# Clerk Changelog — Page 16 # Verified domains in Dashboard and in Backend API URL: https://clerk.com/changelog/2025-08-07-verified-domains-dashboard-backend-api.md Date: 2025-08-07 Category: Dashboard Description: Verified domains are now accessible through both the Clerk Dashboard and the Backend API Now you can see all the organization domains your organizations have set up, visit the Dashboard and head to the [Verified Domains tab](https://dashboard.clerk.com/~/organizations?organizations_tab=verified-domains) in the *Organization* section of the Dashboard. ![Verified domains tab](./verified-domains-tab.png) Additionally, you can access this data via [Organization Domains](/docs/reference/backend-api/tag/organization-domains/get/organizations/%7Borganization_id%7D/domains#tag/organization-domains/get/organizations/%7Borganization_id%7D/domains) in the Clerk Backend API. --- # Protection against user enumeration URL: https://clerk.com/changelog/2025-08-07-enumeration-protections.md Date: 2025-08-07 Category: Dashboard Description: Opt in to enhanced protection against user enumeration attacks in the Dashboard At Clerk, our priority is to provide customers with safe, secure, and easy-to-deploy tools for user management and authentication. When it comes to authentication, each stage of the sign in or sign up flow is designed to minimize friction and get people using your application. For example, if a user attempts to sign in with an identifier that does not match an existing account on your Clerk application, we inform the user that this identifier doesn't match an existing account. This immediate feedback fits the expectations of ordinary users, who may not remember how or whether they have signed up for your application. Some of our customers also have a need to protect against [user enumeration](/glossary#user-enumeration) – when a malicious actor takes advantage of the fact that the error message discloses whether an account exists for a given identifier (like an email or phone number) to create a list of all of the accounts that exist within an application. We already offer all our customers protection against such attacks using a variety of rate limiting techniques. However, some customers would prefer to remove the ability to determine whether an account exists entirely. Some examples of apps that might fall in this category are financial institutions concerned about targeted phishing attacks, or any website for which an existing account being associated with a given email or phone number is intended to be private to that user, such as perhaps a dating app. To accommodate these needs, we are excited to announce that a set of enhanced protections against user enumeration attacks can now be enabled in the [Clerk Dashboard](https://dashboard.clerk.com), under the **Attack Protection** page. ![Clerk Dashboard Enumeration Protection feature](./user_enumeration.png) With **Enumeration Protection** enabled, users attempting to sign in or sign up will no longer receive feedback that reveals if their identifier matches an existing account. Instead, they will be advanced to the next stage of the sign in or sign up flow, but attempts to complete the sign in or sign up will be rejected if the account does not exist, in the same way they would be if the credential in the next step, for example, a password, was incorrect. This makes it such that Clerk's response is the same whether or not a user account already exists, enhancing your application's protection against user enumeration attacks. User security is our priority, and we are happy to bring these opt-in, enhanced protections against user enumeration attacks to our customers who need them. --- # Build custom flows with React and Clerk Billing URL: https://clerk.com/changelog/2025-08-06-billing-apis-custom-flows.md Date: 2025-08-06 Category: Billing Description: Five new React hooks that give developers complete control over building custom billing experiences, from plan selection to checkout completion. Building on our recent [billing button components](/changelog/2025-07-24-billing-buttons), we're introducing a set of React hooks that enable you to build fully custom billing flows. These hooks provide direct access to billing data and functionality, giving you complete control over the user experience. ## Control the checkout flow You can now build your own checkout flow with Clerk Billing for both users and organizations. Leverage the [`useCheckout()`](/docs/hooks/use-checkout) hook to create a custom checkout experience. Choose between prompting users to enter their payment details or pay with a saved payment method. Below you can see a simple example of a custom checkout flow that is using the [``](/docs/hooks/use-payment-element) component where users can enter their payment details. ```tsx 'use client' import { CheckoutProvider, useCheckout, PaymentElementProvider, PaymentElement, usePaymentElement, } from '@clerk/nextjs/experimental' export default function CheckoutPage() { return ( ) } function CustomCheckout() { const { checkout } = useCheckout() const { plan } = checkout return (
Subscribe to {plan.name}
) } function PaymentSection() { const { checkout } = useCheckout() const { isConfirming, confirm } = checkout const { isFormReady, submit } = usePaymentElement() const isButtonDisabled = !isFormReady || isConfirming const subscribe = async () => { const { data } = await submit() await confirm(data) } return ( <> Loading payment element...} /> ) } ``` To enable users to pay with a saved payment method, you can use the [`usePaymentMethods()`](/docs/hooks/use-payment-methods) hook to display a list of saved payment methods. ```tsx import { usePaymentMethods } from '@clerk/nextjs/experimental' function PaymentMethodSelector() { const { data: methods, isLoading } = usePaymentMethods() return (

