Changelog June 23, 2023


This week, we released Self Service Delete, Organization Creation Permissions, Enhanced Bot Protection, and various security and performance enhancements.

🗑️ Self Service Delete

We've introduced a new feature that allows users to easily delete their user accounts from your application. With the Self Service Delete feature, users can now delete their accounts directly through the <UserProfile /> component. This convenient functionality can be enabled through the Clerk Dashboard.

For our B2B customers, we've also extended this capability to administrators, who can now delete organizations directly through the <OrganizationProfile /> component. This provides enhanced control and management options for organizations within your application.

🔒 Permissions for Organization Creation

We have introduced a new feature that allows admins to have granular control over organization creation permissions for application users. With this feature, administrators can now decide whether users are allowed to create organizations. This provides you with extra control over the number of organizations within your Clerk application, ensuring that it aligns with your specific requirements and organizational structure. Note: You are still only billed on the number of active organizations in use, not the total number of organizations.

The organization creation permission setting is respected across all our stacks, including Clerk’s UI components, frontend API, and backend API.

🤖 Enhanced Bot Detection for Hosted Pages

We have introduced enhanced bot protection for our customers who are using Clerk’s Hosted Pages feature to help detect and mitigate bot attacks. In order to maintain the integrity of your application, all production instances now include additional measures against bot activity. If a suspicious bot attempts to access Hosted Pages, a “Verification Challenge” will be triggered.

This challenge serves as a verification process, similar to a CAPTCHA, to ensure that the user accessing the pages is human.

✨ Other Fixes & Improvements

  • Implemented PKCE (Proof Key for Code Exchange) support for Clerk's provided OAuth 2 IDP, improving security for user authentication and authorization code exchanges.
  • The experimental_allowed_origins parameter has been officially removed from the Clerk Backend API /v1/instance endpoint following its deprecation.
  • Improved Clerk Images with optimizations including:
    • Implementation of dynamic format negotiation that supports avif and webp formats and falls back to jpeg when needed, yielding a ~50% size reduction.
    • Images are now scaled down to a max width of 1920 and a default quality of 80 for improved performance.
  • Enhanced dashboard experience now offers a cleaner, unified interface for editing and viewing SAML connections.
  • The PATCH /me {password} endpoint in the dashboard is now deprecated and replaced with the more secure /v1/me/change_password endpoint. This new endpoint requires the inclusion of the old password, enhancing the security of password changes.
  • The Expo SDK now supports base64 image uploads for user profile images and organization logos.

📅 Events

Dive into AI applications at the Pinecone Hackathon, proudly sponsored by Clerk. This week-long event challenges you to devise solutions for real-world issues using Generative AI tools. The deadline for participation is Jun 26, 2023, at 12:00am EDT.

Join the hackathon here →

📚 Resources

  • AI Getting Started Stack: Martin from a16z open sourced a Javascript AI “getting started” stack to allow devs to quickly spin up AI projects. Read all about it in this post.
  • We’ve got two editions of How We Roll for you this week, which covers how Clerk implements authentication, both from Clerk’s own James Perkins.
    • Customization: The 5th chapter of "How We Roll" covers the various ways developers can customize Clerk's UI components.
    • User Profile: The 6th chapter of “How We Roll” covers how Clerk’s <UserProfile /> component allows users to control their data.

🙌 Community Shoutouts

  • Shoutout to Timothy Miller for open sourcing create-t4-app, a Type-Safe, Full-Stack Starter Kit for React Native + Web, offering easy integration to Cloudflare services and built-in support for Clerk.
  • Congratulations to our Clerk Community member bradw for launching Sociafy, an alternative to Sociafy lets you curate elegant pages that reflect your individuality, and utilizes Clerk for user authentication.
  • A round of applause for Clerk Community member Zach for the launch of Artisan, a web application that leverages the power of Clerk and T3 Turbo. Artisan, an AI-driven coach, is here to help you achieve your self-guided learning goals with greater consistency.

Stay tuned for future updates. If you have feedback or suggestions, leave us feedback on the docs via Docsly, tweet us at @ClerkDev, or join the Clerk Community on Discord.