@clerk/shared@4.0.0
Major Changes
-
Align experimental/unstable prefixes to use consistent naming: (#7361) by @brkalow
- Renamed all
__unstable_*methods to__internal_*(for internal APIs) - Renamed all
experimental__*andexperimental_*methods to__experimental_*(for beta features) - Removed deprecated billing-related props (
__unstable_manageBillingUrl,__unstable_manageBillingLabel,__unstable_manageBillingMembersLimit) andexperimental__forceOauthFirst
- Renamed all
-
Rename internal
useBillingHookEnabledtouseBillingIsEnabledwith improved semantics for authentication and organization context checks. (#7687) by @jacekradko -
Remove
useUserContext,useOrganizationContext,useSessionContextanduseClientContextfrom theshared/reactpackage. (#7772) by @EphemThese hooks have never been meant for public use and have been replaced with internal hooks that do not rely on context.
If you need access to these resources, use the
useUser,useOrganizationanduseSessionhooks instead.If you are building a React SDK and need direct access to the
client, get in touch with us to discuss! -
Updated returned values of
Clerk.checkout()anduseCheckout. (#7232) by @panteliselefVanilla JS
// Before const { getState, subscribe, confirm, start, clear, finalize } = Clerk.checkout({ planId: 'xxx', planPeriod: 'annual', }); getState().isStarting; getState().isConfirming; getState().error; getState().checkout; getState().fetchStatus; getState().status; // After const { checkout, errors, fetchStatus } = Clerk.checkout({ planId: 'xxx', planPeriod: 'annual' }); checkout.plan; // null or defined based on `checkout.status` checkout.status; checkout.start; checkout.confirm;
React
// Before const { id, plan, status, start, confirm, paymentSource } = useCheckout({ planId: 'xxx', planPeriod: 'annual' }); // After const { checkout, errors, fetchStatus } = usecCheckout({ planId: 'xxx', planPeriod: 'annual' }); checkout.plan; // null or defined based on `checkout.status` checkout.status; checkout.start; checkout.confirm;
-
Refactor React SDK hooks to subscribe to auth state via
useSyncExternalStore. This is a mostly internal refactor to unlock future improvements, but includes a few breaking changes and fixes. (#7411) by @EphemBreaking changes:
- Removes ability to pass in
initialAuthStatetouseAuth- This was added for internal use and is no longer needed
- Instead pass in
initialStateto the<ClerkProvider>, ordynamicif using the Next package - See your specific SDK documentation for more information on Server Rendering
Fixes:
- A bug where
useAuthwould sometimes briefly return theinitialStaterather thanundefined- This could in certain situations incorrectly lead to a brief
user: nullon the first page after signing in, indicating a signed out state
- This could in certain situations incorrectly lead to a brief
- Hydration mismatches in certain rare scenarios where subtrees would suspend and hydrate only after
clerk-jshad loaded fully
- Removes ability to pass in
-
Updating minimum version of Node to v20.9.0 (#6936) by @jacekradko
-
Remove deprecated
samlproperty fromUserSettingsin favor ofenterpriseSSO(#7063) by @LauraBeatris -
Remove deprecated
samlAccountin favor ofenterpriseAccount(#7258) by @LauraBeatris -
Remove
clerkJSVariantoption and headless bundle. UseprefetchUI={false}instead. (#7629) by @jacekradko -
Adjust features parsing to throw errors on unknown scopes. (#7754) by @dstaley
-
Remove deprecated
hideSlugin favor oforganizationSettings.slug.disabledsetting (#7283) by @LauraBeatrisSlugs can now be enabled directly from the Organization Settings page in the Clerk Dashboard
-
Remove
clerkJSUrl,clerkJSVersion,clerkUIUrl, andclerkUIVersionprops from all SDKs. To pin a specific version of@clerk/clerk-js, import theClerkconstructor from@clerk/clerk-jsand pass it toClerkProvidervia theClerkprop. To pin a specific version of@clerk/ui, importuifrom@clerk/uiand pass it via theuiprop. This bundles the modules directly with your application instead of loading them from the CDN. (#7879) by @jacekradko -
Remove all previously deprecated UI props across the Next.js, React and clerk-js SDKs. The legacy
