Changelog

Mar 12

Organization activity report

Category: Dashboard
Published: Mar 12

Visualize how active each organization is in your application

The organization activity report shows daily member engagement levels for each org, helping you understand how teams are using your product.

Visualize engagement - Each day in the report is color-coded by the percentage of total organization members who were active, making it easy to spot trends and patterns.
Navigate by year - Use the year selector to browse activity across different years.
Hover for details - Tooltips show the percentage of org members who were active on each day.

Note: Activity data is available starting from January 2026.

To view the activity report, open any organization's profile page from the Organizations list in your Clerk Dashboard.

Keep an eye out for continued improvements to the organization profile page.

Mar 9

Create and manage enterprise connections through Clerk's API

Category: API
Published: Mar 9

Create, list, read, update, and delete enterprise connections programmatically.

You can now fully manage both SAML and OIDC enterprise connections via the Clerk Backend API. Previously, you could only manage SAML connections via the API.

What's new

The following endpoints are now available on Clerk's backend API:

Method	Path	Description
`POST`	`/v1/enterprise_connections`	Create an enterprise connection. Accepts `provider`, `domains`, `name` and `organization_id` as params
`GET`	`/v1/enterprise_connections`	List enterprise connections. Query: `organization_id` (optional), pagination.
`GET`	`/v1/enterprise_connections/{enterpriseConnectionID}`	Get a single enterprise connection.
`PATCH`	`/v1/enterprise_connections/{enterpriseConnectionID}`	Update an enterprise connection.
`DELETE`	`/v1/enterprise_connections/{enterpriseConnectionID}`	Delete an enterprise connection.

If you currently use the /saml_connections endpoint, we recommend migrating to the new /enterprise_connections endpoint. This unified API allows you to manage both SAML and OIDC connections, and will serve as the primary interface moving forward. Support for the legacy SAML endpoint may be phased out in the future.

Getting started

Visit the API reference for detailed documentation on request parameters and response formats.

Mar 9

Native React Native components, Google Sign-In, and Core 3

Category: SDK
Published: Mar 9

@clerk/expo now ships prebuilt native components (AuthView, UserButton, UserProfileView), native Google Sign-In, and Core-3 Signal APIs.

@clerk/expo 3.1 brings native UI components powered by SwiftUI (iOS) and Jetpack Compose (Android), native Google Sign-In, and the new Core-3 Signal API. This is a major version bump that requires Expo SDK 53+.

Native React Native components

Three prebuilt native components are now available from @clerk/expo/native:

<AuthView /> renders the full sign-in/sign-up UI natively, with support for signIn, signUp, and signInOrUp modes. Session sync to the JS SDK happens automatically.
<UserButton /> displays the user's avatar and opens the native profile modal on tap. It fills its parent container, so the parent controls the size and shape.
<UserProfileView /> renders the profile management UI inline. For modal presentation, use the new useUserProfileModal() hook.

All components use hook-based state management rather than callbacks. React to auth state changes with useAuth() in a useEffect:

import { AuthView, UserButton } from '@clerk/expo/native'
import { useAuth, useUserProfileModal } from '@clerk/expo'

function App() {
  const { isSignedIn } = useAuth()
  const { presentUserProfile } = useUserProfileModal()

  if (!isSignedIn) {
    return <AuthView mode="signInOrUp" />
  }

  return (
    <>
      <View style={{ width: 44, height: 44, borderRadius: 22, overflow: 'hidden' }}>
        <UserButton />
      </View>
      <TouchableOpacity onPress={presentUserProfile}>
        <Text>Manage Profile</Text>
      </TouchableOpacity>
    </>
  )
}

These components require the @clerk/expo Expo config plugin, which automatically adds the clerk-ios and clerk-android native SDKs to your project. See the native components overview for setup and usage.

Google Sign-In now uses platform-native APIs instead of browser-based OAuth:

iOS: ASAuthorization (system credential picker)
Android: Credential Manager (one-tap / passkey-ready)

This is exposed via the NativeClerkGoogleSignIn TurboModule spec and integrated into the @clerk/expo config plugin. No extra packages are needed beyond configuring your Google OAuth credentials in the Clerk Dashboard.