Select Payment Method

{methods?.map((method) => ( ))}
) } ``` ## Design your own pricing table [`usePlans()`](/docs/hooks/use-plans) fetches your instance's configured plans, perfect for building custom pricing tables or plan selection interfaces. ```tsx import { usePlans } from '@clerk/nextjs/experimental' function CustomPricingTable() { const { data: plans, isLoading } = usePlans({ for: 'user', pageSize: 10, }) if (isLoading) return
Loading plans...
return (
{plans?.map((plan) => (

{plan.name}

{plan.description}

{plan.currency} {plan.amountFormatted}/month

    {plan.features.map((feature) => (
  • {feature.name}
    • ))}
))}
) } ``` ## Display subscription details ![Usage of the useSubscription hook](./example-use-subscription.png) Access current subscription details to build custom account management interfaces and display billing status. ```tsx import { useSubscription } from '@clerk/nextjs/experimental' function SubscriptionStatus() { const { data: subscription, isLoading } = useSubscription() if (!subscription) return
No active subscription
return (

Current Plan: {subscription.plan.name}

Status: {subscription.status}

Next billing: {subscription.nextPayment.date.toLocaleDateString()}

) } ``` ## Complete Control Over Billing For detailed documentation, visit: - [`usePlans()`](/docs/hooks/use-plans) - [`usePaymentMethods()`](/docs/hooks/use-payment-methods) - [`useSubscription()`](/docs/hooks/use-subscription) - [`useCheckout()`](/docs/hooks/use-checkout) - [`usePaymentElement()`](/docs/hooks/use-payment-element) For advanced usage examples, visit: - [Checkout with a new payment method](/docs/custom-flows/checkout-new-payment-method) - [Checkout with an existing payment method](/docs/custom-flows/checkout-existing-payment-method) - [Add a new payment method](/docs/custom-flows/add-new-payment-method) > \[!NOTE] > These hooks are currently exported as `experimental` while we continue to refine the API based on developer feedback. --- # Organization permissions are now unlimited URL: https://clerk.com/changelog/2025-08-06-remove-permission-limits.md Date: 2025-08-06 Category: Dashboard Description: Create unlimited permissions within organizations for enhanced flexibility and control over resource access. Previously, organizations were limited to a maximum of 50 permissions, which could be restrictive for complex applications requiring granular access control. This limitation often forced developers to consolidate permissions or find workarounds when building sophisticated authorization systems. **Organizations can now have unlimited permissions**, giving you complete flexibility to model your application's access control exactly as needed. Whether you're building a complex enterprise application with hundreds of different resource types or a multi-tenant SaaS with intricate permission structures, you're no longer constrained by arbitrary limits. --- # Improved resilience with automatic regional failover URL: https://clerk.com/changelog/2025-08-04-regional-failover.md Date: 2025-08-04 Category: Platform Description: Automatic regional failover now protects Clerk from major infrastructure disruptions We’ve made significant improvements to Clerk’s infrastructure to better withstand outages and regional disruptions. As part of our ongoing commitment to reliability and in response to the [June 26th service outage](/blog/postmortem-jun-26-2025-service-outage), we’ve implemented automatic regional failover for critical parts of our system. This enhancement ensures that, in the event of a major disruption in one region, traffic is rerouted to healthy infrastructure in real time, without any manual intervention. This change reduces the risk of widespread service impact during provider-level incidents and brings us closer to our long-term goal of platform-level fault tolerance. We’re not stopping here. We’re actively working on improving the resilience of stateful systems and are exploring strategies