Skip to main content

Clerk Changelog

Subscribe to RSS

Clerk is now available in Stripe Projects

Category
Product
Published

Add authentication and user management to your app through Stripe Projects with a CLI-based workflow for teams and AI agents.

You can now add authentication and user management to your app through Stripe Projects. Available in developer preview, this CLI-based workflow lets teams and AI agents provision Clerk directly from the terminal.

Using the Stripe CLI, you can:

  • Connect an existing Clerk account or have one created for you
  • Provision a new Clerk application with both development and production credentials
  • Manage authentication keys, rotate secrets, and access your Clerk dashboard — all from Stripe

To get started, install the Stripe Projects plugin for Stripe's CLI and initialize your project:

stripe plugin install projects
stripe projects init my-app
stripe projects add clerk

Select Clerk to add authentication and start building, or visit the documentation to learn more.

Contributor
Mitch Vostrez

Share this article

Organization activity report

Category
Dashboard
Published

Visualize how active each organization is in your application

The organization activity report shows daily member engagement levels for each org, helping you understand how teams are using your product.

  • Visualize engagement - Each day in the report is color-coded by the percentage of total organization members who were active, making it easy to spot trends and patterns.
  • Navigate by year - Use the year selector to browse activity across different years.
  • Hover for details - Tooltips show the percentage of org members who were active on each day.

Note: Activity data is available starting from January 2026.

To view the activity report, open any organization's profile page from the Organizations list in your Clerk Dashboard.

Keep an eye out for continued improvements to the organization profile page.

Contributors
Jeremy Morton
Nate Watkin
Max Barvian
Austin Calvelage

Share this article

Create and manage enterprise connections through Clerk's API

Category
API
Published

Create, list, read, update, and delete enterprise connections programmatically.

You can now fully manage both SAML and OIDC enterprise connections via the Clerk Backend API. Previously, you could only manage SAML connections via the API.

What's new

The following endpoints are now available on Clerk's backend API:

MethodPathDescription
POST/v1/enterprise_connectionsCreate an enterprise connection. Accepts provider, domains, name and organization_id as params
GET/v1/enterprise_connectionsList enterprise connections. Query: organization_id (optional), pagination.
GET/v1/enterprise_connections/{enterpriseConnectionID}Get a single enterprise connection.
PATCH/v1/enterprise_connections/{enterpriseConnectionID}Update an enterprise connection.
DELETE/v1/enterprise_connections/{enterpriseConnectionID}Delete an enterprise connection.

If you currently use the /saml_connections endpoint, we recommend migrating to the new /enterprise_connections endpoint. This unified API allows you to manage both SAML and OIDC connections, and will serve as the primary interface moving forward. Support for the legacy SAML endpoint may be phased out in the future.

Getting started

Visit the API reference for detailed documentation on request parameters and response formats.

Contributor
Laura Beatris

Share this article

Native React Native components, Google Sign-In, and Core 3

Category
SDK
Published

@clerk/expo now ships prebuilt native components (AuthView, UserButton, UserProfileView), native Google Sign-In, and Core-3 Signal APIs.

@clerk/expo 3.1 brings native UI components powered by SwiftUI (iOS) and Jetpack Compose (Android), native Google Sign-In, and the new Core-3 Signal API. This is a major version bump that requires Expo SDK 53+.

Native React Native components

Three prebuilt native components are now available from @clerk/expo/native:

  • <AuthView /> renders the full sign-in/sign-up UI natively, with support for signIn, signUp, and signInOrUp modes. Session sync to the JS SDK happens automatically.
  • <UserButton /> displays the user's avatar and opens the native profile modal on tap. It fills its parent container, so the parent controls the size and shape.
  • <UserProfileView /> renders the profile management UI inline. For modal presentation, use the new useUserProfileModal() hook.

All components use hook-based state management rather than callbacks. React to auth state changes with useAuth() in a useEffect:

import { AuthView, UserButton } from '@clerk/expo/native'
import { useAuth, useUserProfileModal } from '@clerk/expo'

function App() {
  const { isSignedIn } = useAuth()
  const { presentUserProfile } = useUserProfileModal()

  if (!isSignedIn) {
    return <AuthView mode="signInOrUp" />
  }

  return (
    <>
      <View style={{ width: 44, height: 44, borderRadius: 22, overflow: 'hidden' }}>
        <UserButton />
      </View>
      <TouchableOpacity onPress={presentUserProfile}>
        <Text>Manage Profile</Text>
      </TouchableOpacity>
    </>
  )
}

These components require the @clerk/expo Expo config plugin, which automatically adds the clerk-ios and clerk-android native SDKs to your project. See the native components overview for setup and usage.