afterSign(In|Up)Url/redirectUrlprops,UserButtonsign-out overrides, organizationhideSlugflags,OrganizationSwitcher'safterSwitchOrganizationUrl,Client.activeSessions,setActive({ beforeEmit }), and theClerkMiddlewareAuthObjecttype alias are no longer exported. Components now rely solely on the new redirect options and server-side configuration. (#7243) by @jacekradko -
Removed legacy subpath export mappings in favor of modern package.json
exportsfield configuration. Previously, these packages used a workaround to support subpath imports (e.g.,@clerk/shared/react,@clerk/expo/web). All public APIs remain available through the main package entry points. (#7925) by @jacekradko -
Removes now unused contexts
ClientContext,SessionContext,UserContextandOrganizationProvider. We do not anticipate public use of these. If you were using any of these, file an issue to discuss a path forward as they are no longer available even internally. (#7925) by @jacekradko -
Remove SWR hooks and env-based switchovers in favor of the React Query implementations; promote @tanstack/query-core to a runtime dependency. (#7568) by @jacekradko
-
Remove deprecated
samlstrategy in favor ofenterprise_sso(#7326) by @LauraBeatris -
getToken()now throwsClerkOfflineErrorinstead of returningnullwhen the client is offline. (#7598) by @bratsosThis makes it explicit that a token fetch failure was due to network conditions, not authentication state. Previously, returning
nullcould be misinterpreted as "user is signed out," potentially causing the cached token to be cleared.To handle this change, catch
ClerkOfflineErrorfromgetToken()calls:import { ClerkOfflineError } from '@clerk/react/errors'; try { const token = await session.getToken(); } catch (error) { if (ClerkOfflineError.is(error)) { // Handle offline scenario - show offline UI, retry later, etc. } throw error; }
-
Update
ClerkAPIError.kindvalue to match class name (#7509) by @kduprey -
Removing deprecated top-level exports from @clerk/shared (#6940) by @jacekradko
Minor Changes
-
Add support for email link based verification to SignUpFuture (#7745) by @dstaley
-
Surface organization creation defaults with prefilled form fields and advisory warnings (#7488) by @LauraBeatris
-
Don't display impersonation overlay for agents (#7933) by @tmilewski
-
Hide the "Remove" action from the last available 2nd factor strategy when MFA is required (#7729) by @octoper
-
Renames
mountTaskSetupMfaandunmountTaskSetupMfatomountTaskSetupMFAandunmountTaskSetupMFArespectively (#7859) by @octoper -
Add
unsafe_disableDevelopmentModeConsoleWarningoption to disable the development mode warning that's emitted to the console when Clerk is first loaded. (#7505) by @dstaley -
Add Frontend API proxy support via
frontendApiProxyoption inclerkMiddleware(#7602) by @brkalow -
Add support for email code MFA to SignInFuture (#7594) by @dstaley
-
Add additional verification fields to SignUpFuture. (#7666) by @dstaley
-
Add support for resetting a password via phone code. (#7824) by @dstaley
-
Disable role selection in
OrganizationProfileduring role set migration (#7534) by @LauraBeatris -
Display message in
TaskChooseOrganizationwhen user is not allowed to create organizations (#7486) by @LauraBeatris -
Add runtime version check in ClerkUi constructor to detect incompatible @clerk/clerk-js versions (#7667) by @bratsos
-
Add Safari ITP (Intelligent Tracking Prevention) cookie refresh support. (#7623) by @nikosdouvlis
Safari's ITP limits cookies set via JavaScript to 7 days. When a session cookie is close to expiring (within 8 days), Clerk now automatically routes navigations through a
/v1/client/touchendpoint to refresh the cookie via a full-page navigation, bypassing the 7-day cap.For developers using a custom
navigatecallback insetActive(), a newdecorateUrlfunction is passed to the callback. Use it to wrap your destination URL:await clerk.setActive({ session: newSession, navigate: ({ decorateUrl }) => { const url = decorateUrl('/dashboard'); window.location.href = url; }, });
The
decorateUrlfunction returns the original URL unchanged when the Safari ITP fix is not needed, so it's safe to always use it. -
Add
satelliteAutoSyncoption to optimize satellite app handshake behavior (#7597) by @nikosdouvlisSatellite apps currently trigger a handshake redirect on every first page load, even when no cookies exist. This creates unnecessary redirects to the primary domain for apps where most users aren't authenticated.
