# Clerk Blog — Guides — Page 2 # A practical guide to testing Clerk Next.js applications URL: https://clerk.com/blog/testing-clerk-nextjs.md Date: 2025-04-11 Category: Guides Description: An example-packed guide to writing effective tests for Clerk applications, covering everything from integration testing with React Testing Library to end-to-end testing using Playwright. We understand that writing tests isn't the most exciting part of development. That's why they are often shelved as "tech debt" or pushed to the bottom of the priority list. But it's not just about motivation - writing good tests is *hard*. You might wonder: - What do I test? - How do I test it? - Should I write integration tests or end-to-end tests? - How do I mock Clerk? This post addresses these challenges directly to help you develop a meaningful testing strategy for your Next.js application using Clerk. By the end, you'll be equipped to test critical authentication flows by mocking Clerk's API in integration tests. You'll also learn how to incorporate end-to-end tests and simulate real-world user interactions with your application to make sure that your application works (and continues to work) as it should in production. ## Meet Pup Party This post demonstrates how to add comprehensive tests to a sample application called Pup Party. Pup Party allows dog owners to rate and discover dog-friendly cafes and restaurants. Users can evaluate venues as "Pup-approved" or "Pup-fail" based on criteria such as dog-friendliness, ambiance, and the quality of dog treats. To follow along and implement tests step-by-step, download the starter code and follow the set up instructions [here](https://github.com/bookercodes/testing-clerk-nextjs-apps-example). Alternatively, you can study the complete source code, including tests, [here](https://github.com/bookercodes/testing-clerk-nextjs-apps-example/tree/finished). ## Choosing the right testing approach Before we dive in, it's important to take a moment to think about what exactly you should be testing and the types of tests that will be most effective. This planning step is crucial, as it guides you in creating tests that are not only meaningful but also efficient to run and maintain. I've seen teams fall into three common traps: 1. Over-relying on unit tests that focus too much on internals 2. Struggling to scale and manage integration tests effectively due to a reliance on brittle test data and overly complex test logic 3. Over-investing in E2E tests, leading to slow, flaky test suites that bog down development So, what's the right approach? In this post, we turn to [Kent C. Dodds](https://kentcdodds.com/) and his [testing trophy](https://kentcdodds.com/blog/the-testing-trophy-and-testing-classifications): - Write mostly integration tests - Supplement with well-placed E2E tests - Don't overdo it Following Kent's testing philosophy, this post primarily focuses on integration tests and later addresses E2E tests for critical user paths. ## Integration tests To write integration tests, you will be using two essential tools: - **[Jest](https://jestjs.io)**: A test runner and assertion framework to structure and execute your integration tests. - **[React Testing Library (RTL)](https://testing-library.com/docs/react-testing-library/intro/)**: A popular testing framework for React applications that encourages testing components from the user's perspective, while still supporting the use of [Jest mocks](https://jestjs.io/docs/mock-functions) where necessary. ### Set up Jest and RTL Start by installing these dev dependencies: ```bash {{ filename: 'Terminal' }} npm install --save-dev jest \ @types/jest \ @testing-library/react \ @testing-library/jest-dom \ @testing-library/dom \ @testing-library/user-event \ jest-environment-jsdom \ next-router-mock ``` Add a `test:jest` script to `package.json`: ```json {{ filename: './package.json', ins: [6], prettier: false }} "scripts": { "dev": "next dev", "build": "next build", "start": "next start", "lint": "next lint", "test:jest": "jest", }, ``` Add a `jest.config.ts` file to the root of your project: ```typescript {{ filename: './jest.config.ts' }} import type { Config } from 'jest' import nextJest from 'next/jest.js' const createJestConfig = nextJest({ dir: './', }) const config: Config = { clearMocks: true, testEnvironment: 'jsdom', setupFilesAfterEnv: ['/jest.setup.ts'], // Map next-router-mock to the next/navigation module it mocks // Learn more - https://github.com/scottrippey/next-router-mock moduleNameMapper: { '^next/navigation$': 'next-router-mock', }, } export default createJestConfig(config) ``` Create a `jest.setup.ts` file in the root of your project to globally import @testing-library/jest-dom, which enhances Jest with custom matchers for more intuitive and readable DOM assertions: ```typescript {{ filename: './jest.setup.ts' }} import '@testing-library/jest-dom' ``` In the ` ./tsconfig.json` file, add `"jest"` to the `types` array: ```json {{ filename: './tsconfig.json', ins: [3] }} { "compilerOptions": { "types": ["jest"] } } ``` Finally, create a ` ./__tests__` directory in your root folder. Within this directory, add an empty `index.test.tsx` file - this is where you'll set up your mocks, configure helpers, and write your integration tests in the next section. #### Set up your mocks and helpers In your integration tests, you should avoid making actual network calls, including to Clerk. Network calls can introduce variability and slow down your test suite, making it harder to achieve consistent and fast test results. Instead, you should [mock](https://stackoverflow.com/a/2666006) these libraries to control their behavior in your tests and keep your integration test suite lean. > \[!IMPORTANT] > > It's a best practice to avoid writing integration tests for the internals of third-party libraries like Clerk, as they already have their own tests. Below is the code to mock @clerk/nextjs, which allows you to simulate its behavior and focus on testing your application's logic without relying on external dependencies. Additionally, a helper function called `renderWithProviders` is defined. This function takes an `isSignedIn` argument, allowing you to simulate authenticated and unauthenticated user states in your tests. ```tsx {{ filename: './__tests__/index.test.tsx' }} import { render, screen, waitFor } from '@testing-library/react' import { ReactNode } from 'react' import SubmitReviewPage from '../app/submit-review/page' import { ClerkProvider, useAuth } from '@clerk/nextjs' import { MemoryRouterProvider } from 'next-router-mock/MemoryRouterProvider/next-13.5' import { userEvent } from '@testing-library/user-event' jest.mock('@clerk/nextjs', () => { const originalModule = jest.requireActual('@clerk/nextjs') return { ...originalModule, useAuth: jest.fn(() => ({ userId: null })), SignIn: () =>
Sign In Component
, ClerkProvider: ({ children }: { children: ReactNode }) =>
{children}
, } }) const TestProviders = ({ isLoggedIn = false, children, }: { isLoggedIn?: boolean children: ReactNode }) => { ;(useAuth as jest.Mock).mockReturnValue({ userId: isLoggedIn ? 