Clerk Changelog

Changelog July 8, 2022

Category
Company
Published

Next.js 12.2, Emails with high deliverability, Sign in with Line, Odds and ends.

Next.js 12.2

We've upgraded our @clerk/nextjs package to support Next.js 12.2, Make sure you're on version 3.7.1 or greater.

Thanks to the contributors: Peter Perlepes

Emails w/ High Deliverability

We're testing out a new email flow. Our core verification emails are sent through Sendgrid, from your domain. Even though we follow all of the best practices, there are a few things we can't account for that still causes some verification/sign-in emails to go to spam.

For people having trouble, this new email flow should solve your problems:

  • Emails are sent from Postmark.
  • Emails are sent from verifications@clerk.dev
  • Will only send OTP verifications, since these have historically had less deliverability issues.

If you're having issues, send us an email at support@clerk.dev to enable.

Thanks to the contributors: Agis Anastasopoulos

Sign in with Line

Allow your users to sign in via Line https://line.me/en/

Thanks to the contributors: Haris Chaniotakis

Backend API updates

  • Custom Session Token - Clerk automatically keeps session tokens alive, now you can customize what data goes into these tokens. Previously, this was only possible by creating a custom JWT template, and sending it to your backend manually.
  • Filter invitations by status

Thanks to the contributors: Giannis Katsanos, Agis Anastasopoulos

Contributor
Braden Sidoti

Changelog July 1, 2022

Category
Company
Published

Organizations, "verify after sign up", and big email upgrades.

Organizations

We've officially launched V1 of our Organizations product! It's been stress tested by a bunch of design partners over the past couple weeks (thank you for your help!), and we're really excited to finally get open up this functionality publically.

Supporting "organization auth" comes with a number of challenges that exist both in the frontend and backend. Clerk makes all of this simple by giving you easy-to-use react hooks, and the perfect "Organization abstraction" I've you're building a B2B SaaS, an internal tool, or any sort of app with user-grouping, your life just got a whole lot easier. Our initial

  • The Organization object
  • Role Based Access Control
  • Invitation flows
  • SAML is coming soon!

https://clerk.com/docs/organizations/overview

(Note: Clerk's organizations functionality works great with the Open Source use-stripe-subscription package we created. It gives you the majority of the building blocks you need for a complete SaaS!)

Thanks to the contributors: Alex Ntousias, Giannis Katsanos, Peter Perlepes

Verify after sign up

This has oddly been one of our most sought-after features, and it's finally here. In most cases, you don't need to verify your users email addresses or phone numbers right at sign up. You want to get users in your app as quickly as possible, and then asynchronously verify them.

One of the best implementations of this we've seen are the masters over at Stripe:

And now, you can easily recreate this onboarding flow simply by turning it on in the dashboard!

Thanks to the contributors: Haris Chaniotakis

Email upgrades

1. Metadata in emails

You can now include user and organization metadata directly in your email templates. This gives you the ability to personal verification and invitation emails to a much higher degree.

Note: The following features didn't quite make the Friday deadline, but they will be out first thing Monday!

2. Customizable "from name"

In order to ensure deliverability, you should be sending your emails from an email address that actually exists. Because we send emails from your domain i.e. notifications@example.com, you can now also change the "from name" portion, so that it maps to an acutal email account. (i.e. support@example.com)

3. BYO Email/SMS provider

Additionally, if you don't want Clerk to deliver your emails at all, and you'd rather do it yourself -- you can turn off "Delivered by Clerk", and listen to the new "email.created" and "sms.created" webhooks. You will even receive the templated emails, so all you have to do is pass along the subject/body to your provider! You can also just use the raw-data and create your own custom email using this approach.

4. "High Deliverability emails" (coming soon)

It's always frustrating when an email isn't delivered properly. One part of email deliverability is "Domain reputation", and when building a new project, you usually have a new domain with negative reputation. It takes time to build up that reputation so GMail and MS Outlook (and others) don't send your verification and invitation emails to the dreaded "Promotions" tab, or even worse, to spam.

In order to alleviate this, we'll optionally allow verification and invitaiton emails to be sent from "@clerk.dev", which has a bullet-proof reputation because it sends a lot of verification emails, and it only sends verification emails. This will make it so your verification/invitations always land in your users inbox.

Thanks to the contributors: Mark Pitsilos

Contributor
Braden Sidoti

Changelog June 10, 2022

Category
Company
Published

Side-by-side Web2 & Web3 auth, strict sign up requirements, brand new documentation, use-stripe-subscription, inaugural weekly office hours

Side-by-side Web2 & Web3 auth

Until this week, our support for Web3 has been all-or-nothing. You couldn't configure an application to have both Web3 authentication factors and Web2 authentication factors.

Now, developers can enable any combination of Web2 and Web3 they like, from the moment they create a new application:

This has been the top requested feature for Web3 applications since we originally launched support. Now that it's complete, it clears the way for us to begin adding additional wallet support.

Thanks to the contributors: Agis Anastasopoulos, Mark Pitsilos, Haris Chaniotakis

Strict sign-up requirements

This week we added an explicit "Required" toggle to four user management settings:

  1. Email address
  2. Phone number
  3. Username
  4. Name (First and Last)

Previously, we assumed what developers wanted as strictly required based on their other choices in the dashboard.

