# Clerk Changelog — Page 10 # Use existing Stripe account for Clerk Billing URL: https://clerk.com/changelog/2025-11-14-clerk-billing-existing-stripe-accounts.md Date: 2025-11-14 Category: Billing Description: Clerk Billing now supports linking an existing Stripe account. You can now link and use an existing Stripe account for Clerk Billing, as long as the account is not associated with another platform. Head to your [billing settings](https://dashboard.clerk.com/~/billing/settings) in the Clerk Dashboard to get started today. --- # Introducing Client Trust: Clerk’s free credential stuffing killer URL: https://clerk.com/changelog/2025-11-14-client-trust-credential-stuffing-killer.md Date: 2025-11-14 Category: Security Description: Last Friday, Troy Hunt shared that [625 million never-before-leaked passwords](https://www.troyhunt.com/2-billion-email-addresses-were-exposed-and-we-indexed-them-all-in-have-i-been-pwned/) had been added to Have I Been Pwned, the password leak detection service. The update brought relief to our team at Clerk, which had been fighting [credential stuffing attacks](/glossary/credential-stuffing) for the two weeks prior. Attackers were attempting to test millions of stolen passwords in quick bursts, with seemingly endless rotating IPs and TLS fingerprints to slip past rate limiters. While we were able to mitigate the vast majority of the attack, leaks of this scale mean that even 99.9% effectiveness isn’t enough. So we decided to kill credential stuffing for good, with a mechanism we’re calling Client Trust. ## Introducing Client Trust **Client Trust** is Clerk’s new defense against credential stuffing. It works by treating every new device as untrusted until the user has signed in on it. ![Client Trust Flow](./ClientTrustFlow.png) Here’s what that means in practice: 1. If a user enters a **valid password** 2. and **hasn’t enabled two-factor authentication** 3. and is signing in from a **new client (device)** Then Clerk will **automatically require a second factor,** with either a one-time passcode or a magic link, depending on the application’s settings. That’s it. No extra configuration and no guesswork. Just automatic protection from day one. ## Security that adapts to reality We know that developers don’t want to choose between user experience and security. Client Trust is designed to make that trade-off obsolete. It’s invisible when it should be, and decisive when it must be. No more leaked-password panics. No more hoping users turned on 2FA. With Client Trust, your users are protected even when their password is included in a 0-day credential leak. ## Free for everyone Client Trust is included in all Clerk plans, and automatically enabled for new applications. Existing applications must enable the update manually from the [Updates page of the dashboard](https://dashboard.clerk.com/~/updates). For most customers, it’s available as one-click update. --- # Update billing plan prices URL: https://clerk.com/changelog/2025-11-13-billing-plan-price-updates.md Date: 2025-11-13 Category: Billing Description: You can now update billing plan prices even when the plan has active paid subscriptions. ## What changed? Previously, when a billing plan had active paid subscriptions, the price fields in the dashboard were disabled and couldn't be modified. This was a protective measure to prevent accidental changes that could affect existing subscribers. With this update, you now have full control over your plan pricing, regardless of subscription status. ## How pricing updates work When you update the price of a plan with active subscriptions: - **Existing subscriptions** continue at their current price - **New subscriptions** use the updated pricing immediately We're working on additional functionality that will give you even more control over pricing updates. In a future release, you'll be able to automatically transition existing subscriptions to updated pricing at their next billing date. ## How to update plan prices To update pricing for an active plan: 1. Navigate to [Subscription plans](https://dashboard.clerk.com/~/billing/plans) in your Clerk dashboard 2. Select the plan you want to modify 3. Update the price fields 4. Save your changes --- # Native Sign in with Apple for Expo URL: https://clerk.com/changelog/2025-11-13-native-sign-in-with-apple-expo.md Date: 2025-11-13 Category: SDK Description: The Clerk Expo SDK now supports native Sign in with Apple, providing a seamless authentication experience for iOS users. Clerk's Expo SDK now includes native Sign in with Apple support, allowing iOS users to authenticate