'user-id' : null }) // Here, we wrap our component in the ClerkProvider and MemoryRouterProvider to provide the necessary context for our tests. // MemoryRouterProvider is used to mock the Next.js router, // which is necessary for testing components that use the router. return ( {children} ) } const renderWithProviders = (ui: ReactNode, isLoggedIn?: boolean) => { return render({ui}) } ``` > \[!NOTE] > > The details about next-router-mock are outside the scope of this post, but you can learn more about it in the library's [documentation](https://github.com/scottrippey/next-router-mock) for a deeper understanding. Now that you have Jest and RTL configured, along with your mocks and test context provider, it's time to write some meaningful integration tests! You will implement three integration tests for Pup Party. For each test scenario, you'll read a definition of the requirements in plain text before implementing code to programmatically test the expected behavior and protect against regressions. ### Test case 1: Unauthenticated users cannot submit a review If an unauthenticated user tries to access the submission page, they should be redirected to the sign-in page. Here's the test implementation, along with comments explaining each notable line. Add it to the bottom of index.test.tsx: ```tsx {{ filename: './__tests__/index.test.tsx', ins: [[3, 31]] }} // Add below the previous snippet at the bottom of the file describe('Submit Review Page', () => { // Grouping tests related to unauthenticated user scenarios describe('When a user is unauthenticated', () => { const isLoggedIn = false it('redirects them to sign in when they try to access the review submission page', async () => { // Render the SubmitReviewPage component with the user not logged in renderWithProviders(, isLoggedIn) // Wait for the sign-in element to appear, indicating a redirect to sign-in waitFor( () => { expect(screen.getByTestId('clerk-sign-in')).toBeInTheDocument() }, { timeout: 5000 }, // Timeout after 5 seconds if the element doesn't appear ) // Ensure the review submission prompt is not visible, confirming the redirect waitFor( () => { expect( screen.queryByText('Review how dog-friendly this restaurant is!'), ).not.toBeInTheDocument() }, { timeout: 5000 }, // Timeout after 5 seconds if the element is still visible ) }) }) }) ``` In this test, an unauthenticated user's experience on the `` is simulated by setting ` isSignedIn` to ` false` and passing it as the second argument to our ` renderWithProviders` function. The [`waitFor`](https://testing-library.com/docs/dom-testing-library/api-async/#waitfor) utility from React Testing Library is used to verify that the UI updates correctly after state changes, specifically ensuring the user is redirected to the sign-in page and cannot access the review submission content. > \[!TIP] > You can see the complete test file [here](https://github.com/bookercodes/testing-clerk-nextjs-apps-example/blob/finished/__tests__/index.test.tsx) and reference it if you're following along and need help figuring out where things go. ### Test case 2: Authenticated users can successfully submit a valid review When a signed-in user submits valid details in the review form, the form should process successfully and then display a confirmation message. Here's the test implementation: ```tsx {{ filename: './__tests__/index.test.tsx', ins: [[6, 37]] }} describe('Submit Review Page', () => { describe('When a user is authenticated', () => { const isLoggedIn = true // Add beneath "it" function in previous snippet it('allows them to submit a review successfully', async () => { const user = userEvent.setup() renderWithProviders(, isLoggedIn) expect( await screen.findByText('Welcome to the Dog Friendly Restaurant Reviews form!'), ).toBeInTheDocument() expect(screen.queryByTestId('clerk-sign-in')).not.toBeInTheDocument() const reviewInput = await screen.findByRole('textbox', { name: /review/i, }) const ratingInput = await screen.findByRole('spinbutton', { name: /rating/i, }) await user.click(reviewInput) await user.type(reviewInput, 'Great place!') await user.click(ratingInput) await user.type(ratingInput, '5') await user.click(screen.getByText('Submit')) // expect the form to be cleared expect(screen.getByLabelText('Review')).toHaveValue('') expect(screen.getByLabelText('Rating')).toHaveValue // expect a success toast expect(await screen.findByText('Form submitted successfully!')).toBeInTheDocument() }) }) }) ``` In the code above, `isSignedIn` is set to `true` to simulate the experience of an authenticated user accessing Pup Party. The `userEvent` utilities are used to mimic user actions, such as clicking into a form input, typing, hitting "Submit", and viewing a success notification. > \[!TIP] > Use React Testing Library's selectors like [`findByRole`](https://testing-library.com/docs/queries/byrole/) and [`getByLabelText`](https://testing-library.com/docs/queries/bylabeltext/) to create more robust tests. > > This approach, compared to using selectors like `getElementById` or `querySelector`, avoids relying on rigid DOM structures in your queries and assertions. By focusing on the roles and labels, you reduce the likelihood of introducing test failures from UI layout changes. It also promotes the use of semantic HTML, thereby enhancing your application's accessibility. ### Test case 3: Authenticated users must submit valid reviews Requirements for the submission form: - When authenticated users add a rating that is less than zero, they should see a "Rating must be a number above 0" error appear next to the rating field - When authenticated users add a written review that is less than 5 characters long, they should see a "Review must be at least 5 characters" error appear next to the review field - If authenticated users submit the form without correcting the errors, the form fields should retain the original values along with their error messages, and an additional "Please fix the errors in the form!" will be displayed to the user Here's the test code that checks these requirements: ```tsx {{ filename: './__tests__/index.test.tsx', ins: [[5, 41], [43, 80]] }} describe('Submit Review Page', () => { describe('When a user is authenticated', () => { const isLoggedIn = true it('displays error messages when the user adds a rating that is less than 0', async () => { const user = userEvent.setup() renderWithProviders(, isLoggedIn) expect( await screen.findByText('Welcome to the Dog Friendly Restaurant Reviews form!'), ).toBeInTheDocument() expect(screen.queryByTestId('clerk-sign-in')).not.toBeInTheDocument() // Note the use of findByRole, as well as async/await. Role lookup is based on the role attribute, which is used to describe the purpose of an element. // This is useful for accessibility. const reviewInput = await screen.findByRole('textbox', { name: /review/i, }) const ratingInput = await screen.findByRole('spinbutton', { // Note: can also find by Label! name: /rating/i, }) await user.click(reviewInput) await user.type(reviewInput, 'Great place!') await user.click(ratingInput) await user.type(ratingInput, '-1') expect(await screen.findByText('Rating must be a number above 0')).toBeInTheDocument() await user.click(screen.getByText('Submit')) // Note the use of getByLabelText to find the input field by its label text, which helps with accessibility. expect(screen.getByLabelText('Review')).toHaveValue('Great place!') expect(screen.getByLabelText('Rating')).toHaveValue(-1) // expect an error message expect(await screen.findByText('Please fix the errors in the form!')).toBeInTheDocument() }) it('displays error messages when the user adds a review that is less than 5 characters', async () => { const user = userEvent.setup() renderWithProviders(, isLoggedIn) // Note here the user of findByText based on the page's text content as viewed by the user. expect( await screen.findByText('Welcome to the Dog Friendly Restaurant Reviews form!'), ).toBeInTheDocument() // Note the use of queryByTestId to check for non-existence. expect(screen.queryByTestId('clerk-sign-in')).not.toBeInTheDocument() // Note the use of findByRole, as well as async/await. const reviewInput = await screen.findByRole('textbox', { name: /review/i, }) const ratingInput = await screen.findByRole('spinbutton', { // Note: can also find by Label! name: /rating/i, }) await user.click(reviewInput) await user.type(reviewInput, 'ok') await user.click(ratingInput) await user.type(ratingInput, '5') expect(await screen.findByText('Review must be at least 5 characters')).toBeInTheDocument() await user.click(screen.getByText('Submit')) // Expect the form to be cleared expect(screen.getByLabelText('Review')).toHaveValue('ok') expect(screen.getByLabelText('Rating')).toHaveValue(5) // Expect an error message expect(await screen.findByText('Please fix the errors in the form!')).toBeInTheDocument() }) }) }) ``` > \[!NOTE] > While the previous examples used a single test, here you've created separate tests for each validation error case, making it easier to identify and debug specific failures. This code simulates a user interaction where an invalid review is submitted. It sets up a user event, renders the `` for an authenticated user, and then mimics user actions of submitting a valid review but an invalid rating. The `async` and `await` syntax is used to ensure that each action and