Clerk Changelog

Offer your users more peace of mind with email notifications for sign-ins from unfamiliar devices. This feature helps users identify potentially malicious activity and take action, such as revoking suspicious sessions.

How It Works

When a user signs in from an unrecognized device, Clerk sends an email notification to the account owner. The email includes essential details about the sign-in device, such as:

• Device type
• Operating system
• IP address
• Location
• Sign-in method

Like all emails delivered by Clerk, you can customize the template in the Clerk Dashboard⁠. And for supported instances, the email may also include a button to sign out from the unrecognized device immediately.

Get Started

New device sign-in emails are enabled by default for all new applications but are disabled by default for existing instances.

For more information, visit the Unauthorized Sign-In reference page in our docs.

We're excited to introduce our @clerk/agent-toolkit package, a new experimental package designed to integrate Clerk into your AI agent workflows. This toolkit empowers developers to build powerful agentic systems with support for managing users, user data, organizations, and more. It's designed to work seamlessly with frameworks like Vercel's AI SDK and LangChain.

Adding Clerk to your workflow is as simple as:

import { createClerkToolkit } from '@clerk/agent-toolkit/ai-sdk'
import { openai } from '@ai-sdk/openai'
import { streamText } from 'ai'
import { auth } from '@clerk/nextjs/server'

export async function POST(req: Request) {
  const { messages } = await req.json()

  // 1. Instantiate the toolkit
  const toolkit = await createClerkToolkit()

  const result = streamText({
    model: openai('gpt-4o'),
    messages,
    system: systemPrompt,
    // 2. Pass the tools to the model
    tools: toolkit.users(),
  })

  return result.toDataStreamResponse()
}

Running a local MCP server is just as easy:

npx -y @clerk/agent-toolkit -p local-mcp --secret-key sk_123

Key Features

• Vercel AI SDK & LangChain support: First-class support for Vercel's AI SDK and LangChain, with framework-specific helpers for each.
• Local MCP server support: The @clerk/agent-toolkit package comes with a standalone local MCP server so you can easily integrate Clerk with any MCP client such as Claude Desktop.
• Session context injection: Easily inject session claims (userId, sessionId, orgId) into system prompts for contextual awareness.
• Scoped helpers: Support for scoping actions to specific users or organizations to limit resource access.

Up Next

• Openai SDK support (coming soon): We're actively working on adding support for the openai SDK. Stay tuned for updates!

Try it today

Install the package using your preferred package manager and start building today:

npm install @clerk/agent-toolkit

Check out our example repository⁠ and the package's documentation⁠ to learn more.

We'd love to hear from you as you build. Your feedback will help shape the future of Clerk and AI. Reach out to ai@clerk.dev.

Clerk now offers OpenID Connect (OIDC) support for your Clerk instance, making the authentication across third-party services even easier. This update provides greater flexibility, enhanced security, and more control over authentication flows.

What's New?

• OpenID Connect (OIDC) support – Authenticate with external services using industry-standard protocols and ID Tokens.
• OAuth application management in the Clerk Dashboard – Configure and manage your settings directly from one central place.
• Support for multiple redirect URIs - Seamlessly handle different environments (development, production) without extra work.
• Token introspection endpoint - Validate and inspect Access and Refresh tokens securely, ensuring better control over access management.
• Improved authentication control – Support for none and login prompts, giving you finer control over user authentication.

Upgrade from the legacy OAuth 2.0 provider

For any Clerk application which already using the legacy OAuth 2.0 provider, migrating to take advantage of the new OpenID Connect (OIDC) compatible provider is a self-service process. Simply migrate directly from the Clerk Dashboard⁠ to utilize the new and improved functionality.

Try it today

Get started today by creating your first OAuth application, visiting the Clerk Dashboard⁠.

To learn more visit our documentation page.

We're excited to announce native Passkeys support for Clerk's Expo SDK.

Implementation

Adding Passkeys support to your Expo app is straightforward using the user.createPasskey() method from useUser() hook and the signIn.authenticateWithPasskey() method from useSignIn() hook.

Create a Passkey

const CreatePasskeyPage = () => {
  const { user } = useUser()

  const handlePasskeySignIn = async () => {
    if (!user) return
    try {
      return await user.createPasskey()
    } catch (e: any) {
      // Handle errors
    }
  }
}

Sign in with Passkey

const SignInWithPasskeyPage = () => {
  const { signIn } = useSignIn()

  const handlePasskeySignIn = async () => {
    try {
      const signInAttempt = await signIn?.authenticateWithPasskey({
        flow: 'discoverable',
      })

      if (signInAttempt?.status === 'complete') {
        await setActive({ session: signInAttempt.createdSessionId })
        router.push('/')
      } else {
        // Handle errors
      }
    } catch (err) {
      // Handle errors
    }
  }
}

Getting Started

To implement Passkeys in your Expo application:

1. Enable Passkeys in your Clerk Dashboard⁠
2. Follow our Passkeys integration guide for detailed setup instructions

Platform Support

• iOS 16.0 or later
• Android 9+ or later

Visit our documentation to learn more about implementing Passkeys in your Expo application.

We're excited to announce support for SAML on both Expo and iOS SDKs.

Visit our documentation for step-by-step integration guides with @clerk/expo or iOS⁠

We're excited to announce the release of the Clerk Ruby Backend SDK 4.0! Below is a quick preview of the major changes that we've made.

First-Class Framework Support

In the past, outside of the standard Rails configuration, you had to create your own adapters and helpers to work with Clerk. With this release, we've added or expanded on first-class support for Rails, Rails API, Sinatra, and Rack so that everything works out of the box for the most popular frameworks and configurations.

Here's a quick preview of what 4.0 offers:

Clerk.configure do |config|
  config.secret_key = 'sk_live_*****'
end

sdk = Clerk::SDK.new
sdk.users.get_user('*****')

class AdminController < ApplicationController
  include Clerk::Authenticatable

  def index
    @user = clerk.user
  end
end

# Sinatra
class App < Sinatra::Base
  register Sinatra::Clerk

  get "/admin" do
    @user = clerk.user
    erb :index, format: :html5
  end
end

OpenAPI

We've also brought the SDK into full alignment with our Backend API thanks to now generating parts of the SDK from our OpenAPI spec⁠.

You can view the full generated documentation on GitHub⁠.

Upgrading

Upgrade your gem by installing version ~> 4.0.0:

gem 'clerk-skd-ruby', '~> 4.0.0', require: 'clerk'

Breaking Changes

Please note that this release contains a number of breaking changes. Please refer to the upgrade guide for more information.