using their Apple ID directly within your Expo applications. This integration provides a streamlined, privacy-focused authentication method that meets Apple's requirements for apps offering third-party sign-in options. ## Native integration benefits Unlike web-based OAuth flows, the native Sign in with Apple implementation offers: - **Faster authentication** - No browser redirects or context switching - **Better user experience** - Native iOS UI that users recognize and trust - **Privacy features** - Support for Apple's Hide My Email functionality - **App Store compliance** - Meets Apple's guidelines for apps with social login ## Getting started To enable Sign in with Apple in your Expo app, configure the OAuth provider in your Clerk Dashboard and add the authentication strategy to your sign-in flow. The SDK handles the native integration automatically on iOS devices, falling back to web-based flows on other platforms For detailed setup instructions and implementation guidance, check out the [Expo OAuth documentation](/docs/references/expo/overview) or the [Integration Guide](/docs/expo/guides/configure/auth-strategies/sign-in-with-apple) --- # PKCE support for custom OAuth providers URL: https://clerk.com/changelog/2025-11-12-pkce-support-custom-oauth.md Date: 2025-11-12 Category: Dashboard Description: Custom OIDC providers and custom social connections now support PKCE for enhanced security in native and mobile applications. ![PKCE toggle in custom OAuth provider settings](./pkce-toggle.png) You can now enable PKCE (Proof Key for Code Exchange) when configuring custom OIDC providers and custom social connections. This enhancement provides better security for applications that cannot securely store client secrets. ## What is PKCE? PKCE is a security extension to the OAuth 2.0 Authorization Code flow. It was originally designed for public clients like mobile and native applications, but is now recommended for all OAuth 2.0 clients as a best practice. Instead of relying on a static client secret, PKCE creates a cryptographically random secret for each authorization request. This means even if an authorization code is intercepted, it cannot be exchanged for tokens without the original secret. ## When to use PKCE Enable PKCE for: - **Native and mobile apps** - These applications cannot securely store client secrets since their code can be reverse-engineered - **Single-page applications (SPAs)** - Modern best practice recommends PKCE for browser-based apps - **Any public client** - Applications where the source code is accessible to end users ## How to enable To enable PKCE for your custom OAuth provider: 1. Navigate to [SSO connections](https://dashboard.clerk.com/~/user-authentication/sso-connections) in your Clerk Dashboard 2. Select your custom OIDC provider or custom social connection 3. Enable the **Use PKCE** toggle in the Connection tab 4. Save your changes Once enabled, Clerk will automatically use the Authorization Code with PKCE flow for authentication with that provider. --- # API Version 2025-11-10 URL: https://clerk.com/changelog/2025-11-10-billing-new-api-version.md Date: 2025-11-10 Category: Billing Description: New API Version available with Clerk Billing updates ### What’s New #### Billing API Redesign - Introduces a new `/billing` path to replace the legacy `/commerce` endpoints for all billing-related functionality. - Billing amounts are now represented using structured **Fee objects** instead of top-level fields. - More details: [Guide to Upgrading Your API Version](https://clerk.com/docs/guides/development/upgrading/upgrade-guides/2025-11-10) ### Overview of Breaking Changes More details can be found in the upgrade guide linked above. | Area | Description | Migration Notes | | --------------- | --------------------------------------------------------- | ---------------------------------------------------------------------------- | | Field Rename | `payment_source` → `payment_method` | Update all integrations and payload references to use `payment_method`. | | Payload Change | Removed top-level `amounts` fields in the `plans` payload | All amount-related info is now structured via associated **Fee** objects. | | Endpoint Change | `/commerce/*` endpoints have been renamed | Use `/billing` endpoints instead. `/commerce` will be removed **over time**. | > \[!NOTE] > We strongly recommend upgrading to version `2025-11-10` as soon as possible to ensure new billing features work as expected. > To see which SDK versions support it, [click here](https://clerk.com/docs/guides/development/upgrading/versioning#2025-11-10).