corresponding assertion happens in the correct order, as some operations are asynchronous and need to complete before the next action or assertion takes place. ### Running the integration tests Execute your integration tests by running `test:jest`: ```bash {{ filename: 'Terminal' }} npm run test:jest ``` This script, defined earlier, will run the tests and display the results in your terminal: ![./jest-results.png](./jest-results.png) ## End-to-end tests Having implemented integration tests, let's turn our attention to end-to-end (E2E) tests. > \[!NOTE] > Integration tests focus on verifying that specific components interact correctly with each other, while E2E tests validate complete user workflows across an entire application in production-like environments. > > Both are necessary because integration tests provide faster, more targeted feedback about component interactions during development, while E2E tests ensure the complete system functions properly from a user's perspective before release. > > [Learn more](https://microsoft.github.io/code-with-engineering-playbook/automated-testing/e2e-testing/) about end-to-end tests. Unlike integration tests that mock Clerk, E2E tests interact with Clerk directly to simulate production conditions. To write E2E tests, you will be using two essential tools: - **[Playwright](https://playwright.dev/)**: A powerful automation framework that allows you to perform end-to-end testing across multiple browsers. It offers comprehensive features for simulating user interactions and validating web applications. - **[@clerk/testing](https://www.npmjs.com/package/@clerk/testing)**: This utility offers helpful tools specifically designed for testing Clerk applications. ### Set up Playwright and @clerk/testing Start by create a new directory called `./e2e` - this is where you'll write your E2E in the upcoming section. Install `@clerk/testing` as a dev dependency: ```bash {{ filename: 'Terminal' }} npm install @clerk/testing --save-dev ``` Initialize and install Playwright: ```bash {{ filename: 'Terminal' }} npm init playwright ``` Choose the following options when prompted: ```bash {{ filename: 'Terminal' }} > Do you want to use TypeScript or JavaScript? → TypeScript > Where to put your end-to-end tests? → e2e > Add a GitHub Actions workflow? → N > Install Playwright browsers? → Y ``` > \[!NOTE] > > `npm init playwright` automatically installs Playwright as a dev dependency and creates a default `playwright.config.ts` file Replace the contents of `./playwright.config.ts` to configure Playwright for end-to-end testing: ```typescript {{ filename: './playwright.config.ts' }} import { defineConfig } from '@playwright/test' // Set the port for the server const PORT = process.env.PORT || 3000 // Set webServer.url and use.baseURL with the location of the WebServer // respecting the correct set port const baseURL = `http://localhost:${PORT}` export default defineConfig({ // Look for tests in the "e2e" directory testDir: './e2e', // Set the number of retries for each, in case of failure retries: 1, // Run your local dev server before starting the tests. webServer: { command: 'npm run dev', // Base URL to use in actions like `await page.goto('/')` url: baseURL, // Set the timeout for the server to start timeout: 120 * 1000, // Reuse the server between tests reuseExistingServer: !process.env.CI, }, use: { // Base URL to use in actions like `await page.goto('/')`. baseURL, // Collect trace when retrying the failed test. // See https://playwright.dev/docs/trace-viewer trace: 'retry-with-trace', }, }) ``` Define an additional script to run E2E tests: ```json {{ filename: './package.json', ins: [7], prettier: false }} "scripts": { "dev": "next dev", "build": "next build", "start": "next start", "lint": "next lint", "test:jest": "jest", "test:playwright": "playwright test --ui" }, ``` To ensure your E2E tests don't inadvertently run when invoking the `test:jest` script - which could cause errors due to Playwright tests being incompatible with Jest - update `jest.config.ts` as follows: ```typescript {{ filename: './jest.config.ts', ins: [17] }} import type { Config } from 'jest' import nextJest from 'next/jest.js' const createJestConfig = nextJest({ dir: './', }) const config: Config = { clearMocks: true, testEnvironment: 'jsdom', setupFilesAfterEnv: ['/jest.setup.ts'], // map next-router-mock to the next/navigation module it mocks // learn more - https://github.com/scottrippey/next-router-mock moduleNameMapper: { '^next/navigation$': 'next-router-mock', }, testPathIgnorePatterns: ['/e2e/', '/.next/', '/node_modules/'], } export default createJestConfig(config) ``` #### Enable Clerk testing tokens Clerk [testing tokens](/docs/testing/overview#testing-tokens) allow you to bypass Clerk's bot detection mechanisms, which can otherwise block automated test requests with "bot traffic detected" errors. The @clerk/testing library makes accessing Clerk testing tokens easy by automatically obtaining one when your test suite starts. It then offers the `setupClerkTestingToken` function, which injects the token, enabling your tests to bypass Clerk's bot detection mechanisms without any hassle. The `clerk.signIn` method internally uses the `setupClerkTestingToken` helper, so there's no need to call it separately when using this method. > \[!NOTE] > While it's helpful to understand why this is necessary, @clerk/testing and the Playwright integration abstract away the details, so you don't have to manage tokens manually. To configure Playwright with Clerk, create `./e2e/global.setup.ts` and call the `clerkSetup()` function: ```typescript {{ filename: './e2e/global.setup.ts' }} import { clerkSetup } from '@clerk/testing/playwright' import { test as setup } from '@playwright/test' // Setup must be run serially, this is necessary if Playwright is configured to run fully parallel: https://playwright.dev/docs/test-parallel setup.describe.configure({ mode: 'serial' }) setup('global setup', async ({}) => { await clerkSetup() }) ``` Next, make sure `global.setup.ts` is called from `./playwright.config.ts`: ```typescript {{ filename: './playwright.config.ts', del: [1], ins: [2, [34, 49]] }} import { defineConfig } from '@playwright/test' import { defineConfig, devices } from '@playwright/test' // Set the port for the server const PORT = process.env.PORT || 3000 // Set webServer.url and use.baseURL with the location of the WebServer // respecting the correct set port const baseURL = `http://localhost:${PORT}` export default defineConfig({ // Look for tests in the "e2e" directory testDir: './e2e', // Set the number of retries for each, in case of failure retries: 1, // Run your local dev server before starting the tests. webServer: { command: 'npm run dev', // Base URL to use in actions like `await page.goto('/')` url: baseURL, // Set the timeout for the server to start timeout: 120 * 1000, // Reuse the server between tests reuseExistingServer: !process.env.CI, }, use: { // Base URL to use in actions like `await page.goto('/')` baseURL, // Collect trace when retrying the failed test. // See https://playwright.dev/docs/trace-viewer trace: 'retry-with-trace', }, // Configure projects for major browsers projects: [ { name: 'global setup', testMatch: /global\.setup\.ts/, }, { name: 'Main tests', testMatch: /user-submits-review\.spec\.ts/, use: { ...devices['Desktop Chrome'], // or your browser of choice }, dependencies: ['global setup'], }, ], }) ``` #### Create a test Clerk user Since E2E tests interact with the Clerk API and require user authentication, you must create a real Clerk user and supply your test runner with the user's credentials. These credentials allow your tests to sign in, simulate an authenticated user state, and ensure everything functions as expected in a real-world scenario. Create a test user through the Clerk dashboard: ![./create-user.png](./create-user.png) Add the username and password to `.env.local`. Also add your Clerk application's `SECRET_KEY` and `PUBLISHABLE_KEY` if you haven't already: ```bash {{ filename: './env.local' }} E2E_CLERK_USER_USERNAME=xxxxxxxxx E2E_CLERK_USER_PASSWORD=xxxxxxxxx CLERK_SECRET_KEY=xxxxxxxxx CLERK_PUBLISHABLE_KEY=xxxxxxxxx ``` > \[!IMPORTANT] > Replace `xxxxxxxxx` with