Clerk Changelog

As we begin the holiday season, we're happy to be releasing some of our biggest projects of the quarter. Today's launch is in response to dozens of customer requests for greater customization capabilities.

Customizable email and SMS templates

You can now customize the email and SMS communications sent as part of sign-up and sign-in. Try it from the Customization tab of your dashboard today!

This feature allows you to ensure that the styling and tone of communications is perfectly in-line with your brand. Plus, the email editor can be used in both HTML and WYSIWYG modes, to provide a seamless editing experience regardless of your preference.

Customization capabilities remain a core focus at Clerk and many more are on the roadmap. We're eager to continue making improvements throughout 2022. Have a request? Drop us a line.

Dashboard launch!

Our new dashboard is officially out of beta!

Many thanks to our customers who participated in the beta and helped us iron out the last few wrinkles. Besides the updated design, we're thrilled with our new technology stack that will enable even faster innovation.

<SignInButton> and <SignUpButton> utilities

Our React and Next.js SDKs now expose <SignUpButton> and <SignInButton> utilities. They can be used to link to the sign-in and sign-up pages, or to open the sign-in and sign-up modals.

Check out our <SignInButton> documentation and our <SignUpButton> documentation.

Hopefully everyone is well-rested after all the turkey, traveling, and family this past week/end! We took a few days to recover, but we're still going strong with our mission to build the best authentication platform out there.

React Native, including Expo support

Building a mobile app? Consider Expo and React Native. Clerk + Expo is officially the easiest way to build authentication across modern Web stacks, and now Mobile apps.

Mobile applications are a big part of the world now a days, and 2022 will see even more support for Swift, Kotlin, etc.

Invitations, plus Allowlist upgrades

Big feature realease! You can now easily invite users to your application. Although seemingly small, this feature unlocks a lot of new capabilities, and is the start of our B2B feature set ;)

As part of this release, we've also made some improvements to Clerk's allowlist. You can now include regex in the list, to make it easy to onboard entire domains.

Community Highlight

Shoutout to Scott and his great application https://www.phonetoroam.com, for putting this blog post together about his experience migrating Phone To Roam to Clerk, we couldn't have said it better ourselves...

And this choice quotes that stood out: "Got it thanks! Was able successfully get signup and login working, much easier than auth0 :)"

Dashboard improvements... but still in beta

A lot of folks have had a chance to play with our new dashboard, and they've helpfully uncovered some bugs and minor issues. However, we also received an overwhelming amount of positive feedback on the design and clarity! Poised to go GA sometime next week.

---

until next time space cowboy...

Happy American Thanksgiving! While our US team was off the later half of this week, our global team continued to push out some excellent improvements to Clerk.

Rolling sessions

We now have two session lifetime settings: Inactivity timeout and Maximum lifetime. You can configure your application to use either one, or both.

Inactivity timeout sets how long a user can be inactive before they are logged out, which enables you to set a "rolling" lifetime as long as the user remains active.

Maximum lifetime sets how long a session can last, regardless of activity.

New dashboard beta

We've launched the beta of our new dashboard at dashboard.clerk.com.

During the redesign we put a strong emphasis on organization. Some developers were having a hard time finding the appropriate settings pages in our original dashboard, and we've worked to address those challenges in this update.

Also, our new architecture allows for more rapid development going forward, enabling us to bring new features even faster.

We're still updating screenshots in our documentation to reflect the new dashboard, but we expect to transition completely in the coming weeks.

Rename Return-Path CNAME

To deploy Clerk in production, you must set a few CNAMEs in your DNS that allow us to deliver emails with both SPF and DKIM verification. One of those CNAMEs is for the Return-Path header in the emails.

Previously, the default CNAME was for mail.yourdomain.com, which understandably hit a few collisions. Going forward, the default CNAME is clkmail.yourdomain.com. This is not a user-facing change, it just makes Clerk less likely to conflict with other services you might be using.

Existing production applications still work with mail.yourdomain.com, but please contact support if you'd like to migrate to a different subdomain.

Magic Link API and documentation

We launched email magic link support a few weeks ago for our components, but a few aspects of the API had not been finalized yet. We have now released the API for publicly for developers to build their own magic link flow.

From an API perspective, magic links are our most complex authentication factor, particularly because we do not know if the user will click the magic link from the same device they used to initiate the flow. We provide helpers so developers detect and show different screens depending on the if the link was clicked from the same device or a different one.

Check out the magic link custom flow documentation.

Session token validation documentation

Although we don't have SDKs for every backend language yet, Clerk's session tokens for authentication use standard JWTs, which makes it easy to build your own. Check out our new documentation on validating session tokens.

Twitch SSO support

We added support for another OAuth SSO vendor: Twitch. You can toggle switch on from your dashboard.

New OAuth SSO information page

In addition to building support for Twitch, we've added a new informational page that shares the benefits of using Clerk for OAuth SSO. We love SSO because it's the fastest overall authentication solution we offer, and unsurprisingly considering it's speed, it's also preferred by the majority of users.

Learn more about why we recommend SSO.

Magic links have launched!

And they're the new default. Users signing up will now verify their email address by magic link instead of one-time passwords. Users will also receive magic links during sign if your application uses passwordless authentication, or if they forget their password if your application uses password-based authentication.

The decision to change the default was made after a few weeks testing magic links for our own dashboard. We learned that on average, users are able to sign in faster with magic links. This was the expected outcome since there is no longer keyed entry of the one-time password.

Learn more about magic links on our new product page!

Twitter social sign-in

This week we launched social sign-in with Twitter! Believe it or not, Twitter still uses OAuth 1.0a instead of OAuth 2.0, which caused some extra work on our end. For you though, it's just switch-flick of the User Management settings in your dashboard.

A complete guide to passwordless authentication

Today we launched a guide to passwordless authentication. Passwords have become a point of much debate among developers, particularly because they're often forgotten and they can be susceptible to credential-stuffing attacks. Our new guide breaks down the details and explores the tradeoffs of passwordless authentication.

Full-stack starter with Fastify, React, and Prisma

We released a new starter with Fastify, React, and Prisma – check it out on Github.