# Clerk Changelog — Page 4
# Organization activity report
URL: https://clerk.com/changelog/2026-03-16-organization-activity.md
Date: 2026-03-16
Category: Dashboard
Description: Visualize how active each organization is in your application
The organization activity report shows daily member engagement levels for each org, helping you understand how teams are using your product.
- **Visualize engagement** - Each day in the report is color-coded by the percentage of total organization members who were active, making it easy to spot trends and patterns.
- **Navigate by year** - Use the year selector to browse activity across different years.
- **Hover for details** - Tooltips show the percentage of org members who were active on each day.
*Note: Activity data is available starting from January 2026.*
To view the activity report, open any organization's profile page from the [Organizations](https://dashboard.clerk.com/~/organizations) list in your Clerk Dashboard.
Keep an eye out for continued improvements to the organization profile page.
---
# Create and manage enterprise connections through Clerk's API
URL: https://clerk.com/changelog/2026-03-09-bapi-enterprise-connections.md
Date: 2026-03-09
Category: API
Description: Create, list, read, update, and delete enterprise connections programmatically.
You can now fully manage both SAML and OIDC enterprise connections via the Clerk Backend API. Previously, you could only manage SAML connections via the API.
## What's new
The following endpoints are now available on Clerk's backend API:
| Method | Path | Description |
| -------- | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------ |
| `POST` | `/v1/enterprise_connections` | Create an enterprise connection. Accepts `provider`, `domains`, `name` and `organization_id` as params |
| `GET` | `/v1/enterprise_connections` | List enterprise connections. Query: `organization_id` (optional), pagination. |
| `GET` | `/v1/enterprise_connections/{enterpriseConnectionID}` | Get a single enterprise connection. |
| `PATCH` | `/v1/enterprise_connections/{enterpriseConnectionID}` | Update an enterprise connection. |
| `DELETE` | `/v1/enterprise_connections/{enterpriseConnectionID}` | Delete an enterprise connection. |
If you currently use the [`/saml_connections`](https://clerk.com/docs/reference/backend-api/tag/saml-connections) endpoint, we recommend migrating to the new [`/enterprise_connections`](https://clerk.com/docs/reference/backend-api/tag/enterprise-connections) endpoint. This unified API allows you to manage both SAML and OIDC connections, and will serve as the primary interface moving forward. Support for the legacy SAML endpoint may be phased out in the future.
## Getting started
Visit the [API reference](https://clerk.com/docs/reference/backend-api/tag/enterprise-connections) for detailed documentation on request parameters and response formats.
---
# Native React Native components, Google Sign-In, and Core 3
URL: https://clerk.com/changelog/2026-03-09-expo-native-components.md
Date: 2026-03-09
Category: SDK
Description: @clerk/expo now ships prebuilt native components (AuthView, UserButton, UserProfileView), native Google Sign-In, and Core-3 Signal APIs.
`@clerk/expo` 3.1 brings native UI components powered by SwiftUI (iOS) and Jetpack Compose (Android), native Google Sign-In, and the new Core-3 Signal API. This is a major version bump that requires Expo SDK 53+.
## Native React Native components
Three prebuilt native components are now available from `@clerk/expo/native`:
- **``** renders the full sign-in/sign-up UI natively, with support for `signIn`, `signUp`, and `signInOrUp` modes. Session sync to the JS SDK happens automatically.
- **``** displays the user's avatar and opens the native profile modal on tap. It fills its parent container, so the parent controls the size and shape.
- **``** renders the profile management UI inline. For modal presentation, use the new `useUserProfileModal()` hook.
All components use hook-based state management rather than callbacks. React to auth state changes with `useAuth()` in a `useEffect`:
```tsx
import { AuthView, UserButton } from '@clerk/expo/native'
import { useAuth, useUserProfileModal } from '@clerk/expo'
function App() {
const { isSignedIn } = useAuth()
const { presentUserProfile } = useUserProfileModal()
if (!isSignedIn) {
return
}
return (
<>
Manage Profile
)
}
```
These components require the `@clerk/expo` Expo config plugin, which automatically adds the [clerk-ios](https://github.com/clerk/clerk-ios) and [clerk-android](https://github.com/clerk/clerk-android) native SDKs to your project. See the [native components overview](/docs/reference/expo/native-components/overview) for setup and usage.
## Native Google Sign-In
Google Sign-In now uses platform-native APIs instead of browser-based OAuth:
- **iOS**: ASAuthorization (system credential picker)
- **Android**: Credential Manager (one-tap / passkey-ready)
This is exposed via the `NativeClerkGoogleSignIn` TurboModule spec and integrated into the `@clerk/expo` config plugin. No extra packages are needed beyond configuring your Google OAuth credentials in the Clerk Dashboard.
## Core-3 Signal APIs
`@clerk/expo` 3.1 ships with the [Core-3 Signal API](/docs/guides/development/upgrading/upgrade-guides/core-3), which replaces the legacy `setActive()` pattern with reactive hooks:
```tsx
// Core 3
const { signIn } = useSignIn()
await signIn.create({ identifier: email })
await signIn.password({ password })
if (signIn.status === 'complete') {
await signIn.finalize({ navigate: () => router.push('/') })
}
```
Key changes from Core 2:
- `signIn.password()`, `signIn.emailCode.sendCode()` replace `signIn.attemptFirstFactor()`
- `signIn.finalize()` replaces `setActive({ session: signIn.createdSessionId })`
- Error handling via `errors.fields.identifier?.message` instead of try/catch
See the [Expo quickstart](/docs/quickstarts/expo) and [Core-3 upgrade guide](/docs/guides/development/upgrading/upgrade-guides/core-3) for migration details.