your actual credentials. > > If you have enabled usernames for your Clerk application, set `E2E_CLERK_USER_USERNAME` to a username. If your Clerk application does not support usernames, set it to an email address instead. Next, update your `playwright.config.ts` file to load environment variables such that they can be accessed from your tests: ```typescript {{ filename: './playwright.config.ts', ins: [3, 4, 6, 7] }} // At the top of the file import { defineConfig, devices } from '@playwright/test' import dotenv from 'dotenv' import path from 'path' // Read the .env.local file and set the environment variables dotenv.config({ path: path.resolve(__dirname, '.env.local') }) ``` You now have everything in place to write an end-to-end test. ### Test case: Users can authenticate and successfully submit a review This test verifies a critical user flow in a Clerk-authenticated application: signing in, submitting a review, and signing out. Since this is an end-to-end test, it will cover multiple points in the system, ensuring that real user interactions work as expected. Create `./e2e/user-submits-review.spec.ts` and paste the following: ```typescript {{ filename: './e2e/user-submits-review.spec.ts' }} import { test, expect } from '@playwright/test' import { clerk } from '@clerk/testing/playwright' test('user can sign in, submit a review and sign out', async ({ page }) => { await page.goto('/sign-in') // Clerk's signIn utility uses setupClerkTestingToken() under the hood, so no reason to call it separately await clerk.signIn({ page, signInParams: { strategy: 'password', identifier: process.env.E2E_CLERK_USER_USERNAME!, password: process.env.E2E_CLERK_USER_PASSWORD!, }, }) await page.goto('/submit-review') await expect(page).toHaveURL('/submit-review') // Fill in the review form await page.getByLabel(/review/i).fill('Had a great experience!') await page.getByLabel(/rating/i).fill('5') await page.getByRole('button', { name: /submit/i }).click() await expect(page.getByText(/form submitted successfully/i)).toBeVisible() // Clerk's signOut utility uses setupClerkTestingToken() under the hood, so no reason to call it separately await clerk.signOut({ page }) expect(page).toHaveURL('/') }) ``` > \[!TIP] > > The `clerk.signIn()` function automatically uses the `setupClerkTestingToken()` helper, so there's no need to call it manually. The test starts by navigating to the sign-in page and using Clerk's `signIn` utility to authenticate a test user. Once signed in, the test redirects to the review submission page, where it completes and submits a form, then verifies a success message. Finally, it signs out and confirms redirection to the home page. Running this test in the future will help catch any errors introduced by code changes. If a change breaks the functionality, the test will fail, alerting you to the issue. If the test passes, you can be confident that this flow in your application is working as it should. ### Running the end-to end tests Run `test:playwright` to execute your end-to-end tests: ```bash {{ filename: 'Terminal' }} npm run test:playwright ``` The result: ![./playwright-results.png](./playwright-results.png) ## Conclusion In the introduction, key questions were posed about testing in Clerk applications: - What should be tested? - How should it be tested? - Should integration or end-to-end tests be used? - How can Clerk be effectively mocked? This post has provided comprehensive answers to these questions, guiding you through the process of developing a robust testing strategy against a practical application. Equipped with this knowledge, you now have the tools to confidently implement a balanced testing strategy for any appliation using Clerk for [Next.js authentication](/nextjs-authentication). For more detailed guidance on testing Clerk applications, be sure to check out the [Clerk documentation on testing](/docs/testing/overview). --- # Implementing multi-tenancy into a Supabase app with Clerk URL: https://clerk.com/blog/multitenancy-clerk-supabase-b2b.md Date: 2025-03-31 Category: Guides Description: Learn how to build B2B applications with Clerk and Supabase. Collaborative software is on track to become a nearly $53 billion\* industry by 2032. Needless to say, adding collaborative, multitenant features into your application will position you to capture a piece of that revenue. In recent articles, we’ve covered how Supabase’s architecture relies on Postgres RLS to secure data within the database. While team-based features can be complex to implement, Clerk’s B2B tools integrate seamlessly with Supabase, enabling multi-tenancy with minimal configuration changes. In this article, you'll learn exactly how the integration works. To follow along, you should have a general understanding of Supabase and ideally have built an application with Clerk and Supabase. If you want to learn more about the integration, we have an [article explaining how Supabase Auth works and how Clerk can be used with Supabase](/blog/how-clerk-integrates-with-supabase-auth). ## Clerk Organizations Clerk simplifies authentication and user management implementation, including team structures and granular permissions. By enabling the Organizations feature in the Clerk dashboard, you empower your users to create teams where they can invite other team members to collaborate. Admin users can also manage roles and permissions at the individual user level, ensuring each user has the proper level of access. Clerk applies its signature component-driven design to organizations management, offering pre-built UI elements that streamline team permission workflows. One such component is the ``. By adding a single line to your codebase, you get a beautiful drop-down that allows users to create and manage their organizations associated members (if they have the administrator role). ![Organization Switcher](./org-switcher.png) ## Using organizations with Supabase Supabase identifies the party making a request by parsing the claims of the incoming JWT. For example, the following JSON represents the claims of a Clerk user making a request to Supabase, with the `sub` value representing the user ID: ```json { "azp": "http://localhost:3000", "exp": 1748881855, "fea": "u:ai_assistant", "fva": [7142, -1], "iat": 1748881795, "iss": "https://modest-hog-24.clerk.accounts.dev", "jti": "27bb27d6f16174d6a556", "nbf": 1748881785, "pla": "u:pro", "role": "authenticated", "sid": "sess_2xjZ6z85O9Uu2mHhE73Z2JVkh1i", "sub": "user_2s2XJgQ2iQDUAsTBpem9QTu8Zf7", "v": 2 } ``` By setting an active organization for that user (using the `` or [any other method](https://clerk.com/docs/organizations/overview#active-organization)), that user’s claims are modified to include information about the active organization in the `o` object, including the organization ID. The below claims represent a user with an active organization to compare how it differs from the above claims: ```json { "azp": "http://localhost:3000", "exp": 1748881940, "fea": "o:articles", "fva": [7143, -1], "iat": 1748881880, "iss": "https://modest-hog-24.clerk.accounts.dev", "jti": "fb41714162af8da77347", "nbf": 1748881870, "o": { "id": "org_2rxR3osThxAoZXaE7mWeSj065IB", "rol": "admin", "slg": "echoes" }, "pla": "o:free_org", "role": "authenticated", "sid": "sess_2xjZ6z85O9Uu2mHhE73Z2JVkh1i", "sub": "user_2s2XJgQ2iQDUAsTBpem9QTu8Zf7", "v": 2 } ``` ## Parsing the Organization ID value [Our Supabase integration guide](/docs/guides/development/integrations/databases/supabase) walks you through using the `auth.jwt()` function to extract the `sub` value from the JWT claims of the user making the request. This same function can be used to access the `id` value of the `o` object as well. Consider the following RLS policy that restricts users to accessing their own records in the `articles` table: ```sql create policy "Users can view their own articles" on public.articles for select using((auth.jwt() ->> 'sub'::text) = user_id); ``` Updating the `using` statement as follows will reference both the `sub` and `o`.`id` values. When combined with `coalesce`, the policy will first check the `o`.