.1
    • @clerk/shared@0.18.0

4.45.0 (2023-06-03)

Note: Version bump only for package @clerk/clerk-js

4.44.0 (2023-05-26)

Note: Version bump only for package @clerk/clerk-js

4.43.2 (2023-05-23)

Note: Version bump only for package @clerk/clerk-js

4.43.1 (2023-05-23)

Note: Version bump only for package @clerk/clerk-js

4.43.0 (2023-05-23)

Note: Version bump only for package @clerk/clerk-js

4.42.0 (2023-05-18)

Note: Version bump only for package @clerk/clerk-js

4.41.0 (2023-05-17)

Note: Version bump only for package @clerk/clerk-js

4.40.0 (2023-05-15)

Note: Version bump only for package @clerk/clerk-js

4.39.0 (2023-05-04)

Note: Version bump only for package @clerk/clerk-js

4.39.0-staging.5 (2023-05-04)

Features

  • clerk-js,types: Support sign in with SAML strategy (6da395f)
  • clerk-js,types: Support sign up with SAML strategy (6d9c93e)
  • clerk-js: Use allowed special characters for password from environment (dec0512)

Bug Fixes

  • clerk-js: Escape allowed_special_characters from FAPI (da6b683)

4.39.0-staging.3 (2023-05-02)

Features

  • clerk-js: Add resetPasswordFlow to SignIn resource (6155f5b)
  • clerk-js: Create page (3fbf8e7)
  • clerk-js: Introduce Reset Password flow (e903c4f)
  • clerk-js: Localize "Password don't match" field error (c573599)
  • clerk-js: Prepare Reset password field for complexity and strength (9736d94)
  • clerk-js: Reset password for first factor (280b5df)
  • clerk-js: Reset password MFA (5978756)

Bug Fixes

  • clerk-js,types: Remove after_sign_out_url as it not returned by FAPI (#1121) (d87493d)
  • clerk-js: Add error when preparing for reset_password_code (7ac766e)
  • clerk-js: Allow children to be passed in VerificationCodeCard (eb556f8)
  • clerk-js: Password settings maximum allowed length (bfcb799)
  • clerk-js: Remove forgotten console.log (823a0c0)
  • clerk-js: Update type of resetPasswordFlow in SignInResource (637b791)
  • clerk-js: Use redirectWithAuth after multi session signOut (928a206)

4.38.3 (2023-04-19)

Note: Version bump only for package @clerk/clerk-js

4.38.2 (2023-04-19)

Bug Fixes

  • clerk-js: Add resetPassword method as a core resource (fa70749)
  • clerk-js: Do not append __clerk_db_jwt if it already exists (2c9082a)
  • clerk-js: Refactor types for resetPassword (fd53901)

4.38.1 (2023-04-12)

Note: Version bump only for package @clerk/clerk-js

4.38.0 (2023-04-11)

Note: Version bump only for package @clerk/clerk-js

4.37.0 (2023-04-06)

Note: Version bump only for package @clerk/clerk-js

4.36.0 (2023-04-03)

Note: Version bump only for package @clerk/clerk-js

4.35.0 (2023-03-31)

Note: Version bump only for package @clerk/clerk-js

4.35.0-staging.3 (2023-03-31)

Bug Fixes

  • clerk-js: Run multidomain getters only in browser (ad10705)

4.34.1 (2023-03-29)

Note: Version bump only for package @clerk/clerk-js

4.34.0 (2023-03-29)

Bug Fixes

  • clerk-js: Bring back error for missing proxyUrlAndDomain (f1ebfd8)

4.32.0 (2023-03-10)

Note: Version bump only for package @clerk/clerk-js

4.31.0 (2023-03-09)

Note: Version bump only for package @clerk/clerk-js

4.30.1 (2023-03-07)

Note: Version bump only for package @clerk/clerk-js

4.30.0 (2023-03-07)

Note: Version bump only for package @clerk/clerk-js

4.29.1 (2023-03-03)

Note: Version bump only for package @clerk/clerk-js

4.29.0 (2023-03-01)

Note: Version bump only for package @clerk/clerk-js

4.28.1 (2023-02-25)

Note: Version bump only for package @clerk/clerk-js

4.28.1-staging.1 (2023-02-25)

