Clerk Changelog

New changelog + much more

Category
Company
Published

Interested in checking out something new from the Clerk team? Well you're looking at it; our fancy new dedicated Changelog

Up until now, we've been using our blog to share regular updates about the latest Clerk feature releases, but that ends today. Going forward we'll use the all-new Clerk changelog to keep you up-to-date with our latest releases. Come for the feature updates, stay for the scrolling comet tail in the sidebar.

Proxying Clerk's Frontend API

Do you dream about setting up a domain within Clerk but you're unable to use CNAMEs or want more control over your integration (Weird dream buddy BUT we're not judging)? We're here to make those dreams a reality with our new proxying capability for our Frontend API. Configure your proxy of choice (like NGINX) to directly talk to our Frontend API and that's it.

This is a particularly useful feature for folks using our multi-domain functionality, as you now don't need to set up DNS records for each of your satellite domains. Head to the docs to learn about more using a proxy in your project - and don't continue to let your dreams be dreams. Clerk believes in you.

Coalescing in your JWT Templates

This next one is likely a crowd pleaser... You're now able to have fallback conditions right inside of your JWT Templates. This reduces the amount of code you have to maintain inside your apps, while also making your templates simpler and more concise. Along with interpolation that was released a few months ago, this was one of the most commonly requested features in JWT Templates.

// an example template
{
  "greeting": "{{ user.full_name || 'Awesome user' }}",
  "verified": "{{ user.has_verified_phone || user.has_verified_email }}",
  "level": "{{ user.public_metadata.level || 9999 }}"
}

// the output from the example template
{
  "greeting": "Awesome user",
  "verified": true,
  "level": 9999
}

Use the || to set default values right inside the JWT template. Have a read through our JWT Template docs to learn more.

Some scheduled maintenance

Our primary database is scheduled for routine maintenance on Tuesday, 23/10/23, at 06:00 AM UTC. The maintenance is expected to last 60 seconds or less. Follow along at status.clerk.com

Other Fixes & improvements

  • We've upgraded our TLS certificates for the Frontend API and Accounts domains to version 1.2
Contributor
Design

This week, we released prefill support for the <SignUp /> and <SignIn /> components, improved SAML account linking, and shipped an update for Remix v2.

Session management Illustration

Prefill Sign Up & Sign In Components

You are now able to prefill email address, username, and phone numbers in the <SignUp /> and <SignIn /> components, either by passing an initialValues prop or by using query strings. Check out the docs to learn more!

Here, we want to build session management in Next.js without using any authentication library to show you what is really happening under the hood.

Improved SAML Account Linking

Users who exist in your account before you enable SAML can now authenticate with your IdP and link an enterprise connection to their account.

Stable Remix v2 Support

The newly released @clerk/remix package introduces stable support for Remix v2, without the need for the V2_ prefixes of “future-flags”. Since this is a breaking change, a major bump was needed (v3) – to get the latest version, use npm i @clerk/remix@latest.

Other Fixes & Improvements

  • Updated Email Blocking so that blocking an email address will also block all its subaddresses
  • Added support in the Clerk Expo Starter for the file-system-based router that was introduced with Expo Router v2
Contributor
Nick Parsons

This week, we shipped an improved account portal, added support for swapping keys in Expo, and shipped several quality-of-life enhancements across the stack.

Account Portals Illustration

Improved Account Portal

Previously known as “Hosted Pages”, the Account Portal gives you an upgraded section in the Clerk Dashboard for much easier configuration for all of your application’s key screens. The Account Portal is also the fastest way to add authentication and user management to your application. We provide fully managed and hosted Sign-in, Sign-up, and User Profile views that live on your domain, so you don’t have to build it all yourself.

Head to the docs to learn about more about the Account Portal and how simple it is to get started.

Other Fixes & Improvements

  • Added support in Clerk Expo for swapping your keys without needing a new build
  • Improved clock skew detection in development
  • Enhanced path ignoring in @clerk/clerk-react to make it more reliable
  • Improved Next.js middleware static file detection
  • Created new OG images for our Docs pages and Blog Posts
Contributor
Nick Parsons

This week, we shipped the ability to add satellite domains to your app and upgraded our org's product with auto-invite & auto-suggestions for admins.

Satellite domains illustration

Satellite Domains

Introducing multi-domain support via the Clerk dashboard. Now you can configure multiple domains under your application – users will only have to sign in once but can access all your properties!

The new Domains page will display information about your instance’s development and production domains; you can even add satellite domains for your instance from the dashboard.

Verified organization domains illustration

Verified Organization Domains

To ensure your users have email addresses that come from your company’s domain, Organization admins can now set an email domain requirement within the Organization.

To set the domain, admins can visit the Organization Settings page in the Dashboard and can also choose between two enrollment modes:

  • Automatic Invitation: Users with a matching email domain receive an invitation to join the organization during sign-up.
  • Automatic Suggestion: Users with a matching email domain receive a suggestion to request to join the Organization. Admins must accept the request before the user is added to the organization.