`id` claim and fail back to the `sub` claim if `o` is unavailable (indicating that the user doesn’t have an active organization selected): ```sql create policy "Users can view their own articles" on public.articles for select using( coalesce( (auth.jwt() -> 'o'::text) ->> 'id'::text, (auth.jwt() ->> 'sub'::text) ) = owner_id ); ``` ### Using a dedicated function If you need to create a number of RLS policies, constantly duplicating code to check for both the `sub` and `o`.`id` values can leave some room for human error. An alternate approach to simplify your policies would be to create a dedicated function that checks both values, returning the first available value. The following snippet can be pasted in the Supabase SQL Editor to create that function: ```sql -- Add requesting_owner_id function create or replace function requesting_owner_id() returns text as $$ select coalesce( (auth.jwt() -> 'o'::text) ->> 'id'::text, (auth.jwt() ->> 'sub'::text) )::text; $$ language sql stable; ``` Once created, the function can be used in your RLS policies like so: ```sql create policy "Users can view their own articles" on public.articles for select using (requesting_owner_id() = user_id); ``` > \[!NOTE] > If you are using the legacy method of integrating Clerk with Supabase, update the `requesting_user_id()` function body to achieve the same results. You are welcome to modify the name of the function and relevant column names (I’m partial to `owner_id`) but this small change allows Supabase to automatically use the active organization, if set, with no further changes to the database while falling back to the user ID. ## A practical example To demonstrate, let’s walk through an example using Quillmate, an open-source writing tool built with Next.js, Clerk, and Supabase. If you want to follow along, clone the [`article-add-orgs`](https://github.com/bmorrisondev/quillmate/tree/article-add-orgs) branch from GitHub and step through the readme to get the project running on your computer. Otherwise, feel free to continue reading. ### Enabling Organizations in the dashboard Start by enabling organizations within the Clerk Dashboard by heading to **Configure** > **Settings**, then toggling **Enable organizations**. This simple toggle that enables the use of the organization components with this application. ![Enabling organizations in the Clerk dashboard](./enable-orgs.png) ### Add the `` to the sidebar Next, add the `` to the sidebar near the bottom. This example also includes the `showOrgSwitcher` flag to the component props to indicate that the sidebar is used within a route for organizations. This will allow the sidebar to be used with URL-based organization switching, which is a method of setting the active organization by [using the organization slug directly within the URL](/docs/organizations/org-slugs-in-urls). > \[!NOTE] > Interested in a guide dedicated to switching organizations based on the slug? Let us know in [our feedback portal](https://feedback.clerk.com/roadmap?id=f95553cd-204d-43b8-b2b5-1f84ecf1bd59). Update the `src/app/(protected)/components/sidebar.tsx` file to match the following: ```tsx {{ filename: 'src/app/(protected)/components/sidebar.tsx', ins: [6, 21, 33, 46, 67, [78, 86]], del: [5, 32, 45, 66], prettier: false }} 'use client' import { Button } from "@/components/ui/button" import { type Article } from '@/lib/models' import { UserButton, useUser } from '@clerk/nextjs' import { OrganizationSwitcher, useOrganization, UserButton, useUser } from '@clerk/nextjs' import Link from "next/link" import { useSupabase } from "@/lib/supabase-provider" import { toast } from "sonner" import { useRouter } from "next/navigation" import { useArticleStore } from "../store" interface SidebarProps { showOrgSwitcher?: boolean } type NewArticle = Pick export function Sidebar({ showOrgSwitcher = true }: SidebarProps) { const { user } = useUser() const { organization } = useOrganization() const { supabase } = useSupabase() const router = useRouter() const { articles, isLoadingaddArticle, addArticle } = useArticleStore() async function onNewArticleClicked() { if (!supabase || !user) return const newArticle: NewArticle = { title: 'New Article', content: '', owner_id: user.id owner_id: organization.id ?? user.id } const { error, data } = await supabase .from('articles') .insert(newArticle) .select() .single
() if (error) { toast.error('Failed to create new article') } else { router.push(`/me/${data.id}`) router.push(`${organization ? `/orgs/${organization.slug}` : '/me'}/${data.id}`) addArticle(data) } } return (
{isLoading ? (
Loading articles...
) : ( articles.map((article) => (

{article.title || 'Untitled'}

{new Date(article.updated_at).toLocaleDateString()}
)) )}
{showOrgSwitcher && ( )}
) } ``` Within the application, I now have this new dropdown where I can create an organization and invite others to it: ![Organization switcher open in Quillmate](./create-org.png) ### Update the RLS policies Next, create a migration to add the `requesting_owner_id` function to the database and replace the existing RLS policies to use the function. Run the following command in the terminal to create the migration file: ```bash pnpm supabase migration new support_clerk_orgs ``` This will create a file in the `supabase/migrations` directory with the `support_clerk_orgs` prefix. Add the following SQL to that file: ```sql -- Create the requesting_owner_id function create or replace function requesting_owner_id() returns text language sql stable as $$ select coalesce( (auth.jwt() -> 'o'::text) ->> 'id'::text, (auth.jwt() ->> 'sub'::text) ); $$; -- Update the policies to use requesting_owner_id() drop policy if exists "Users can view their own articles" on articles; drop policy if exists "Users can insert their own articles" on articles; drop policy if exists "Users can update their own articles" on articles; drop policy if exists "Users can delete their own articles" on articles; create policy "Users can view their own articles" on articles for select using (owner_id = requesting_owner_id()); create policy "Users can insert their own articles" on articles for insert with check (owner_id = requesting_owner_id()); create policy "Users can update their own articles" on articles for update using (owner_id = requesting_owner_id()) with check (owner_id = requesting_owner_id()); create policy "Users can delete their own articles" on articles for delete using (owner_id = requesting_owner_id()); ``` Finally, apply the migration to the database by executing the following command in your terminal: ```bash pnpm supabase db push ``` ### Testing the changes With the above changes in place, it's time to test by creating an “article” (which is the main entity of Quillmate) in your personal account and an organization. Start the project by running the following command: ```bash pnpm dev ``` Open the application in your browser using the URL displayed in your terminal. Note how the `` displays “Personal account” to indicate that you do not have an active organization selected. Click the **New Article** button in the sidebar to create an article while in the personal account to populate the database with some data. The editor supports markdown syntax and setting an H1 will automatically set the name of the article in the sidebar. In my environment, I have a single article named “Hello world” in this tenant: ![Hello world article in personal account](./personal-article.png) Use the `` to create an organization and switch to it. Your list of articles should be blank - create another article here as well. In my environment, I have a test organization named “D2 Frontiers”, where I have a completely different article. This is because Supabase is returning all records with an `owner_id` that matches the value of the `o`.