Bug Fixes

  • clerk-js: Dispatch token update only for session token (fc6837b)

4.28.0 (2023-02-24)

Note: Version bump only for package @clerk/clerk-js

4.27.3-staging.3 (2023-02-22)

Bug Fixes

  • clerk-js: Pass unsafe metadata to sign up methods (e2510e6)

4.27.2 (2023-02-17)

Note: Version bump only for package @clerk/clerk-js

4.27.1 (2023-02-15)

Note: Version bump only for package @clerk/clerk-js

4.27.0 (2023-02-10)

Note: Version bump only for package @clerk/clerk-js

4.26.1 (2023-02-07)

Note: Version bump only for package @clerk/clerk-js

4.26.1-staging.0 (2023-02-07)

Note: Version bump only for package @clerk/clerk-js

4.26.0 (2023-02-07)

Note: Version bump only for package @clerk/clerk-js

4.25.0 (2023-02-01)

Bug Fixes

  • clerk-js: Do not discard relative redirect urls (#754) (6b227ff)

4.24.0 (2023-01-27)

Note: Version bump only for package @clerk/clerk-js

4.23.3 (2023-01-24)

Note: Version bump only for package @clerk/clerk-js

4.23.2 (2023-01-20)

Note: Version bump only for package @clerk/clerk-js

4.23.1 (2023-01-17)

Bug Fixes

  • clerk-js: Add missing dev instance suffix for new accounts.dev urls (cb2e516)

4.23.0 (2023-01-17)

Note: Version bump only for package @clerk/clerk-js

4.22.1 (2022-12-23)

Note: Version bump only for package @clerk/clerk-js

4.22.0 (2022-12-19)

Note: Version bump only for package @clerk/clerk-js

4.21.7 (2022-12-14)

Bug Fixes

  • clerk-js: Fix spacing between membership widget and members table (255d495)

4.21.6 (2022-12-13)

Note: Version bump only for package @clerk/clerk-js

4.21.5 (2022-12-12)

Note: Version bump only for package @clerk/clerk-js

4.21.4 (2022-12-12)

Note: Version bump only for package @clerk/clerk-js

4.21.3 (2022-12-09)

Note: Version bump only for package @clerk/clerk-js

4.21.2 (2022-12-08)

Reverts

  • Revert "feat(clerk-js,types): Terse paths parameters (#572)" (93bdff8), closes #572

4.21.1 (2022-12-08)

Note: Version bump only for package @clerk/clerk-js

4.21.0 (2022-12-08)

Bug Fixes

  • clerk-js: Tweak options spacing in organization switcher (b43dac2)
  • clerk-js: Tweak options spacing in organization switcher (c1f1a7c)

4.20.0 (2022-12-02)

Note: Version bump only for package @clerk/clerk-js

4.19.0 (2022-11-30)

Note: Version bump only for package @clerk/clerk-js

4.19.0-staging.2 (2022-11-30)

Bug Fixes

4.19.0-staging.1 (2022-11-30)

Bug Fixes

  • clerk-js: Treat unstablebilling props as functions or strings (3c8bf9c)

4.18.0 (2022-11-30)

Note: Version bump only for package @clerk/clerk-js

4.18.0-staging.8 (2022-11-30)

Bug Fixes

  • clerk-js: Rename billing widget (61a1a6a)
  • clerk-js: Rename memberships widget (20cf1e4)

4.18.0-staging.7 (2022-11-29)

Note: Version bump only for package @clerk/clerk-js

4.18.0-staging.6 (2022-11-29)

Bug Fixes

  • clerk-js: Fix cookieless logic (698740e)

4.17.0 (2022-11-25)

Note: Version bump only for package @clerk/clerk-js

4.17.0-staging.1 (2022-11-25)

Bug Fixes

  • clerk-js: Ensure #/ prefix for hashes (0243403)

4.16.2 (2022-11-25)

Note: Version bump only for package @clerk/clerk-js

4.16.1 (2022-11-23)

Bug Fixes

  • clerk-js: Add headless folder to final package (b22d6f9)

4.16.0 (2022-11-22)

Bug Fixes

  • clerk-js: Adjust picker text size in PhoneInput (5f6ec69)

4.16.0-staging.3 (2022-11-21)