To support these changes, we have updated the <OrganizationSwitcher /> component to list invitations and suggestions, allowing users to accept them within the app. The <OrganizationProfile /> component has also been updated to enable admins to add and verify domains, and handle organization requests.

Other Fixes & Improvements

  • Improved Organization Invitations: If there are pending organization invitations with a matching email address, they will be associated with the new user. Users can accept these invitations within the app using the <OrganizationSwitcher /> component, instead of relying solely on the email link.
  • Hard limit of 500 Users on Dev Instances: To prevent accidental production use, we've implemented a hard limit of 500 users on dev instances. This ensures clear separation between development and production environments.
Contributor
Nick Parsons

Changelog August 18, 2023

Category
Company
Published

This week we shipped a feature to block sign ups using email subaddressing, new email templates for magic links, and support for repo based config with Remix!

🚫 Block Email Subaddresses

To prevent users from creating multiple accounts, Clerk now offers the ability to block sign-ups that attempt to use email subaddressing aliases. By enabling this new setting, users will be prohibited from signing up with emails that append tags after the base username.

This helps prevent emails like jane@company.com and jane+extra@company.com from being treated as unique addresses, closing an easy workaround for creating multiple accounts and improving integrity across user sign-ups.

The feature can be configured under SettingsUser & AuthenticationRestrictions in the [Clerk Dashboard](https://dashboard.clerk.com.

✨ Other Fixes & Improvements

  • Introduced three distinct email templates for Sign In, Sign Up, and Email Verification when sending Magic Links
  • Implemented support for repo-based config with Remix
  • Added support for [phpass](https://www.openwall.com/phpass password hashing when using the CreateUser endpoint

📅 Events

The Clerk team was excited to attend React Rally this week, and it did not disappoint! We had a Waffle Truck, a 5ft Clerk Jenga, Mario Kart, and, of course, a whole bunch of SWAG 🎁

We hope that you were able to attend and connect with us, as it was not an event to be missed; if not, we can’t wait to see you next year!

📚 Resources

🙌 Community Shoutouts

  • We’re thrilled to sponsor Next.js Boilerplate, a comprehensive starter kit that comes pre-configured with Clerk for authentication, and features such as type checking, linter, code formatting, unit testing, E2E testing, Storybook, Bundler Analyzer, Sitemap, Tailwind CSS, and much more.
  • Congratulations to the team at [Investor Radar](https://www.investorradar.io on their recent launch. Investor Radar is a platform for startups or individuals to get connected with the investor of their dreams, and uses Clerk for authentication.
  • Shoutout to Robert Soriano for seamlessly integrating Clerk with [Vue](https://vuejs.org! His work showcases the power of Clerk's authentication and user management in Vue. Check out the integration at [vue-clerk.vercel.app](https://vue-clerk.vercel.app.
  • A big thank you to Darren Baldwin for open sourcing clerk-rs, an unofficial Rust SDK for Clerk. The SDK just crossed 1.2k+ downloads on crates.io. Thank you for contributing to the Clerk community!

Stay tuned for future updates. If you have feedback or suggestions, leave us feedback on the docs via [Docsly](https://docsly.dev, tweet us at @ClerkDev, or join the Clerk Community on Discord.

Contributor
Nick Parsons

Changelog August 4, 2023

Category
Company
Published

This week we shipped Disposable Email Blocking, Mitigation for Unvalidated Redirect Vulnerabilities, a new JWT template for WunderGraph, and more!

⛔️ Prevent Fake Accounts with Disposable Email Blocking

Clerk now offers the ability to block disposable and temporary emails during sign-up. When this setting is enabled, emails entered during sign-up will be checked in real-time against a frequently updated database of over 160,000 known disposable email providers. If a match is found, the sign-up is blocked to prevent abuse from invalid accounts.

The setting can be enabled on the Settings page of the Clerk Dashboard

✨ Other Fixes & Improvements

  • Enabled the allowedRedirectOrigins prop in Clerk Hosted Pages to mitigate unvalidated redirect vulnerabilities in production instances. With this setting, only same-origin redirects will be allowed from Hosted Pages.
  • Fixed bugs in username sorting logic for the Users and Members tables in the Clerk Dashboard.
  • Added a user.hasImage boolean to Clerk's Frontend API and ClerkJS package. This field indicates whether the user has a profile image and, if they do, whether their profile image was uploaded by the user or was sourced from their connected social provider.
    • This field can, for example, be used to ensure users have a profile image by allowing you to leverage it to build logic and a UI to display a profile image uploader if the user has signed up without a social provider and has not yet added a profile image.
  • Added a new JWT template for WunderGraph in the Integrations section of the Clerk Dashboard.

📅 Events

We're excited to announce that Clerk is sponsoring React Rally in Salt Lake City on August 17th and 18th. If you're planning on attending, let us know – we'd love to meet you! We'll have cookies, swag, and a surprise or two. And if you're not sure, there's still time 😉

Grab your ticket here →

📚 Resources

🙌 Community Shoutouts

Stay tuned for future updates. If you have feedback or suggestions, leave us feedback on the docs via Docsly, tweet us at @ClerkDev, or join the Clerk Community on Discord.

Contributor
Nick Parsons