Critically, when users signed up with any Social Login vendor in the past, every other user attribute was considered optional. With this assumption, we found there were edge cases where this behavior wasn't necessarily desirable.

The most common edge-case comes from Social Login providers like Facebook, which do not necessarily return an email address from the oauth process. 99% of Facebook users will return an email address, but the other 1% will only return a phone number. For this 1% of cases, should Clerk prompt the user for an email address, or should we let them proceed without one?

With our new dashboard settings, we no longer need to guess!

Thanks to the contributors: Agis Anastasopoulos, Mark Pitsilos, Haris Chaniotakis

Brand new documentation

The past several weeks we've been scouring historical support requests to learn how we can better write and organize our documentation.

We launched brand new documentation to better support developers. There's a new organization to make content more discoverable, and a ton of new writing to surface things that were missing.

Thanks to the contributors: Ian McPhail, Marcel Cruz, Charles Wefso, Braden Sidoti

use-stripe-subscription

We launched use-stripe-subscription to make it easier for React developers to implement Stripe Billing. This open source package will serve as the foundation of our eventual Stripe integration, which is slated to launch in Q3.

We also wrote a blog post about our experience refactoring Stripe's API for frontend access.

Thanks to the contributors: Colin Sidoti, Braden Sidoti

Inaugural weekly office hours

We held our first weekly office hours this week! We had a great time on Twitch fielding questions from the audience, sharing more about roadmap, and discussing technology trends a bit more colloquially.

The exact time for office hours will likely float from week to week. The best way to learn the time is to follow our Twitter.

Thanks to the contributors: Ian McPhail, Colin Sidoti

Contributor
Colin Sidoti

Changelog June 17, 2022

Category
Company
Published

Updated pricing, Organizations hooks, AppSync support

Updated pricing

With the upcoming release of Organizations, we'll also be updating our pricing. If you're not using organizations, and would like to be on our legacy pricing plan, you should upgrade by the end of next week. Existing applications will be grandfathered into their current pricing plan.

Review our new pricing plans here:

https://clerk.com/pricing

Thanks to the contributors: Braden Sidoti, Colin Sidoti

useOrganization()

We've finalized our organizations feature set, with the addition of the easy-to-use React hooks useOrganization() & useOrganizationList(). Updated docs live!

https://clerk.com/docs/organizations/overview

The official release will come sometime next week.

Thanks to the contributors: Peter Perlepes

AWS AppSync support

You can now seamlessly authorize requests on AWS AppSync using the "openid-connect-authorization flow".

https://docs.aws.amazon.com/appsync/latest/devguide/security-authz.html#openid-connect-authorization

Thanks to the contributors: Sokratis Vidros

Weekly office hours

This upcoming week we will be holding our second office hours. Come join us on Thursday to chat about the future of authentication!

The exact time will likely be posted soon. The best way to learn the time is to follow our Twitter.

Thanks to the contributors: Ian McPhail, Braden Sidoti

Contributor
Braden Sidoti

Changelog June 3, 2022

Category
Company
Published

Embeddable Magic Links, E2E Testing, The New Wave Remix Stack. Updated pricing coming soon.

While these were always possible, we've released detailed documentation on how to make them happen. Embedding magic links into welcome emails, customer promotions, and many other use cases can increase user engagement dramatically.

https://clerk.com/docs/how-to/embeddable-magic-links

E2E Testing with Clerk

We've made it easier to create end to end tests with Clerk, specifically for Email and SMS OTPs. Use reserved email addresses and phone numbers to bypass sending emails/SMSs, using a static verification value

https://clerk.com/docs/how-to/e2e-testing

The New Wave Remix Stack

On the heels of the Remix Conf, we've created the New Wave Remix Stack! Remix Stacks are a great way to jump start your application process. The New Wave Stack includes Clerk, Fauna, and Netlify.

Updated pricing coming soon

This upcoming week we'll be updating our pricing and introducing a new "Hobby" and "Business" plan. Existing customers will be grandfathered into the current plans.

Big announcements coming soon. Stay tuned!

Contributor
Braden Sidoti

Changelog May 27, 2022

Category
Company
Published

Discover the latest updates including our public roadmap launch, resilience enhancements, and advanced bot detection upgrades.

Public Roadmap

This week we launched a public roadmap. It contains a rough estimate of when we expect to start and release new projects. Although it's not guaranteed, it's a good glimpse into how we expect the weeks, months, and quarters ahead to unfold.

Resilience upgrades

Out with the old, in with the new! We were nearing capacity for some of our infrastructure and needed to upgrade.

The upgrades successfully deployed with zero downtime!

Bot detection upgrades

Over the weekend, we detected an unusual spike in bot activity associated with SMS verifications. We worked with Twilio to determine that this attack was "toll fraud" - where attackers are able to steal money by receiving SMS messages.

We've upgraded our systems to detect and put a stop to the suspicious behavior. Though this attack did not manifest in downtime or security issues, the impacted customers were notified and will not be charged for SMS overruns.

Contributor
Colin Sidoti