Note: Version bump only for package @clerk/clerk-js

4.16.0-staging.2 (2022-11-21)

Features

  • clerk-js: Export all ClerkJS error utilities (c225288)
  • clerk-js: Improve DX for headless import (8d64310)

4.15.2 (2022-11-18)

Note: Version bump only for package @clerk/clerk-js

4.15.1 (2022-11-15)

Bug Fixes

  • clerk-js: Correct role change check in ActiveMembersList (3cf8b5e)

4.15.0 (2022-11-15)

Note: Version bump only for package @clerk/clerk-js

4.14.1 (2022-11-10)

Note: Version bump only for package @clerk/clerk-js

4.14.0 (2022-11-05)

Features

  • clerk-js,shared: Introduce private unstable__mutate to force mutate swr state (2a21dd8)
  • clerk-js: Introduce withOrganizationsEnabledGuard (00fc621)
  • clerk-js: Reset card error when navigating in OrganizationMembers (6a1e873)
  • clerk-js: Update avatar background color (7874110)
  • types,clerk-js: Introduce OrganizationSettings resource (455911f)

4.13.0 (2022-11-03)

Note: Version bump only for package @clerk/clerk-js

4.13.0-staging.4 (2022-11-02)

Note: Version bump only for package @clerk/clerk-js

4.13.0-staging.3 (2022-11-02)

Note: Version bump only for package @clerk/clerk-js

4.13.0-staging.2 (2022-11-02)

Note: Version bump only for package @clerk/clerk-js

4.13.0-staging.1 (2022-11-02)

Features

  • clerk-js,types: Organization invitation metadata (87764b8)
  • clerk-js: Add loaded to core Clerk instance (7c08a91)
  • clerk-js: Set up the InviteMembersPage for OrganizationProfile (882727f)

Bug Fixes

  • clerk-js: Add TabPanel tabIndex and remove outline (262499e)
  • clerk-js: Correctly truncate the name in the OrganizationProfile Navbar (fc06ec7)
  • clerk-js: Fallback to Default Gravatar when not provided an imageUrl (580a423)
  • clerk-js: Fix globalObject for UMD packaging (7499207)
  • clerk-js: Prioritize focus of tabs when keyboard navigating (3f90c38)
  • clerk-js: Take into account enabled attributes and not first factors for Sign Up form (d3fdb1d)
  • clerk-js: Update the OrgSwitcher trigger when hidePersonal is true (8a0d8cd)
  • clerk-js: Wrap ImpersonationFab with withCoreSessionSwitchGuard (1d7cea9)
  • clerk-js: Wrap ImpersonationFab with withCoreUserGuard (7405f34)
  • clerk-react: Add frontendAPI on window as a fallback (06f8b37)

4.12.1 (2022-10-24)

Bug Fixes

  • clerk-js: Add missing localizationKey import (fb17eca)

4.12.0 (2022-10-24)

Note: Version bump only for package @clerk/clerk-js

4.11.0 (2022-10-14)

Features

  • types,clerk-js: List only authenticatable OAuth providers in Sign in/up components (4b3f1e6)

Bug Fixes

  • clerk-js: Replace avatar descriptor with avatarBox (65cab1f)

4.10.1 (2022-10-14)

Bug Fixes

  • shared: Version bump for shared (c0cebb5)

4.10.0 (2022-10-14)

Note: Version bump only for package @clerk/clerk-js

4.10.0-staging.1 (2022-10-13)

Features

  • clerk-js,clerk-react,types: Wire up OrganizationSwitcher and OrganizationProfile (1e34e69)
  • clerk-js: Add table and pagination elements (cb56f5c)
  • clerk-js: Fade in text for ImpersonationFab (25c24b2)
  • clerk-js: Introduce Menu element (f4b4586)
  • clerk-js: Introduce Select element and use it in PhoneInput (9619bfe)
  • clerk-js: Make the whole ImpersonationFab draggable (85d65f8)
  • clerk-js: Replace Switch Account text with icon (1262f1b)