Native Google Sign-In

Google Sign-In now uses platform-native APIs instead of browser-based OAuth:

  • iOS: ASAuthorization (system credential picker)
  • Android: Credential Manager (one-tap / passkey-ready)

This is exposed via the NativeClerkGoogleSignIn TurboModule spec and integrated into the @clerk/expo config plugin. No extra packages are needed beyond configuring your Google OAuth credentials in the Clerk Dashboard.

Core-3 Signal APIs

@clerk/expo 3.1 ships with the Core-3 Signal API, which replaces the legacy setActive() pattern with reactive hooks:

// Core 3
const { signIn } = useSignIn()
await signIn.create({ identifier: email })
await signIn.password({ password })
if (signIn.status === 'complete') {
  await signIn.finalize({ navigate: () => router.push('/') })
}

Key changes from Core 2:

  • signIn.password(), signIn.emailCode.sendCode() replace signIn.attemptFirstFactor()
  • signIn.finalize() replaces setActive({ session: signIn.createdSessionId })
  • Error handling via errors.fields.identifier?.message instead of try/catch

See the Expo quickstart and Core-3 upgrade guide for migration details.

New hooks

Three new hooks are exported from @clerk/expo:

HookDescription
useUserProfileModal()Present the native profile modal imperatively. Returns { presentUserProfile, isAvailable }.
useNativeSession()Access native SDK session state: isSignedIn, sessionId, user, refresh().
useNativeAuthEvents()Listen for auth state changes (signedIn, signedOut) from native components.

Get started

Follow the Expo quickstart to set up a new project with native components, or check the native components reference for the full API. The clerk-expo-quickstart repo has three example apps: JS-only, JS with native sign-in, and full native components.

Contributors
Chris Canin
Sam Wolfand
Mike Pitre

Share this article

X social connection improvements

Category
SSO
Published

We're rolling out improvements to the X social connection.

Users who sign in with X/Twitter now get their email address returned as part of the authentication flow. Previously, they were prompted to enter it manually as an extra step for.'

Additionally, Clerk development instances can now enable the X/Twitter connection with zero additional config for easier testing.

To add X/Twitter v2 as a social connection in your application, see the X/Twitter guide.

Contributor
Kevin Wang

Share this article

JWT format support for M2M tokens

Category
M2M
Published

M2M tokens can now be issued as JWTs, enabling networkless verification and eliminating per-verification costs.

Why JWT?

JWT M2M tokens offer several advantages over opaque tokens:

  • Networkless verification — JWTs can be verified locally using your instance's public key, without making a network request to Clerk's servers
  • No verification cost — Opaque token verification costs $0.00001 per request, while JWT verification is free since it happens locally
  • Self-contained — All necessary information (machine ID, claims, expiration) is embedded in the token itself
  • Lower latency — Local verification is significantly faster than a network round-trip

When to use opaque tokens

Opaque tokens remain valuable for security-sensitive scenarios:

  • Instant revocation — Opaque tokens can be invalidated immediately, while JWTs remain valid until they expire
  • Maximum security — Opaque tokens do not contain any embedded information. Server-side verification is required to access payload data.

Getting Started

Dashboard

To generate your M2M token format:

  1. Navigate to Machines in the Clerk Dashboard
  2. Select the machine you want to generate the token for.
  3. Select Generate token
  4. Toggle Generate token as JWT
  5. Select Create

SDK

// Create a JWT token on Machine A
const m2mToken = await clerkClient.m2m.createToken({
  tokenFormat: 'jwt',
})

// Send authenticated request to Machine B
await fetch('<machine-b-url>', {
  headers: {
    Authorization: `Bearer ${m2mToken.token}`,
  },
})

// Verify the token on Machine B — no network request needed
const verified = await clerkClient.m2m.verify({ token })

Pricing

We will begin charging for M2M token usage starting March 16, 2026. The pricing will be:

  • $0.001 per token creation
  • $0.00001 per token verification (opaque tokens only)

For more details, see the M2M tokens documentation and token formats documentation.

Contributors
Jeff Escalante
Brandon Romano
Robert Soriano
Bruno Lin

Share this article