New option:
satelliteAutoSync(default:false)- When
false(default): Skip automatic handshake if no session cookies exist, only trigger after explicit sign-in action - When
true: Satellite apps automatically trigger handshake on first load (previous behavior)
New query parameter:
__clerk_sync__clerk_sync=1(NeedsSync): Triggers handshake after returning from primary sign-in__clerk_sync=2(Completed): Prevents re-sync loop after handshake completes
Backwards compatible: Still reads legacy
__clerk_synced=trueparameter.SSR redirect fix: Server-side redirects (e.g.,
redirectToSignIn()from middleware) now correctly add__clerk_sync=1to the return URL for satellite apps. This ensures the handshake is triggered when the user returns from sign-in on the primary domain.CSR redirect fix: Client-side redirects now add
__clerk_sync=1to all redirect URL variants (forceRedirectUrl,fallbackRedirectUrl) for satellite apps, not just the defaultredirectUrl.Usage
SSR (Next.js Middleware)
import { clerkMiddleware } from '@clerk/nextjs/server'; export default clerkMiddleware({ isSatellite: true, domain: 'satellite.example.com', signInUrl: 'https://primary.example.com/sign-in', // Set to true to automatically sync auth state on first load satelliteAutoSync: true, });
SSR (TanStack Start)
import { clerkMiddleware } from '@clerk/tanstack-react-start/server'; export default clerkMiddleware({ isSatellite: true, domain: 'satellite.example.com', signInUrl: 'https://primary.example.com/sign-in', // Set to true to automatically sync auth state on first load satelliteAutoSync: true, });
CSR (ClerkProvider)
<ClerkProvider publishableKey='pk_...' isSatellite={true} domain='satellite.example.com' signInUrl='https://primary.example.com/sign-in' // Set to true to automatically sync auth state on first load satelliteAutoSync={true} > {children} </ClerkProvider>
SSR (TanStack Start with callback)
import { clerkMiddleware } from '@clerk/tanstack-react-start/server'; // Options callback - receives context object, returns options export default clerkMiddleware(({ url }) => ({ isSatellite: true, domain: 'satellite.example.com', signInUrl: 'https://primary.example.com/sign-in', satelliteAutoSync: url.pathname.startsWith('/dashboard'), }));
Migration Guide
Behavior change:
satelliteAutoSyncdefaults tofalsePreviously, satellite apps would automatically trigger a handshake redirect on every first page load to sync authentication state with the primary domain—even when no session cookies existed. This caused unnecessary redirects to the primary domain for users who weren't authenticated.
The new default (
satelliteAutoSync: false) provides a better experience for end users. Performance-wise, the satellite app can be shown immediately without attempting to sync state first, which is the right behavior for most use cases.To preserve the previous behavior where visiting a satellite while already signed in on the primary domain automatically syncs your session, set
satelliteAutoSync: true:export default clerkMiddleware({ isSatellite: true, domain: 'satellite.example.com', signInUrl: 'https://primary.example.com/sign-in', satelliteAutoSync: true, // Opt-in to automatic sync on first load });
TanStack Start: Function props to options callback
The
clerkMiddlewarefunction no longer accepts individual props as functions. If you were using the function form for props likedomain,proxyUrl, orisSatellite, migrate to the options callback pattern.Before (prop function form - no longer supported):
import { clerkMiddleware } from '@clerk/tanstack-react-start/server'; export default clerkMiddleware({ isSatellite: true, // ❌ Function form for individual props no longer works domain: url => url.hostname, });
After (options callback form):
import { clerkMiddleware } from '@clerk/tanstack-react-start/server'; // ✅ Wrap entire options in a callback function export default clerkMiddleware(({ url }) => ({ isSatellite: true, domain: url.hostname, }));
The callback receives a context object with the
urlproperty (aURLinstance) and can return options synchronously or as a Promise for async configuration. - When
-
Introduce Keyless quickstart for TanStack. This allows the Clerk SDK to be used without having to sign up and paste your keys manually. (#7518) by @brkalow
-
Add
uiprop toClerkProviderfor passing@clerk/ui(#7664) by @jacekradko -
Introduce
<Show when={...}>as the cross-framework authorization control component and remove<Protect>,<SignedIn>, and<SignedOut>in favor of<Show>. (#7373) by @jacekradko -
Add standalone
getToken()function for retrieving session tokens outside of framework component trees. (#7325) by @bratsosThis function is safe to call from anywhere in the browser, such as API interceptors, data fetching layers (e.g., React Query, SWR), or vanilla JavaScript code. It automatically waits for Clerk to initialize before returning the token.
import { getToken } from '@clerk/nextjs'; // or any framework package
// Example: Axios interceptor
axios.interceptors.request.use(async (config) => {
const token = await getToken();
if (token) {
config.headers.Authorization =Bearer ${token};
}
return config;
}); -
Export
useOrganizationCreationDefaultshook to fetch suggested organization name and logo from default naming rules (#7694) by @LauraBeatris -
Revert sign up if missing changes to fix Enterprise SSO captcha (#7962) by @dmoerner
-
Introduce
<UNSAFE_PortalProvider>component which allows you to specify a custom container for Clerk floating UI elements (popovers, modals, tooltips, etc.) that use portals. Only Clerk components within the provider will be affected, components outside the provider will continue to use the default document.body for portals. (#7310) by @alexcarpenterThis is particularly useful when using Clerk components inside external UI libraries like Radix Dialog or React Aria Components, where portaled elements need to render within the dialog's container to remain interact-able.