Bug Fixes

  • clerk-js: Add appearance customization support for avatar gradient (96cde45)
  • clerk-js: Add default colors for avatar (703fbd9)
  • clerk-js: Add global not_allowed_access error to localization prop (0313fe5)
  • clerk-js: Consistent ImpersonationFab drag behaviour in mobile (b53d0a8)
  • clerk-js: Extract BoringAvatar library module (ca5420b)
  • clerk-js: Fix useSupportEmail.test.tsx (52bb1cb)
  • clerk-js: Implement tabs components (d9428cd)
  • clerk-js: Improve keyboard nav and handle disabled tabs order of focus (ae87f00)
  • clerk-js: Introduce FullHeightLoader element and replace Spinner in UserProfile (121d697)
  • clerk-js: Make global errors localizable (e674272)
  • clerk-js: Make translateError fallback to longMessage first (78627ca)
  • clerk-js: Minor refactor in naming and types (8e1d32b)
  • clerk-js: Remove redundant code (49c97e2)
  • clerk-js: Replace gravatar with Boring avatar (7f2e2b6)

4.9.0 (2022-10-07)

Note: Version bump only for package @clerk/clerk-js

4.8.1 (2022-10-05)

Note: Version bump only for package @clerk/clerk-js

4.8.0 (2022-10-03)

Features

  • clerk-js: Add open prop in user button (6ae7f42)

Bug Fixes

  • clerk-js: Refactor defaultOpen prop (1d7b0a9)
  • clerk-js: Refactor isOpen prop (044860f)

4.7.0 (2022-09-29)

Note: Version bump only for package @clerk/clerk-js

4.6.1 (2022-09-25)

Note: Version bump only for package @clerk/clerk-js

4.6.0 (2022-09-24)

Note: Version bump only for package @clerk/clerk-js

4.5.0 (2022-09-22)

Note: Version bump only for package @clerk/clerk-js

4.4.1 (2022-09-19)

Bug Fixes

  • clerk-js: Add missing applicationName param to signUp.continue.subtitle (1a41709)
  • clerk-js: Add missing applicationName param to signUp.emailLink.subtitle (bd5c8f2)
  • clerk-js: Stop infinite TOTP re-renders by removing user from the deep array (dc935bb)
  • clerk-js: Typo on remove phone number page (5fa86a4)

4.4.0 (2022-09-16)

Bug Fixes

  • clerk-js: Add missing applicationName param to signUp.continue.subtitle (1a41709)
  • clerk-js: Stop infinite TOTP re-renders by removing user from the deep array (dc935bb)

4.3.5 (2022-09-07)

Note: Version bump only for package @clerk/clerk-js

4.3.4 (2022-09-07)

Note: Version bump only for package @clerk/clerk-js

4.3.3 (2022-09-03)

Note: Version bump only for package @clerk/clerk-js

4.3.2 (2022-09-02)

Note: Version bump only for package @clerk/clerk-js

4.3.1 (2022-08-29)

Note: Version bump only for package @clerk/clerk-js

4.3.0 (2022-08-29)

Note: Version bump only for package @clerk/clerk-js

4.2.2 (2022-08-24)

Note: Version bump only for package @clerk/clerk-js

4.2.1 (2022-08-18)

Note: Version bump only for package @clerk/clerk-js

4.2.0 (2022-08-18)

Note: Version bump only for package @clerk/clerk-js

4.2.0-staging.1 (2022-08-18)

Bug Fixes

  • clerk-js: Minor cleanup (d44a8a9)

4.1.1 (2022-08-16)

Note: Version bump only for package @clerk/clerk-js

4.1.0 (2022-08-11)

Note: Version bump only for package @clerk/clerk-js

4.0.2 (2022-08-09)

Bug Fixes

  • clerk-js: Improve invalid color error (715d21c)
  • clerk-js: Introduce more selectors (bf4c3b3)

4.0.1 (2022-08-07)

Note: Version bump only for package @clerk/clerk-js

4.0.0 (2022-08-05)

Note: Version bump only for package @clerk/clerk-js

3.17.0 (2022-08-04)

Features

  • clerk-js: Get support email from FAPI /v1/environment if exists (c9bb8d7)

3.16.4 (2022-07-13)

Note: Version bump only for package @clerk/clerk-js

3.16.3 (2022-07-12)

Note: Version bump only for package @clerk/clerk-js

3.16.2 (2022-07-07)

Note: Version bump only for package @clerk/clerk-js

3.16.1 (2022-07-06)