`id` value in the claims: ![Article in an active organization](./org-article.png) Next, access the organization settings by opening the `` and selecting **Manage** in the header. Navigate to **Members** and invite another user so they can access the application as well. I recommend using an alternate email address if you have one. As an example, I’ve switched to a completely different user account that also has access to the “D2 Frontiers” organization and can access the same article! ![Article in an active organization as another user](./org-article-alt.png) Back in the database, the values in the `owner_id` column are different depending on the owner type. Note that the article created with my personal account starts has an `owner_id` starting with `user_` and the one created with the organization active starts with `org_`: ![Owner ID values in the database](./owner-id.png) ## Conclusion Using Clerk with Supabase unlocks multi-tenancy and team-based functionality in your application in a matter of minutes with just a few small changes to the code. This empowers your users to create their own groups where individuals can be invited to collaborate within your application. \* [https://www.rocket.chat/blog/collaboration-software](https://www.rocket.chat/blog/collaboration-software) --- # How Clerk integrates with Supabase URL: https://clerk.com/blog/how-clerk-integrates-with-supabase-auth.md Date: 2025-03-31 Category: Guides Description: Learn how Supabase Auth works and how Clerk can provide more capabilities in less time. While Supabase Auth is the default choice for Supabase-powered apps, Clerk is a drop-in replacement offering the same simplicity with an enhanced feature set at your disposal and takes less time to implement. On top of reducing development time, Clerk offers much more than just authentication, from beautifully designed UI components to our suite of B2B tools for multi-tenant applications. In this article, we’ll compare Supabase Auth with Clerk, looking at the differences in implementation and covering some of the additional capabilities offered by Clerk. To follow along with this post, you should have a [basic understanding of Supabase](https://supabase.com/docs/guides/getting-started), ideally having built an application with Supabase as the backend. ## How Supabase Auth works Supabase provides an easy approach to add authentication into your application. To properly compare it with Clerk, it’s important to understand how Supabase Auth is implemented. A default Supabase project comes pre-configured with an `auth` schema in the underlying Postgres instance that stores a list of users and their credentials. This schema is used by the Supabase client SDK, specifically the helper functions which are used with your own forms to simplify the sign up and sign in processes. The following snippet demonstrates the respective functions used with those forms: ```ts // Sign-up const { error } = await supabase.auth.signUp({ email, password, options: { emailRedirectTo: `${location.origin}/auth/callback`, }, }) // Sign-in const { error } = await supabase.auth.signInWithPassword({ email, password, }) ``` Upon signing in, the service will mint a JWT and return it to the caller, which is automatically stored locally by the client SDK. Subsequent requests to Supabase will include the JWT so that the Supabase backend can authenticate the request. When Supabase receives an authenticated request, it will parse the claims from the JWT so it can be used with Row Level Security to prevent unauthorized access to data within the database. The following diagram shows what this flow looks like: ![Auth diagram](./diagram.png) 1. The user signs in using Clerk 2. Clerk issues JWT to the user 3. User makes request to Supabase, including JWT 4. Supabase verifies with the Clerk application JWKS endpoint 5. Clerk verifies token 6. Supabase response to the user with the requested data ## How Row Level Security works with Supabase Auth Row Level Security (RLS) is a feature of Postgres that allows you to control access to data by requiring certain criteria to match before the query will be processed. RLS is enabled and configured on a per-table basis. When enabled, you can define RLS policies which will be evaluated by the database engine before any data in that table is read or modified. The following snippet defines an RLS policy on the `articles` table that ensures only records with “published” in the `status` column are returned: ```sql create policy "Users can read published articles" on public.articles for select using (status = 'published'); ``` Using the above policy as an example, Postgres will effectively transform the following query: ```sql select * from articles; ``` Into: ```sql select * from articles where status = 'published'; ``` Supabase Auth uses RLS policies in a similar fashion but uses a helper function to identify who is making the request. When you’re using Supabase Auth, you have access to the `auth.uid()` function which returns the unique identifier for the user currently signed-in. Building on the same example policy above, the following RLS policy verifies the user ID and only returns data belonging to that user: ```sql create policy "Users can view their own articles" on public.articles for select using (auth.uid()::text = user_id); ``` ### Why RLS? Traditional applications have a dedicated backend system with custom logic to verify the requests being sent. This is normally where you parse the session or user ID from the request and adjust your queries (whether using SQL or an ORM) accordingly to prevent the user from accessing data they shouldn’t. > \[!NOTE] > If you want to further understand how authentication is implemented in a traditional configuration, check out our article on [Building a React login page template](/blog/building-a-react-login-page-template), which walks you through building session-based authentication from scratch. While this same configuration can be set up with Supabase, most developers take advantage of the PostgREST API built into Supabase to save on the hours they’d otherwise spend building and maintaining the backend. PostgREST is a feature of Postgres that provides an API to access the database tables directly over HTTP. The tradeoff of using PostgREST is that you don’t have access to modify the API logic itself. You instead have to rely on RLS to prevent users from accessing data they shouldn’t. ## Clerk as a drop-in replacement to Supabase Auth Clerk’s integration with Supabase functions almost exactly like Supabase Auth with a few minor differences that are transparent when configured properly. Supabase Auth automatically uses its own keys used to mint JWTs. Like Supabase Auth, Clerk employs application-specific JWT keys. Since they are different keys, they are incompatible with each other without additional configuration. Fortunately, Supabase allows you to provide a JSON Web Key Set (JWKS) URL that Supabase can to verify incoming JWTs, and each Clerk application has a dedicated JWKS endpoint with these keys publicly available for this purpose. A JSON Web Key Set (JWKS) is a JSON object that contains a set of keys used to verify the authenticity of JWTs. The JWKS is available by identity providers (like Clerk) through a public URL to be used with third party services for integrations. ### Connecting Clerk with Supabase Clerk is a supported third-party authentication provider for Supabase which can be added in the Supabase dashboard, via **Authentication** > **Sign In/Up** > **Third Party Auth**. When adding Clerk as a provider, a modal will appear asking for the Clerk Domain, which is used to access the JWKS endpoint for your application. From that modal, you can access Clerk's [Supabase Integration Setup page](https://dashboard.clerk.com/setup/supabase), where you can select your application and enable the integration. Once you enable the Supabase integration, all JWTs created by Clerk will include the `"role": "authenticated"` claim which Supabase uses to determine whether the user is authenticated. The following image shows the setup page with the integration enabled: ![Supabase Integration Setup](./connect-supabase.png) You can then use the domain provided in the **Clerk Domain** field (pictured above) when prompted. Supabase will automatically verify JWTs with Clerk instead of its own keys going forward. ![Add new Clerk connection in Supabase](./add-clerk.png) Another difference is in the way that the user ID is referenced within RLS policies. Clerk uses string-based identifiers whereas Supabase uses UUIDs. Since the `auth.uid()` function returns the UUID for the current user, this function cannot be used when accessing Supabase data with Clerk. You’d instead use the `auth.jwt()` function to access data within the