## New hooks
Three new hooks are exported from `@clerk/expo`:
| Hook | Description |
| ----------------------- | --------------------------------------------------------------------------------------------- |
| `useUserProfileModal()` | Present the native profile modal imperatively. Returns `{ presentUserProfile, isAvailable }`. |
| `useNativeSession()` | Access native SDK session state: `isSignedIn`, `sessionId`, `user`, `refresh()`. |
| `useNativeAuthEvents()` | Listen for auth state changes (`signedIn`, `signedOut`) from native components. |
## Get started
Follow the [Expo quickstart](/docs/quickstarts/expo) to set up a new project with native components, or check the [native components reference](/docs/reference/expo/native-components/overview) for the full API. The [clerk-expo-quickstart](https://github.com/clerk/clerk-expo-quickstart) repo has three example apps: JS-only, JS with native sign-in, and full native components.
---
# X social connection improvements
URL: https://clerk.com/changelog/2026-03-06-x-social-connection-improvements.md
Date: 2026-03-06
Category: SSO
Description: We're rolling out improvements to the X social connection.
Users who sign in with X/Twitter now get their email address returned as part of the authentication flow. Previously, they were prompted to enter it manually as an extra step for.'
Additionally, Clerk development instances can now enable the X/Twitter connection with zero additional config for easier testing.
To add X/Twitter v2 as a social connection in your application, see the [X/Twitter guide](/docs/guides/configure/auth-strategies/social-connections/x-twitter).
---
# JWT format support for M2M tokens
URL: https://clerk.com/changelog/2026-02-24-m2m-jwt-tokens.md
Date: 2026-03-05
Category: M2M
Description: M2M tokens can now be issued as JWTs, enabling networkless verification and eliminating per-verification costs.
## Why JWT?
JWT M2M tokens offer several advantages over opaque tokens:
- **Networkless verification** — JWTs can be verified locally using your instance's public key, without making a network request to Clerk's servers
- **No verification cost** — Opaque token verification costs `$0.00001` per request, while JWT verification is free since it happens locally
- **Self-contained** — All necessary information (machine ID, claims, expiration) is embedded in the token itself
- **Lower latency** — Local verification is significantly faster than a network round-trip
## When to use opaque tokens
Opaque tokens remain valuable for security-sensitive scenarios:
- **Instant revocation** — Opaque tokens can be invalidated immediately, while JWTs remain valid until they expire
- **Maximum security** — Opaque tokens do not contain any embedded information. Server-side verification is required to access payload data.
## Getting Started
**Dashboard**
To generate your M2M token format:
1. Navigate to [Machines](https://dashboard.clerk.com/~/machines/configure) in the Clerk Dashboard
2. Select the machine you want to generate the token for.
3. Select **Generate token**
4. Toggle **Generate token as JWT**
5. Select **Create**
**SDK**
```javascript
// Create a JWT token on Machine A
const m2mToken = await clerkClient.m2m.createToken({
tokenFormat: 'jwt',
})
// Send authenticated request to Machine B
await fetch('', {
headers: {
Authorization: `Bearer ${m2mToken.token}`,
},
})
// Verify the token on Machine B — no network request needed
const verified = await clerkClient.m2m.verify({ token })
```
### Pricing
We will begin charging for M2M token usage starting March 16, 2026. The pricing will be:
- `$0.001` per token creation
- `$0.00001` per token verification (opaque tokens only)
For more details, see the [M2M tokens documentation](/docs/machine-auth/m2m-tokens) and [token formats documentation](/docs/guides/development/machine-auth/token-formats).
---
# Chrome Extension JavaScript SDK support
URL: https://clerk.com/changelog/2026-03-04-chrome-extension-js-quickstart.md
Date: 2026-03-04
Category: SDK
Description: The Chrome Extension SDK now supports vanilla JavaScript with createClerkClient(), and deprecates the /background import path.
The `@clerk/chrome-extension` SDK now fully supports vanilla JavaScript (non-React) usage through `createClerkClient()` imported from `@clerk/chrome-extension/client`. A new [Chrome Extension JS Quickstart](/docs/getting-started/quickstart/chrome-extension-js) guide is available to help you get started.
## `createClerkClient()` for vanilla JS
Use `createClerkClient()` from `@clerk/chrome-extension/client` to initialize Clerk in a popup or side panel without React:
```ts {{ filename: 'src/popup.ts' }}
import { createClerkClient } from '@clerk/chrome-extension/client'
const clerk = createClerkClient({
publishableKey: process.env.CLERK_PUBLISHABLE_KEY,
})
await clerk.load({
allowedRedirectProtocols: ['chrome-extension:'],
})
```
## `background` option for `createClerkClient()`
Whether you're using React or vanilla JS, `createClerkClient()` from `@clerk/chrome-extension/client` now accepts a `background: true` option for use in background service workers. This replaces the separate `@clerk/chrome-extension/background` import.
```ts {{ filename: 'src/background/index.ts' }}
import { createClerkClient } from '@clerk/chrome-extension/client'
async function getToken() {
const clerk = await createClerkClient({
publishableKey: process.env.CLERK_PUBLISHABLE_KEY,
background: true,
})
if (!clerk.session) {
return null
}
return await clerk.session?.getToken()
}
```
## Deprecation: `@clerk/chrome-extension/background`
Importing `createClerkClient` from `@clerk/chrome-extension/background` is now deprecated. Both React and vanilla JS extensions should update to import from `@clerk/chrome-extension/client` with the `background: true` option instead.