Note: Version bump only for package @clerk/clerk-js

3.16.0 (2022-07-01)

Features

  • types,clerk-js: Introduce user hasVerifiedEmailAddress & hasVerifiedPhoneNumber attributes (ea68447)

3.15.0 (2022-06-24)

Features

  • clerk-js: Add supportEmail property option (71eff74)

3.14.0 (2022-06-16)

Note: Version bump only for package @clerk/clerk-js

3.14.0-staging.1 (2022-06-16)

Bug Fixes

  • clerk-js: Default verification status to unverified if verification is missing (cac67a0)

3.13.3 (2022-06-15)

Note: Version bump only for package @clerk/clerk-js

3.13.2 (2022-06-07)

Note: Version bump only for package @clerk/clerk-js

3.13.1 (2022-06-06)

Bug Fixes

  • clerk-js: Fix new URL constructor (d0cc743)

3.13.0 (2022-06-06)

Note: Version bump only for package @clerk/clerk-js

3.12.0-staging.11 (2022-06-03)

Bug Fixes

  • clerk-js: Teach ClerkJS to work in expo again (5492b69)

3.12.0-staging.10 (2022-06-03)

Bug Fixes

  • clerk-js: Apply minor copywriting fixes (4a1dab4)
  • clerk-js: Apply minor copywriting fixes - pt2 (49c128b)

3.12.0-staging.9 (2022-06-03)

Bug Fixes

  • clerk-js: If organization is null, set the active org as null (f7bff5c)
  • clerk-js: Render SignUp form input errors if missing (bec968c)

3.12.0-staging.8 (2022-06-03)

Bug Fixes

  • clerk-js,types: Typo for MetaMask web3 provider name (922dcb5)
  • clerk-js: Improve removal page copyright for connected account and web3 wallet (bfdfbba)
  • clerk-js: Render UserProfile connected account section only if at least one provider is enabled (23a127f)

3.12.0-staging.7 (2022-06-02)

Features

  • clerk-js: Support multiple unverified identifiers during Sign up flow (3ec9dd5)
  • types,clerk-js: Support required/optional email/phone for Progressive sign up instances (13da457)

3.12.0-staging.6 (2022-06-01)

Features

  • types,clerk-js: Introduce web3 wallet operations in UserProfile (6570a87)

Bug Fixes

  • clerk-js: Do not show verification status badges for ext accnts on the user profile page (0fa4f46)
  • clerk-js: Emit changes in organization to listeners (798ee62)
  • clerk-js: Fixed bugs in setActive caused by new conditions on session (37f4010)
  • types,clerk-js: Same component navigate after OAuth flow with missing requirements (39ca6ce)

3.12.0 (2022-05-20)

Note: Version bump only for package @clerk/clerk-js

3.12.0-staging.4 (2022-05-20)

Bug Fixes

  • clerk-js: Refactor imports to stop bundling shared when not used (b0d5e73)

3.12.0-staging.3 (2022-05-19)

Bug Fixes

  • clerk-js: Fix password field display logic, fix margin between oauth & web3 providers (fe601a4)

3.12.0-staging.2 (2022-05-18)

Features

  • clerk-js: Make sign up flow resumable (bfe0d8c)
  • clerk-js: Make sign up flow resumable for Web3 providers (cf49066)
  • clerk-js: Replace Error & Info component with a single Alert component (8c34d21)
  • clerk-js: Session touch should include the active organization (664030c)
  • types,clerk-js: Enhance Web3 wallet resource with relevant operations (a166716)

Bug Fixes

  • clerk-js: Navigate to sign up continue in web3 (460ba1c)

3.12.0-staging.1 (2022-05-17)

Features

  • clerk-js: Make sign up flow resumable (bfe0d8c)
  • clerk-js: Make sign up flow resumable for Web3 providers (cf49066)
  • clerk-js: Replace Error & Info component with a single Alert component (8c34d21)
  • clerk-js: Session touch should include the active organization (664030c)

Bug Fixes

  • clerk-js: Navigate to sign up continue in web3 (460ba1c)

3.12.0-staging.0 (2022-05-16)

Features

  • clerk-js: Session touch should include the active organization (664030c)

3.11.0 (2022-05-13)