JWT, specifically the `sub` claim which corresponds to the ID of the user: ```sql create policy "Users can view their own articles" on public.articles for select using (auth.jwt()->>'sub' = user_id); ``` Finally, when creating the Supabase client within your application, you’d use the Clerk `session` object to request a JWT that is compatible with Supabase, which is the JWT template that uses your Supabase signing key. When using `session.getToken()` for the `accessToken` parameter, requests to Supabase will use the correct JWT created by Clerk: ```tsx import { createClient } from '@supabase/supabase-js' import { useSession } from '@clerk/clerk-react' const { session } = useSession() const client = createClient( process.env.NEXT_PUBLIC_SUPABASE_URL!, process.env.NEXT_PUBLIC_SUPABASE_KEY!, { accessToken: () => session?.getToken(), }, ) ``` > \[!NOTE] > If you are using Next.js, you might be interested in our follow up article on [how Clerk integrates with Next.js and Supabase](/blog/how-clerk-integrates-nextjs-supabase). ## What other benefits does Clerk include? Using Clerk provides a host of other benefits layered on top of [adding authentication](/nextjs-authentication) to your application. As a developer, you can quickly configure various authentication strategies, including social sign-ons, passkeys, and email links, beyond the traditional username and password, accommodating your users based on their preferences. Clerk also provides drop-in UI components that make it easy to extend user management in your application, often with just a single line of code. For example, adding our `` component to your navigation provides users a great experience for managing various aspects of their profile such as updating their sign-in providers, resetting their password, or even remotely signing out other devices. ![User Button](./user-button.jpeg) If you are building a multi-tenant application, our suite of B2B tools makes it easy for you to quickly add teams and organizations to your application. The `` component enables users to create organizations, invite others, and set permissions, ensuring access is limited to what each user needs. ![Organization Switcher](./organization-switcher.jpeg) ## Conclusion With just a bit more configuration, Clerk can not only act as a drop-in replacement for Supabase Auth but also provides more capabilities out of the box with access to a large number of commonly required user management features. And because of our component-first approach to features built with Clerk, you can get up and running with authentication [in as little as 2 minutes](https://www.youtube.com/watch?v=QstMsE_HbgM). --- # Build a blog with tRPC, Prisma, Next.js and Clerk URL: https://clerk.com/blog/build-a-blog-with-trpc-prisma-nextjs-clerk.md Date: 2025-03-14 Category: Guides Description: Learn how to work with tRPC, Prisma, Next.js, and Clerk by building a secure blog application In this tutorial, you'll build a blog app from scratch using many modern and popular technologies such as Next.js, Clerk, tRPC, Prisma, and more. After reading this guide, you'll have a simple blog application that allows users to create and read posts. Let's explore the various technologies used in the article: - Next.js is the React framework used throughout this guide, specifically using the [App Router](/docs/quickstarts/nextjs). - Clerk is used for [user management](/docs/user-authentication) and [authentication](/docs/nextjs-authentication). - Prisma will be the ORM used to connect to the database. - Vercel is used for hosting and automated deployments. - Neon is a serverless Postgres database, and you'll actually use Vercel to automate deployment of the database as well. - Tanstack Query simplifies the process of fetching and caching data. - [tRPC](/docs/references/nextjs/trpc) provides a type-safe API endpoint wrapper around Tanstack Query. - Zod is used for schema validation. - Tailwind provides a simple and modern way to style your app with CSS. You'll start by creating a Next.js app and integrating Clerk into it for authentication. Then you'll deploy the application to Vercel, where you will also create a Neon database that will be used by Prisma to access and manipulate data within that database. At this point the application will be fully functional, however the rest of the tutorial further enhances the type-safety of your app by adding Tanstack Query, tRPC, and zod. Finally, you'll learn how to create protected procedures using Clerk's authentication context. To follow along, you should have Node.js installed on your computer and a Vercel account. Familarity with React and Next.js is recommended as well. > Check out the finished product in Clerk's demo repository: > [https://github.com/clerk/clerk-nextjs-trpc-prisma](https://github.com/clerk/clerk-nextjs-trpc-prisma) ## Setting up a Next.js application with Clerk Start by opening your terminal and running the following command to create a new Next.js application. When prompted for the various configuration options, use the options specified below: ```bash npx create-next-app@latest # Use the following configuration ✔ Would you like to use TypeScript? … Yes ✔ Would you like to use ESLint? … No ✔ Would you like to use Tailwind CSS? … Yes ✔ Would you like your code inside a `src/` directory? … No ✔ Would you like to use App Router? (recommended) … Yes ✔ Would you like to use Turbopack for `next dev`? … Yes ✔ Would you like to customize the import alias (`@/*` by default)? … No ``` Once the application has been created, follow the [quickstart in the docs](https://clerk.com/docs/quickstarts/nextjs) to add Clerk to it. Alternatively, you can clone the [Clerk Next.js quickstart repository](https://github.com/clerk/clerk-nextjs-app-quickstart). This repository contains a pre-configured Next.js app with Clerk already added in keyless mode, which allows you to test the authentication features in your app locally without having to create an account. ```bash git clone https://github.com/clerk/clerk-nextjs-app-quickstart ``` ### Create a Clerk application Since keyless mode only works for local development, you will want to create a Clerk account and an application in the [dashboard](https://dashboard.clerk.com) to deploy your application to Vercel. The Clerk Dashboard is where you, as the application owner, can manage your application's settings, users, and organizations. For example, if you want to enable phone number authentication, multi-factor authentication, social providers like Google, delete users, or create organizations, you can do all of this and more in the Clerk Dashboard. ### Set your Clerk API keys You need to set your Clerk API keys in your app so that your app can use the configuration settings that you set in the Clerk Dashboard. 1. In the Clerk Dashboard, navigate to the [**API keys**](https://dashboard.clerk.com/last-active?path=api-keys) page. 2. In the **Quick Copy** section, copy your Clerk Publishable and Secret Keys. 3. In your `.env` file, set the `NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY` and `CLERK_SECRET_KEY` environment variables to the values you copied from the Clerk Dashboard. ```env NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY={{pub_key}} CLERK_SECRET_KEY={{secret_key}} ``` ## Install dependencies and test your app While developing, it's best practice to keep your project running so that you can test your changes as you work. So, let's make sure the app is working as expected. 1. Run the following commands to install the dependencies and start the development server: ```bash npm install npm run dev ``` 2. Open your browser and navigate to the URL displayed in your terminal. The default is `http://localhost:3000` and will be used through the remainder of the tutorial. It should render a new Next.js app, but with a "Sign in" and "Sign up" button in the top right corner. ![The development instance running.](./one.png) 3. Select the "Sign in" button. You should be redirected to your Clerk [Account Portal sign-in](https://clerk.com/docs/account-portal/overview#sign-in) page, which renders Clerk's [``](https://clerk.com/docs/components/sign-in) component. The `` component will look different depending on the configuration of your Clerk instance. ![A Clerk Account Portal sign-in page.](./two.png) 4. Sign in to your Clerk application. 