for increased redundancy across providers. Our goal is simple: to keep Clerk highly available and dependable even when the unexpected happens. --- # MCP Server Support for Express URL: https://clerk.com/changelog/2025-07-29-express-mcp.md Date: 2025-07-29 Category: Product Description: Build an MCP service into your application with Clerk and Express.js in 5 minutes We're excited to announce server-side support for the [Model Context Protocol](https://modelcontextprotocol.io/introduction) (MCP) in Express.js applications using Clerk authentication. This enables your users to securely grant AI applications like Claude, Cursor, and others access to their data within your app. ## Getting Started Setting up an MCP server in your Express app is straightforward with [Clerk's modern OAuth provider implementation](/changelog/2025-06-13-oauth-improvements). Here's the entire implementation, within a single file in about 50 lines of code: ```tsx import 'dotenv/config' import { clerkClient, clerkMiddleware } from '@clerk/express' import { mcpAuthClerk, protectedResourceHandlerClerk, streamableHttpHandler, authServerMetadataHandlerClerk, } from '@clerk/mcp-tools/express' import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js' import cors from 'cors' import express from 'express' const app = express() app.use(cors({ exposedHeaders: ['WWW-Authenticate'] })) app.use(clerkMiddleware()) app.use(express.json()) const server = new McpServer({ name: 'test-server', version: '0.0.1', }) server.tool( 'get_clerk_user_data', 'Gets data about the Clerk user that authorized this request', {}, async (_, { authInfo }) => { const userId = authInfo!.extra!.userId! as string const userData = await clerkClient.users.getUser(userId) return { content: [{ type: 'text', text: JSON.stringify(userData) }], } }, ) app.post('/mcp', mcpAuthClerk, streamableHttpHandler(server)) app.get( '/.well-known/oauth-protected-resource/mcp', protectedResourceHandlerClerk({ scopes_supported: ['email', 'profile'] }), ) app.get('/.well-known/oauth-authorization-server', authServerMetadataHandlerClerk) app.listen(3000, () => { console.log('Server running on port 3000') }) ``` A full reference implementation is available and open source [on GitHub](https://github.com/clerk/mcp-express-example) if you'd like to test it out. > \[!NOTE] > OAuth tokens are machine tokens. Machine token usage is free during our public beta period but will be subject to pricing once generally available. Pricing is expected to be competitive and below market averages. ## Connecting AI Tools Once your MCP server is running, connecting it to AI tools is straightforward. For example, with Cursor, you can add this configuration: ```json { "mcpServers": { "clerk-mcp-example": { "url": "http://localhost:3000/mcp" } } } ``` That's it — no `stdio` tools, command execution, or additional software installation required. Just provide the URL and authentication is handled automatically through the MCP protocol. For a complete guide on testing your MCP server with various AI clients, check out our [MCP client integration guide](/docs/mcp/connect-mcp-client). ## What's Next Clerk's [OAuth provider](/changelog/2025-06-13-oauth-improvements) offers support for the MCP protocol with any framework, but MCP is still a new standard, it's changing quickly, and support and implementation can vary across different clients and frameworks, which often makes implementation tricky. For this reason, we are creating end-to-end working examples and [helpful utilities](https://github.com/clerk/mcp-tools) for each framework that we plan to steadily release over time. We recently released [an MCP implementation for Next.js](/changelog/2025-06-25-mcp-server-nextjs), and we will continue to roll out examples and guides for other frameworks in the coming months. We're excited to see what new AI-powered experiences you'll build with MCP and Clerk. If you have feedback or questions, we'd love to hear from you!