Clerk Changelog

SAML Enterprise Connections are now Generally Available

You may have heard this was coming when we shared our notice in February that SAML Enterprise Connections were exiting Beta. Well... today is the day. Thank you to all of the customers who participated in the Beta and helped harden this functionality 🎉.

But like Steve Jobs often said, there's one more thing...

IdP Initiated SSO is here

Along with the GA, we're also releasing IdP-initiated SSO. This means your customers can now use their IdP of choice (Google Workspace, Microsoft AD, Okta, etc) to initiate sign ins, instead of having to start at your app's Sign In views.

While this can be a major quality of life upgrade for your users who already use their IdP's for their other applications, it's important to weigh the risks of IdP-intiated SSO for your application.

If you think your users would be interested in this, have a peek at our IdP-initiated flow docs.

A few more things...

Apologies. I said one more thing but I guess I meant, a few more things. I got caught up in the moment 🙇.

In addition to the GA and the IdP-initiated feature release, we also made some quality-of-life improvements to the Dashboard when configuring Enterprise Connections. The new updates make it less error prone and more intuitive to provision the different providers, and improve the overall developer experience.

Alongside the GA we also released a few specific tutorials that cover setting up SAML Enterprise Connections for Azure, Google Workspace, and Okta.

If you haven't taken a look at Enterprise Connections⁠ in a bit, we encourage you to take another look!

Install the package

To get up and running with Clerk and Astro, start by installing the astro-clerk-auth and @astrojs/node packages:

npm i astro-clerk-auth @astrojs/node

Add environment variables

Before you start using the Clerk integration, you'll first need to set the following environment variables:

PUBLIC_ASTRO_APP_CLERK_PUBLISHABLE_KEY=<your-publishable-key>
CLERK_SECRET_KEY=<your-secret-key>

PUBLIC_ASTRO_APP_CLERK_SIGN_IN_URL=/sign-in
PUBLIC_ASTRO_APP_CLERK_SIGN_UP_URL=/sign-up

Extend the types

Update the env.d.ts file inside your Astro project:

/// <reference types="astro/client" />
/// <reference types="astro-clerk-auth/env" />

Add the Clerk integration

Open astro.config.mjs file and add the clerk() integration, and set the output to server:

import { defineConfig } from 'astro/config'
import node from '@astrojs/node'
import clerk from 'astro-clerk-auth'

export default defineConfig({
  integrations: [clerk()],
  output: 'server',
  adapter: node({
    mode: 'standalone',
  }),
})

Use the middleware

This example showcases how to use the clerkMiddleware and the createRouteMatcher in Astro:

import { clerkMiddleware, createRouteMatcher } from 'astro-clerk-auth/server'

const isProtectedPage = createRouteMatcher(['/user(.*)'])

export const onRequest = clerkMiddleware((auth, context, next) => {
  if (isProtectedPage(context.request) && !auth().userId) {
    return auth().redirectToSignIn()
  }

  return next()
})

Use the components

The package exports the Clerk prebuilt UI components as Astro components and can be used anywhere inside the website:

---
import { SignedIn, SignedOut } from 'astro-clerk-auth/components/control'
import { UserButton, SignIn } from 'astro-clerk-auth/components/interactive'
---

<Layout title="Welcome to Astro + Clerk">
  <SignedIn>
    <UserButton />
  </SignedIn>

  <SignedOut>
    <SignIn routing="hash" />
  </SignedOut>
</Layout>

Congratulations, you have secured your Astro website with Clerk!

To learn more, check out the repo on GitHub⁠.

We've been working extremely hard to deliver (to you and your users) an improved overall experience with Clerk. In service of that, we've done some tidying up and are also rolling out some of our most highly requested SDK features.

Refreshed UI Components

Clerk SDKs included in the Core 2 release ship with improved design and UX on all of our UI components. Our new designs are the right starting point for any app. We continually strive to deliver a best-in-class collection of drop-in UI components that you can trust will get the job done for your users, so you can focus on building.

As always, if your app has custom needs, you can leverage our appearance prop, or use our hooks to fully customize your app's authentication experience.

New default middleware for Next.js

We've heard your feedback, and we've re-implemented our middleware helpers for Next.js. In Core 2, our middleware now defaults to not protecting any routes (previously it was the opposite). Going forward, you specify which routes you'd like to protect. You felt it made more sense to selectively configure your route protection, and we agree.

Additionally, the middleware bundle generated during build is now just 38kb instead of 150kb. This significantly reduces bundle size for better performance.

The new middleware is called clerkMiddleware, and you can read all about it in the docs and upgrade guide. Here's an example of how you'd protect all routes under /dashboard:

// middleware.ts
import { clerkMiddleware, createRouteMatcher } from '@clerk/nextjs/server'

const isProtectedRoute = createRouteMatcher(['/dashboard(.*)'])

export default clerkMiddleware((auth, request) => {
  if (isProtectedRoute(request)) auth().protect()
})

export const config = {
  matcher: ['/((?!.+\\.[\\w]+$|_next).*)', '/', '/(api|trpc)(.*)'],
}

No more white flash for your users

Previously, we went to great lengths behind the scenes to synchronize your app's auth state client-side. This approach (unaffectionately called Interstitial internally at Clerk) often led to a sub-optimal experience where end users were shown a brief white flash while we sorted through the exchange.

