# Changelog Mar 25, 2022

## Bring-your-own IdP with Sign in Tokens

Clerk now be configured to work with external identity providers (IdPs)!

Sign in Tokens are a low-level abstraction that offers developers complete flexibility when signing in users. It allows you to handle user authentication on your own and then delegate session management to Clerk.

The primary use case for tokens is keeping authentication with a Customer Identity vendor like Auth0, but taking advantage of Clerk's SDKs for easier integration with the Jamstack ecosystem of frameworks, databases, and other tools.

Sign in Tokens can be generated securely with Clerk's backend API.

Thanks to the contributors: Alex Ntousias, Giannis Katsanos

## Allowlist for sign ups

We've added a **Sign-up restrictions** tab to the dashboard where you can restrict sign ups to your application by email domain, email address, or phone number.

The allowlist restrictions can also be [enabled by API](https://clerk.com/docs/reference/backend-api/tag/beta-features/PATCH/beta_features/instance_settings) to produce a programmatic invite-only flow.

![JWT token implementation guide](./578ffcd45ce5b4aac973f600663f7876df7fdef1-2698x1450.png)

Thanks to the contributors: Giannis Katsanos, Nikos Petridis

## Sign in with Apple

We've added Sign in with Apple to our growing list of social login providers!

Thanks to the contributors: Agis Anastasopoulos, Haris Chaniotakis

## Organization roles in custom JWTs

A new shortcode has been added to JWT templates for developers participating in our Organization Management early access.

The token is called `{{user.organizations}}` and it returns a dictionary of the user's organization IDs mapped to their role in that organization. This is particularly helpful when performing authorization checks within database vendors like Supabase, Hasura, Firebase, or Fauna.

Thanks to the contributors: Haris Chaniotakis