Features

  • clerk-js: Add shortcut to active org in Clerk singleton (03e68d4)

3.10.4 (2022-05-12)

Note: Version bump only for package @clerk/clerk-js

3.10.3 (2022-05-12)

Note: Version bump only for package @clerk/clerk-js

3.10.2 (2022-05-11)

Note: Version bump only for package @clerk/clerk-js

3.10.2-staging.1 (2022-05-11)

Bug Fixes

  • clerk-js: Use redirect_url across all auth flows (#229) (5dfdc2d)

3.10.1 (2022-05-06)

Note: Version bump only for package @clerk/clerk-js

3.10.0 (2022-05-05)

Note: Version bump only for package @clerk/clerk-js

3.9.0 (2022-04-28)

Features

  • clerk-js: Add members to organizations (d6787b6)
  • clerk-js: Delete organizations (7cb1bea)

3.8.0 (2022-04-22)

Note: Version bump only for package @clerk/clerk-js

3.7.1 (2022-04-19)

Note: Version bump only for package @clerk/clerk-js

3.7.1-staging.1 (2022-04-19)

Bug Fixes

  • clerk-js: Pass rotating_token_nonce correctly to FAPIClient (370cb0e)

3.7.0 (2022-04-18)

Features

  • clerk-js: Organization slugs (7f0e771)

3.6.1-alpha.0 (2022-04-15)

Note: Version bump only for package @clerk/clerk-js

3.6.0 (2022-04-15)

Note: Version bump only for package @clerk/clerk-js

3.5.0 (2022-04-13)

Note: Version bump only for package @clerk/clerk-js

3.4.2 (2022-04-11)

Bug Fixes

  • clerk-js: Set provider as busy when initiating oauth connection & prevent further clicks (a2faf0f)

3.4.1 (2022-04-07)

Bug Fixes

  • clerk-js: Hide unverified accts from profile, skip unverified accts w/o known error from list (ac28d0d)

3.4.0 (2022-04-04)

Note: Version bump only for package @clerk/clerk-js

3.3.0 (2022-03-31)

Features

  • clerk-react: Allow usernames to be optional (ea4583a)

3.2.2 (2022-03-29)

Note: Version bump only for package @clerk/clerk-js

3.2.1 (2022-03-28)

Note: Version bump only for package @clerk/clerk-js

3.2.0 (2022-03-24)

Note: Version bump only for package @clerk/clerk-js

3.2.0-staging.0 (2022-03-24)

Features

  • types,clerk-js,backend-core,clerk-react: Replace thrown error with null return in getToken (d972f93)

Bug Fixes

  • clerk-js: Force client update on resource reload (#143) (1dd0af2)

3.1.1-alpha.0 (2022-03-23)

Note: Version bump only for package @clerk/clerk-js

3.1.0-alpha.1 (2022-03-23)

Features

  • types,clerk-js: Allow connecting external accounts from the user profile page (180961b)

3.1.0-alpha.0 (2022-03-23)

Features

  • clerk-js,types: Rename UserButton params to afterSignOutUrl, afterMultiSessionSingleSignOutUrl (c4cb76a)

Bug Fixes

  • clerk-js: Stop parsing deprecated params from query strings (8280d96)

3.0.1-alpha.3 (2022-03-22)

Bug Fixes

  • clerk-expo: Setup createPageLifecycle only in browser environment (#133) (75bd5a1)
  • clerk-js: Add createdUserId attribute to SignUp (#132) (b1884bd)

3.0.1-alpha.2 (2022-03-22)

Bug Fixes

  • clerk-js,clerk-react: Move error to getToken (d5f6b26)
  • clerk-js: Fix signIn.prepareFirstFactor params (e435245)
  • clerk-js: Make getToken use /user endpoint for integration tokens (b61213b)
  • clerk-js: Show password only if required (cc687ea)

3.0.1-alpha.1 (2022-03-20)

Bug Fixes

  • clerk-js,clerk-react: Move error to getToken (d5f6b26)
  • clerk-js: Fix signIn.prepareFirstFactor params (e435245)
  • clerk-js: Make getToken use /user endpoint for integration tokens (b61213b)

3.0.1-alpha.0 (2022-03-19)

