Clerk Changelog

Understand how sticky your product is with the new user retention report. Clerk automatically tracks how often users are coming back to your application after sign up, enabling you to visualize how your retention is trending versus industry benchmarks.

Features

• Change the interval to see how your user cohorts retain over the first 30 days, 8 weeks, and 3 months.
• Visualize how your retention is changing over time by comparing the last three or six cohorts.
• Set a goal shape to measure how your retention is improving towards industry benchmarks.
• View recent cohorts in progress, or toggle off 'show incomplete period' to see only cohorts with complete data.

We're launching the Clerk MCP server in public beta — a Model Context Protocol⁠ server that helps AI coding assistants like Claude, Cursor, and GitHub Copilot provide accurate SDK snippets and implementation patterns when working with Clerk. Your agent can use Clerk's MCP server to pull up-to-date implementation guidance and best practices.

Once connected, you can ask your AI assistant questions like:

• "How do I implement authentication hooks in Next.js?"
• "Set up a B2B SaaS with organizations and role-based permissions"
• "Create a waitlist flow for my app"
• "Protect API routes with Clerk"

To see complete setup instructions and learn more about the Clerk MCP server, head to the documentation.

We'd love to get your feedback as you try out the Clerk MCP server. Reach out through our feedback portal⁠ or join the discussion in our Discord community.

We're excited to announce the launch of our new Solana⁠ authentication strategy, which makes it easy for developers to integrate Solana wallet sign-ins into their applications.

Getting Started

• Enable Solana as a Web3 authentication strategy in the Clerk Dashboard⁠
• Use the <SignIn/> and <SignUp/> components to allow users to authenticate with their Solana wallets
• See our Solana authentication documentation for detailed setup instructions and code examples

You can now control which roles are available to each organization using Role Sets. Assign different Role Sets to different organizations based on subscription tiers, customer cohorts, or business needs — if a role isn't in an organization's Role Set, members can't be assigned that role.

What's new

Role Sets allow you to define separate collections of roles and permissions across organizations. This enables advanced use cases like:

• Creating different role hierarchies for different teams or departments
• Isolating permissions across multiple products or services within one organization
• Building flexible multi-tenant architectures with customizable access patterns
• Supporting complex organizational structures with varying authorization needs

Use Role Sets when different Organizations need different available Roles. This works well for:

• Different pricing tiers - Your Free plan offers only admin and member, Pro adds moderator and analyst, and Enterprise adds security_admin and compliance_officer.
• Different customer cohorts - Small practices get physician and nurse, while large hospitals also get department_head and specialist. All cohorts share admin and member, but get additional Roles specific to their size.

When you modify a Role Set, the changes are automatically applied to all Organizations using it. This makes it easy to roll out new Roles across multiple Organizations at once.

Each instance gets one role set by default at no additional cost. Additional role sets require the Enhanced Organizations add-on.

Getting started

Visit the Role Sets documentation⁠ to learn how to create and manage Role Sets for your organizations.

You can also manage Role Sets through the Clerk Dashboard or programmatically via the Backend API. Visit the Role Sets documentation⁠ for detailed guides, or see the Backend API reference⁠ for API details.

In an ongoing effort to improve the security of your Clerk instances, starting today, only users of your Clerk workspace who are Admin roles will be able to manage secret keys on the Instance / API Keys page. The Member role can no longer reveal, create, or delete secret keys.

Member role can still list all Secret keys and view non-sensitive details such as name, creation date and last-used date.

JWTs are now the default for newly created applications, while existing applications continue using opaque tokens unless changed.

Why JWT?

JWT access tokens offer several advantages:

• Networkless verification — JWTs can be verified locally using your instance's public key, without making a network request to Clerk's servers
• Self-contained — All necessary information (user ID, scopes, expiration) is embedded in the token itself
• Better compatibility — Many third-party tools and libraries expect JWT tokens

When to use opaque tokens

Opaque tokens remain valuable for security-sensitive scenarios:

• Instant revocation — Opaque tokens can be invalidated immediately, while JWTs remain valid until they expire

How to configure

To change your OAuth access token format:

1. Navigate to OAuth applications⁠ in the Clerk Dashboard
2. Select the Settings tab
3. Toggle Generate access tokens as JWTs on or off
4. Save your changes

Clerk's SDKs automatically handle verification for both token formats — no code changes are required when switching between them. For manual verification of JWT tokens outside of Clerk's SDKs, use the same approach as session token verification with your instance's public key.

For more details on the differences between token formats, see the token formats documentation.