Core-3 Signal APIs

@clerk/expo 3.1 ships with the Core-3 Signal API, which replaces the legacy setActive() pattern with reactive hooks:

// Core 3
const { signIn } = useSignIn()
await signIn.create({ identifier: email })
await signIn.password({ password })
if (signIn.status === 'complete') {
  await signIn.finalize({ navigate: () => router.push('/') })
}

Key changes from Core 2:

signIn.password(), signIn.emailCode.sendCode() replace signIn.attemptFirstFactor()
signIn.finalize() replaces setActive({ session: signIn.createdSessionId })
Error handling via errors.fields.identifier?.message instead of try/catch

See the Expo quickstart and Core-3 upgrade guide for migration details.

New hooks

Three new hooks are exported from @clerk/expo:

Hook	Description
`useUserProfileModal()`	Present the native profile modal imperatively. Returns `{ presentUserProfile, isAvailable }`.
`useNativeSession()`	Access native SDK session state: `isSignedIn`, `sessionId`, `user`, `refresh()`.
`useNativeAuthEvents()`	Listen for auth state changes (`signedIn`, `signedOut`) from native components.

Get started

Follow the Expo quickstart to set up a new project with native components, or check the native components reference for the full API. The clerk-expo-quickstart repo has three example apps: JS-only, JS with native sign-in, and full native components.

Mar 5

JWT format support for M2M tokens

Category: M2M
Published: Mar 5

M2M tokens can now be issued as JWTs, enabling networkless verification and eliminating per-verification costs.

Why JWT?

JWT M2M tokens offer several advantages over opaque tokens:

Networkless verification — JWTs can be verified locally using your instance's public key, without making a network request to Clerk's servers
No verification cost — Opaque token verification costs $0.00001 per request, while JWT verification is free since it happens locally
Self-contained — All necessary information (machine ID, claims, expiration) is embedded in the token itself
Lower latency — Local verification is significantly faster than a network round-trip

When to use opaque tokens

Opaque tokens remain valuable for security-sensitive scenarios:

Instant revocation — Opaque tokens can be invalidated immediately, while JWTs remain valid until they expire
Maximum security — Opaque tokens do not contain any embedded information. Server-side verification is required to access payload data.

Getting Started

Dashboard

To generate your M2M token format:

Navigate to Machines in the Clerk Dashboard
Select the machine you want to generate the token for.
Select Generate token
Toggle Generate token as JWT
Select Create

SDK

// Create a JWT token on Machine A
const m2mToken = await clerkClient.m2m.createToken({
  tokenFormat: 'jwt',
})

// Send authenticated request to Machine B
await fetch('<machine-b-url>', {
  headers: {
    Authorization: `Bearer ${m2mToken.token}`,
  },
})

// Verify the token on Machine B — no network request needed
const verified = await clerkClient.m2m.verify({ token })

Pricing

We will begin charging for M2M token usage starting March 16, 2026. The pricing will be:

$0.001 per token creation
$0.00001 per token verification (opaque tokens only)

For more details, see the M2M tokens documentation and token formats documentation.

Mar 4

Chrome Extension JavaScript SDK support

Category: SDK
Published: Mar 4

The Chrome Extension SDK now supports vanilla JavaScript with createClerkClient(), and deprecates the /background import path.

The @clerk/chrome-extension SDK now fully supports vanilla JavaScript (non-React) usage through createClerkClient() imported from @clerk/chrome-extension/client. A new Chrome Extension JS Quickstart guide is available to help you get started.

`createClerkClient()` for vanilla JS

Use createClerkClient() from @clerk/chrome-extension/client to initialize Clerk in a popup or side panel without React:

src/popup.ts

import { createClerkClient } from '@clerk/chrome-extension/client'

const clerk = createClerkClient({
  publishableKey: process.env.CLERK_PUBLISHABLE_KEY,
})

await clerk.load({
  allowedRedirectProtocols: ['chrome-extension:'],
})

`background` option for `createClerkClient()`

Whether you're using React or vanilla JS, createClerkClient() from @clerk/chrome-extension/client now accepts a background: true option for use in background service workers. This replaces the separate @clerk/chrome-extension/background import.

src/background/index.ts

import { createClerkClient } from '@clerk/chrome-extension/client'

async function getToken() {
  const clerk = await createClerkClient({
    publishableKey: process.env.CLERK_PUBLISHABLE_KEY,
    background: true,
  })

  if (!clerk.session) {
    return null
  }

  return await clerk.session?.getToken()
}

Deprecation: `@clerk/chrome-extension/background`

Importing createClerkClient from @clerk/chrome-extension/background is now deprecated. Both React and vanilla JS extensions should update to import from @clerk/chrome-extension/client with the background: true option instead.

Clerk Changelog