Bug Fixes

  • clerk-js,clerk-react: Move error to getToken (84d21ce)
  • clerk-js: Fix signIn.prepareFirstFactor params (e435245)
  • clerk-js: Make getToken use /user endpoint for integration tokens (b61213b)

3.0.0-alpha.9 (2022-03-11)

Note: Version bump only for package @clerk/clerk-js

3.0.0-alpha.8 (2022-02-28)

Features

  • types: Add support for oauth_microsoft (96c1cc6)

3.0.0-alpha.7 (2022-02-25)

Note: Version bump only for package @clerk/clerk-js

3.0.0-alpha.6 (2022-02-18)

Note: Version bump only for package @clerk/clerk-js

2.17.6 (2022-03-17)

Note: Version bump only for package @clerk/clerk-js

2.17.6-staging.1 (2022-03-17)

Note: Version bump only for package @clerk/clerk-js

2.17.4 (2022-03-11)

Note: Version bump only for package @clerk/clerk-js

2.17.3 (2022-03-09)

Note: Version bump only for package @clerk/clerk-js

2.17.1 (2022-03-04)

Bug Fixes

  • clerk-react,clerk-js,types: Crate of API feedback fixes (721ce72)

2.17.0 (2022-03-04)

Features

  • clerk-js,clerk-react: GetOrganization/s hook methods, fetching mechanism alignment (fc11087)
  • clerk-js: Add more attributes on organization models (af010ba)
  • clerk-js: Add organization basic resources (09f9012)
  • clerk-js: Add useOrganization hook (480c422)
  • clerk-js: Basic organization data shape tests (0ca9a31)
  • clerk-js: Invitation flow draft (d6faaab)
  • clerk-js: Sign up next draft and fixes (e2eef78)
  • clerk-js: SignUp with organization invitation flow draft (2a9edbd)
  • clerk-react,clerk-js: Add useOrganization hook using __unstable attribute (1635132)

Bug Fixes

  • clerk-js: Don't use ResizeObserver on old browsers (581c5cd)
  • types: Guarantee elements not in oauth sorting array will be sorted last (f3c2869)

2.16.1 (2022-03-03)

Bug Fixes

  • types: Consolidate oauth provider types (bce9ef5)

2.16.0 (2022-03-02)

Features

  • types,clerk-js: Introduce Notion OAuth (#72) (9e556d0)

Bug Fixes

  • clerk-js: Clear invalid invitation token value (0c5dc85)

2.15.0 (2022-03-01)

Features

  • types: Add support for oauth_microsoft (96c1cc6)

2.14.3 (2022-02-24)

Note: Version bump only for package @clerk/clerk-js

2.14.3-staging.0 (2022-02-24)

Features

  • clerk-js: Introduce UserSettings.instanceIsPasswordBased (f72a555)

Bug Fixes

  • clerk-js,clerk-react: Revert user settings work (9a70576)
  • clerk-js: Helpful error message for sign in without factors (9d8a050)
  • clerk-js: Import Clerk CSS after shared css modules/ components (dde2f3b)
  • clerk-js: Render instant password field for password-based instances only (586437f)
  • clerk-js: Render instant password field for password-based instances only (a9eefc9)

2.14.2-staging.0 (2022-02-22)

Features

  • clerk-js: Allow passing of object style search params on fapiclient (8144779)

2.14.1-staging.0 (2022-02-17)

Note: Version bump only for package @clerk/clerk-js

2.14.0-staging.0 (2022-02-16)

Features

  • clerk-js: Import all resources from internal.ts (#44) (5b8f6f8)

2.13.3-staging.0 (2022-02-15)

Features

  • clerk-js: Introduce with userSettings in SignIn (adccb35)
  • clerk-js: Introduce with userSettings in UserProfile (62dff26)
  • clerk-js: Refactor signUp utils to work with userSettings (0eb3352)
  • types: Introduce 'UserSettingsResource' (32fcf04)

2.13.2 (2022-02-14)

Bug Fixes

  • clerk-js: Remove unnecessary type assertions (f580d4a)

2.13.1 (2022-02-14)

Note: Version bump only for package @clerk/clerk-js

2.13.1-staging.0 (2022-02-11)

Bug Fixes

  • clerk-js: Prevent post auth redirects in Metamask flow (#31) (052ff1e)