'use client'; import { useRef } from 'react'; import * as Dialog from '@radix-ui/react-dialog'; import { UNSAFE_PortalProvider, UserButton } from '@clerk/nextjs'; export function UserDialog() { const containerRef = useRef<HTMLDivElement>(null); return ( <Dialog.Root> <Dialog.Trigger>Open Dialog</Dialog.Trigger> <Dialog.Portal> <Dialog.Overlay /> <Dialog.Content ref={containerRef}> <UNSAFE_PortalProvider getContainer={() => containerRef.current}> <UserButton /> </UNSAFE_PortalProvider> </Dialog.Content> </Dialog.Portal> </Dialog.Root> ); }
Patch Changes
-
Add
resetmethod to the sign-in resource. (#7606) by @alexcarpenter -
Add JSDoc comments to BillingNamespace methods (#7554) by @dstaley
-
Add development-mode warning when users customize Clerk components using structural CSS patterns (combinators, positional pseudo-selectors, etc.) without pinning their
@clerk/uiversion. This helps users avoid breakages when internal DOM structure changes between versions. (#7590) by @brkalow -
Add
resetmethod to the new signUp resource. (#7606) by @alexcarpenter -
Fix Stripe elements not loading by removing the
billingEnabledgate fromuseStripeClerkLibs(#7639) by @jacekradko -
Rename dev browser APIs to remove JWT terminology. The dev browser identifier is now a generic ID, so internal naming has been updated to reflect this. No runtime behavior changes. (#7930) by @brkalow
-
Apply application name to Coinbase Wallet requests (#7543) by @tmilewski
-
Fix issue where
signUp.verifications.sendPhoneCode()expected to be provided aphoneNumber. (#7869) by @dstaley -
useAuth().getTokenis no longerundefinedduring server-side rendering, it is a function and calling it will throw. (#7730) by @Ephem- If you are only using
getTokeninuseEffect, event handlers or with non-suspenseful data fetching libraries, no change is necessary as these only trigger on the client. - If you are using suspenseful data fetching libraries that do trigger during SSR, you likely have strategies in place to avoid calling
getTokenalready, since this has never been possible. - If you are using
getToken === undefinedchecks to avoid calling it, know that it will now throw instead and you should catch and handle the error.
async function doThingWithToken(getToken: GetToken) { try { const token = await getToken(); // Use token } catch (error) { if (isClerkRuntimeError(error) && error.code === 'clerk_runtime_not_browser') { // Handle error } } }
To access auth data server-side, see the
Authobject reference doc. - If you are only using
-
Fix issue where an argument to
signIn.emailCode.send()was marked as required. (#7953) by @dstaley -
Export SignUpFutureAdditionalParams type. (#7593) by @dstaley
-
Display message for
user_deactivatederror code onSignInandSignUp(#7810) by @NicolasLopes7 -
Use named types for function parameters in the Billing namespace. (#7592) by @dstaley
-
Fix TypeScript issue where
signIn.phoneCode.sendCodeexpected an argument. (#7918) by @dstaley -
Fix
useClearQueriesOnSignOuthook to comply with React Rules of Hooks (#7568) by @jacekradko -
Updated reference links in comments (#7475) by @alexisintech
-
Remove CHIPS build variant and use
partitioned_cookiesenvironment flag from the Clerk API to control partitioned cookie behavior at runtime. (#7916) by @brkalow -
Use
globalThisinstead ofglobalinisomorphicBtoaandisomorphicAtobfor cross-platform compatibility (#7649) by @jacekradko -
Add shared React variant to reduce bundle size when using
@clerk/react. (#7601) by @brkalowIntroduces a new
ui.shared.browser.jsbuild variant that externalizes React dependencies, allowing the host application's React to be reused instead of bundling a separate copy. This can significantly reduce bundle size for applications using@clerk/react.New features:
@clerk/ui/registermodule: Import this to register React onglobalThis.__clerkSharedModulesfor sharing with@clerk/uiclerkUIVariantoption: Set to'shared'to use the shared variant (automatically detected and enabled for compatible React versions in@clerk/react)
For
@clerk/reactusers: No action required. The shared variant is automatically used when your React version is compatible.For custom integrations: Import
@clerk/ui/registerbefore loading the UI bundle, then setclerkUIVariant: 'shared'in your configuration. -
Ensure
useAuth().hasis always defined by defaulting to false when auth data is missing. (#7458) by @jacekradko -
Add
subtitle__createOrganizationDisabledlocalization key shown in the choose organization task when users cannot create organizations (#7561) by @LauraBeatris -
Use
globalThisinstead ofglobalinencodeB64(#7648) by @jacekradko -
Fix issue were
sendPhoneCodemethod was incorrectly requiring a parameter. (#7898) by @dstaley -
Add missing
usernameproperty toPublicUserDatainterface (#7838) by @manovotny