Skip to content

feat(express,fastify,tanstack-react-start,react-router): Support machine auth tokens in getAuth()#6067

Merged
wobsoriano merged 20 commits intomainfrom
rob/user-2079-sdk-machine-auth
Jun 6, 2025
Merged

feat(express,fastify,tanstack-react-start,react-router): Support machine auth tokens in getAuth()#6067
wobsoriano merged 20 commits intomainfrom
rob/user-2079-sdk-machine-auth

Conversation

@wobsoriano
Copy link
Member

@wobsoriano wobsoriano commented Jun 5, 2025
edited
Loading

Description

This PR is a continuation of the main Machine Authentication PR but focuses on adding the type of token option to getAuth() helper across SDKs. This is still backwards compat, and set to session_token by default.

Before:

const authObject = getAuth(req)

After:

const authObject = getAuth(req, { acceptsToken: 'sesion_token'  }) // session_token is the default to maintain backwards compat

const authObject = getAuth(req, { acceptsToken: 'api_key'  })
const authObject = getAuth(req, { acceptsToken: ['api_key', 'session_token', 'machine_token', 'oauth_token']  })

Checklist

  • pnpm test runs as expected.
  • pnpm build runs as expected.
  • (If applicable) JSDoc comments have been added or updated for any package exports
  • (If applicable) Documentation has been updated

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

@changeset-bot
Copy link

changeset-bot bot commented Jun 5, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 4c9d741

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 11 packages
Name Type
@clerk/backend Patch
@clerk/nextjs Patch
@clerk/tanstack-react-start Minor
@clerk/express Minor
@clerk/react-router Minor
@clerk/fastify Minor
@clerk/agent-toolkit Patch
@clerk/astro Patch
@clerk/nuxt Patch
@clerk/remix Patch
@clerk/testing Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel
Copy link

vercel bot commented Jun 5, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
clerk-js-sandbox ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 5, 2025 6:13pm

@wobsoriano wobsoriano changed the title feat(express): Add machine auth option feat(express,fastify): Add machine auth option Jun 5, 2025
@wobsoriano
Copy link
Member Author

wobsoriano commented Jun 5, 2025

!snapshot

@clerk-cookie
Copy link
Collaborator

clerk-cookie commented Jun 5, 2025

Hey @wobsoriano - the snapshot version command generated the following package versions:

Package Version

Tip: Use the snippet copy button below to quickly install the required packages.

@clerk clerk deleted a comment from clerk-cookie Jun 5, 2025
@wobsoriano wobsoriano marked this pull request as ready for review June 5, 2025 03:49
@wobsoriano wobsoriano marked this pull request as draft June 5, 2025 03:49
@wobsoriano wobsoriano marked this pull request as ready for review June 5, 2025 03:51
@wobsoriano wobsoriano changed the title feat(express,fastify) - Add machine auth option feat(express,fastify,tanstack-react-start,react-router) - Support machine auth tokens in getAuth() Jun 5, 2025
@wobsoriano wobsoriano changed the title feat(express,fastify,tanstack-react-start,react-router) - Support machine auth tokens in getAuth() feat(express,fastify,tanstack-react-start,react-router): Support machine auth tokens in getAuth() Jun 5, 2025
@wobsoriano wobsoriano marked this pull request as ready for review June 5, 2025 05:45
@pkg-pr-new
Copy link

pkg-pr-new bot commented Jun 5, 2025
edited
Loading

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@6067

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@6067

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@6067

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@6067

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@6067

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@6067

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@6067

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@6067

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@6067

@clerk/express

npm i https://pkg.pr.new/@clerk/express@6067

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@6067

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@6067

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@6067

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@6067

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@6067

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@6067

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@6067

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@6067

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@6067

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@6067

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@6067

@clerk/types

npm i https://pkg.pr.new/@clerk/types@6067

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@6067

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@6067

commit: 4c9d741

LekoArts
LekoArts reviewed Jun 5, 2025
View reviewed changes
Copy link
Contributor

@LekoArts LekoArts left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally LGTM

packages/express/src/__tests__/getAuth.test.ts
const req = mockRequestWithAuth({ userId: 'user_12345' });
expect(getAuth(req)).toHaveProperty('userId', 'user_12345');
});

Copy link
Contributor

@LekoArts LekoArts Jun 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we wanna add a test case that asserts that the default acceptsToken is 'any'?

Copy link
Member Author

@wobsoriano wobsoriano Jun 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the actual authenticateRequest() call is using 'any' and cannot be overridden. Meaning any session or machine request will be verified.

However, the acceptsToken in getAuth() (which defaults to session_token) is used after authentication to filter or coerce the returned auth object to match the expected type.

Copy link
Contributor

@LekoArts LekoArts Jun 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, sorry, I misread lol. The changeset is saying what you're saying. So never mind :)

@wobsoriano wobsoriano requested a review from tmilewski June 6, 2025 15:04
@wobsoriano wobsoriano merged commit 2148166 into main Jun 6, 2025
66 of 68 checks passed
@wobsoriano wobsoriano deleted the rob/user-2079-sdk-machine-auth branch June 6, 2025 16:22
@clerk-cookie clerk-cookie mentioned this pull request Jun 6, 2025
Merged
@wobsoriano wobsoriano mentioned this pull request Jun 6, 2025
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tmilewski tmilewski tmilewski approved these changes

+1 more reviewer

@LekoArts LekoArts LekoArts left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backend express fastify nextjs react-router tanstack

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@wobsoriano @clerk-cookie @tmilewski @LekoArts