5. You should be redirected back to your app, where you should see Clerk's [``](https://clerk.com/docs/components/user/user-button) component in the top right corner. ## Install Prisma ORM Run the following command to install Prisma: ```bash npm install prisma --save-dev ``` Then run `npx prisma init` to initialize Prisma in your project. ```bash npx prisma init ``` This will create a new `prisma` directory in your project, with a `schema.prisma` file inside of it. The `schema.prisma` file is where you will define your database models. The `prisma init` command will also update your `.env` file to include a `DATABASE_URL` environment variable, which is used to store your database connection string. If you have a database already, great! If not, let's spin one up using Vercel. ## Deploy to Vercel Before you can create a database using Vercel, you first need to deploy your app to Vercel. 1. Create a repository on GitHub for your app. If you're not sure how to do this, follow the [GitHub docs](https://docs.github.com/en/repositories/creating-and-managing-repositories/creating-a-new-repository). 2. Go to [Vercel](https://vercel.com) and add a new project. While going through the process, select the **Environment Variables** dropdown, and add your Clerk Publishable and Secret Keys. ![Vercel dashboard showing where to input environment variables](./three.png) 3. Select **Deploy** to deploy your app to Vercel. 4. Select the **Settings** tab. 5. In the left sidenav, select **Functions**. 6. Under **Function Region**, there should be a tag next to one of the continents. Select the continent where the tag is, and the dropdown will reveal what regions on Vercel's network that your Vercel Functions will execute in. Take note of the region. Keep the Vercel dashboard open. ![Vercel dashboard with an arrow pointing to a tag that says "iad1", and an arrow pointing to a highlighted element that says "Washington, D.C., USA (EAST) - us-east-1 - iad1"](./four.png) ## Spin up a database 1. While still in Vercel's dashboard, select the **Storage** tab. 2. Select **Create Database**. 3. Select **Neon** as the database provider and select **Continue**. 4. Select the **Region** dropdown and select the region you noted earlier. You want your database's region to match your Vercel Functions region for optimal performance. 5. Select **Continue**. 6. Copy the environment variables and add them to your `.env` file. They should look something like this: ```env # Recommended for most uses DATABASE_URL=*** # For uses requiring a connection without pgbouncer DATABASE_URL_UNPOOLED=*** # Parameters for constructing your own connection string PGHOST=*** PGHOST_UNPOOLED=*** PGUSER=*** PGDATABASE=*** PGPASSWORD=*** # Parameters for Vercel Postgres Templates POSTGRES_URL=*** POSTGRES_URL_NON_POOLING=*** POSTGRES_USER=*** POSTGRES_HOST=*** POSTGRES_PASSWORD=*** POSTGRES_DATABASE=*** POSTGRES_URL_NO_SSL=*** POSTGRES_PRISMA_URL=*** ``` ## Create a database model Now that your database is created and connected to your app, it's time to create a database model. The main entity of the application is a `Post` that represents each entry in the blog app, so add the following `Post` model to your `schema.prisma` file: ```prisma model Post { id Int @id @default(autoincrement()) title String content String? published Boolean @default(false) authorId String } ``` ## Update your database schema Run the following command to apply your schema to your database: ```bash npx prisma migrate dev --name init ``` This creates an initial migration creating the `Post` table and applies that migration to your database. ## Set up Prisma Client Now it's time to set up the Prisma Client and connect it to your database. You'll want to create a single client and bind it to the `global` object so that only one instance of the client is created in your application. This helps resolve issues with hot reloading that can occur when using Prisma with Next.js in development mode. Create the `lib/prisma.ts` file and add the following code to it: ```ts {{ filename: 'lib/prisma.ts' }} import { PrismaClient } from '@prisma/client' const prisma = new PrismaClient() const globalForPrisma = global as unknown as { prisma: typeof prisma } if (process.env.NODE_ENV !== 'production') globalForPrisma.prisma = prisma export default prisma ``` ### Query your database Now that all of the set up is complete, it's time to start building out your app! Let's start with your homepage. Replace the contents of `app/page.tsx` with the following code: ```tsx {{ filename: 'app/page.tsx' }} import Link from 'next/link' import prisma from '@/lib/prisma' export default async function Page() { const posts = await prisma.post.findMany() // Query the `Post` model for all posts return (

Posts

{posts.map((post) => ( {post.title} by {post.authorId} ))}
Create New Post
) } ``` This code fetches all posts from your database and displays them on the homepage, showing the title and author ID for each post. It uses the [`prisma.post.findMany()`](https://www.prisma.io/docs/orm/reference/prisma-client-reference?utm_source=docs#findmany) method, which is a Prisma Client method that retrieves all records from the database. That shows how to query for all records, but how do you query for a single record? ### Query a single record Let's add a page that displays a single post. This page uses the URL parameters to get the post's ID, and then fetches it from your database and displays it on the page, showing the title, author ID, and content. It uses the [`prisma.post.findUnique()`](https://www.prisma.io/docs/orm/reference/prisma-client-reference?utm_source=docs#findunique) method, which is a Prisma Client method that retrieves a single record from the database. Create the `app/posts/[id]/page.tsx` file and paste the following code in it: ```tsx {{ filename: 'app/posts/[id]/page.tsx' }} import prisma from '@/lib/prisma' export default async function Post({ params }: { params: Promise<{ id: string }> }) { const { id } = await params const post = await prisma.post.findUnique({ where: { id: parseInt(id) }, }) if (!post) { return (
No post found.
) } return (
{post && (

{post.title}

by {post.authorId}

{post.content || 'No content available.'}
)}
) } ``` Test the page by navigating to a post's URL. For example, `http://localhost:3000/posts/1`. For now, it should show a "No post found" message because you haven't created any posts yet. Let's add a way to create posts. ### Create a new post Next you'll create a page that allows users to create new posts. This page uses Clerk's [`auth()`](https://clerk.com/docs/references/nextjs/auth) helper to get the user's ID. It is a helper that is specific to Next.js App Router, and it provides authentication information on the server side. - If there is no user ID, the user is not signed in, so a sign in button is displayed. - If the user is signed in, the "Create New Post" form is displayed. When the form is submitted, the `createPost()` function is called. This function creates a new post in the database using the [`prisma.post.create()`](https://www.prisma.io/docs/orm/reference/prisma-client-reference?utm_source=docs#create) method, which is a Prisma Client method that creates a new record in the database. Create the `app/posts/create/page.tsx` file and paste in the following code: ```tsx {{ filename: 'app/posts/create/page.tsx' }} import Form from 'next/form' import prisma from '@/lib/prisma' import { redirect } from 'next/navigation' import { SignInButton, useAuth } from '@clerk/nextjs' import { revalidatePath } from 'next/cache' import { auth } from '@clerk/nextjs/server' export default async function NewPost() { const { userId } = await auth() // Protect this page from unauthenticated users if (!userId) { return (

You must be signed in to create a post.

) } async function createPost(formData: FormData) { 'use server' // Type check if (!userId) return const title = formData.get('title') as string const content = formData.get('content') as string await prisma.post.create({ data: { title, content, authorId: userId, }, }) revalidatePath('/') redirect('/') } return (

Create New Post