Over the last few months, we've fully re-imagined our underlying session syncing logic (now affectionately called 🤝 Handshake internally) to no longer require client-side Javascript. The end result? 2x-5x faster execution (depending on the environment, your device, and the network) and lower latency for your end-users.

No more 401s. No more white flash. No more infinite redirects. A considerably snappier experience.

A whole lot of house cleaning

As Clerk has matured, so have our SDKs – and leading into v4 we were carrying around a considerable amount of technical debt. This release, Core 2, drops quite a bit of that debt, by way of simplifying internal logic and dropping previously deprecated functionality.

As an example, SDKs included in Core 2 will require you to use at least Node.js 18.17.0, React 18, and Next.js 13.0.4 or later. This allowed us to remove polyfills, compatibility layers, and complex logic that made it easier to introduce bugs.

Read the Core 2 migration guide to get all the details.

A CLI tool to help you upgrade

We know dealing with any major release for a piece of your underlying infrastructure, like auth, can be challenging. You just want to get back to building the core functionality of your app – we get it.

To aid you in this upgrade, we've built a CLI tool called @clerk/upgrade⁠ that scans your codebase and guides you step-by-step in upgrading to Core 2. No upgrade is ever perfect, but we're committed to getting you on to the latest and greatest, and back to shipping 🚀

Get started with Core 2 Beta

Want to get started with your upgrade process? Head over to our Core 2 migration guide, or you can start fresh with one of our quickstart guides. If you need help, please contact support or join the Clerk Community on Discord⁠.

This release is still a beta and we do not recommend deploying it to production, but we do expect a stable release soon. Your feedback⁠ during the beta phase is enormously valuable for ensuring a smooth, stable rollout.

Happy coding ✌️

If you're one of the many businesses that have contacted us about GDPR compliance, you may be pleased with our latest announcement...

Clerk is now self-certified under the Data Privacy Framework (DPF)⁠.

What does that mean? Well, I thought you'd never ask... The DPF website describes⁠ it as:

If that's too many acronyms for you, you're not alone. Compliance is complicated. In plainer terms, certification under the DPF is a way for a US business like Clerk to transfer and store an EU citizen's personal data in a way that is in accordance with GDPR.

At Clerk, we're on a mission to make compliance more accessible for you and your customers. And while the governing regulations are continually shifting under our feet; by self-certifying under the DPF, we're following the path of some of many other leading US-based SaaS businesses (like Stripe⁠, Github⁠, and Auth0⁠). We look at this as an important milestone in our compliance story, and we expect to continue to make more strides in this area as Clerk continues to grow.

If you're the type, have a peek at our updated Privacy Policy and the associated Data Privacy Framework Notice.

Another privacy related note...

In the past, it had been popular to display a user's full name and profile picture while signing in as a means to help drive better conversion. However, this practice is no longer recommended due to the rise of privacy regulations like GDPR and CCPA. Going forward we've made a change to our API to limit the amount of data we return before a user is signed in. While limiting this data will be default going forward, pre-existing instances have the ability to opt-in to this recommended security measure by heading to our Attack Protection⁠ page in the Clerk Dashboard.

Want to know an interesting fact? Clerk's backends are written in Golang and the backend that powers our Dashboard⁠ experience is a heavy consumer of our open-source Clerk Go SDK.

By dogfooding our own SDKs day-to-day, we're able to more readily identify the places where they fall short or don't keep pace with our core product.

Today, we're proud to release the beta version of Clerk Go SDK v2⁠ that we feel is not only more feature complete and better structured - but offers a better overall developer experience for building your apps (and ours too 😉).

We're going to take a bit more time in beta before the proper release but we wanted to share it with you now. We'd love for you to try the beta and share your feedback⁠.

You can also read more about in more detail below:

• Go SDK Docs
• pkg.go.dev Docs⁠
• v2 Upgrade guide⁠
• Clerk's Backend API

For customers who have had to live with that little Beta tag in the Dashboard for too long, we're getting ready to make an exciting announcement. On April 1st, Clerk's SAML offering will be leaving Beta and will be entering GA (General Availabilty).

To make sure we give customers a heads up before making this change, we're posting this initial notice 5 weeks ahead of time, in addition to emailing all customers with active SAML connections.

Below is an FAQ meant to answer some of your questions that may arise, but please reach out to support@clerk.dev if you have any specific questions...

FAQ

How come SAML Enterprise Connections are exiting Beta?

We've been working hard with a collection of early customers to ensure that our SAML functionality is professional grade. By hardening our solution slowly over time alongside customers, we finally feel our SAML feature is ready to offer as a paid Clerk offering.

My app uses SAML Enterprise Connections. When it goes GA, do I need to do anything for it to still work?

No. Your application will continue to work as it has previously. However we've recently added some new SAML-related functionality, such as IdP initiated flows that you may want to take a peek at.

How will this affect my monthly costs?

During the beta period, we did not charge for SAML connections.

Starting April 1st, 2024 customers with active SAML Connections on their Production Clerk apps will be charged $50 per month / per connection. You will not be charged for connections in your Clerk Development environment.

To view your existing SAML connections, head to Enterprise Connections⁠ in the Clerk Dashboard.

Please contact sales@clerk.dev if you're interested in discussing bulk discounts or have other pricing related questions.