# Clerk Changelog — Page 8 # User retention report URL: https://clerk.com/changelog/2026-01-21-user-retention.md Date: 2026-01-21 Category: Dashboard Description: Track how sticky your product is with automatic user retention tracking. Understand how sticky your product is with the new user retention report. Clerk automatically tracks how often users are coming back to your application after sign up, enabling you to visualize how your retention is trending versus industry benchmarks. ### Features - Change the interval to see how your user cohorts retain over the first 30 days, 8 weeks, and 3 months. - Visualize how your retention is changing over time by comparing the last three or six cohorts. - Set a goal shape to measure how your retention is improving towards industry benchmarks. - View recent cohorts in progress, or toggle off 'show incomplete period' to see only cohorts with complete data. --- # Clerk MCP Server URL: https://clerk.com/changelog/2026-01-20-clerk-mcp-server.md Date: 2026-01-20 Category: Product Description: Get accurate Clerk SDK snippets and implementation patterns directly in your AI coding assistant with the Clerk MCP server. We're launching the Clerk MCP server in public beta — a [Model Context Protocol](https://modelcontextprotocol.io/introduction) server that helps AI coding assistants like Claude, Cursor, and GitHub Copilot provide accurate SDK snippets and implementation patterns when working with Clerk. Your agent can use Clerk's MCP server to pull up-to-date implementation guidance and best practices. Once connected, you can ask your AI assistant questions like: - "How do I implement authentication hooks in Next.js?" - "Set up a B2B SaaS with organizations and role-based permissions" - "Create a waitlist flow for my app" - "Protect API routes with Clerk" To see complete setup instructions and learn more about the Clerk MCP server, head to the [documentation](/docs/guides/ai/mcp/clerk-mcp-server). We'd love to get your feedback as you try out the Clerk MCP server. Reach out through [our feedback portal](https://feedback.clerk.com) or join the discussion in our [Discord community](https://clerk.com/discord). --- # Sign-in with Solana URL: https://clerk.com/changelog/2026-01-13.md Date: 2026-01-13 Category: Web3 Description: Introducing support for Sign-in with Solana for seamless authentication using Solana wallets! We're excited to announce the launch of our new [Solana](https://solana.com/solana-wallets) authentication strategy, which makes it easy for developers to integrate Solana wallet sign-ins into their applications. ## Getting Started - Enable Solana as a Web3 authentication strategy in the [Clerk Dashboard](https://dashboard.clerk.com/last-active?path=user-authentication/web3) - Use the `` and `` components to allow users to authenticate with their Solana wallets - See our [Solana authentication documentation](/docs/guides/configure/auth-strategies/web3/solana) for detailed setup instructions and code examples --- # Control available roles per organization with Role Sets URL: https://clerk.com/changelog/2026-01-12-organization-role-sets.md Date: 2026-01-12 Category: Organizations Description: Control which roles are available to each organization with Role Sets, enabling tiered access and cohort-based permissions. You can now control which roles are available to each organization using Role Sets. Assign different Role Sets to different organizations based on subscription tiers, customer cohorts, or business needs — if a role isn't in an organization's Role Set, members can't be assigned that role. ## What's new Role Sets allow you to define separate collections of roles and permissions across organizations. This enables advanced use cases like: - Creating different role hierarchies for different teams or departments - Isolating permissions across multiple products or services within one organization - Building flexible multi-tenant architectures with customizable access patterns - Supporting complex organizational structures with varying authorization needs Use Role Sets when different Organizations need different available Roles. This works well for: - **Different pricing tiers** - Your Free plan offers only `admin` and `member`, Pro adds `moderator` and `analyst`, and Enterprise adds `security_admin` and `compliance_officer`. - **Different customer cohorts** - Small practices get `physician` and `nurse`, while large hospitals also get `department_head` and `specialist`. All cohorts share `admin` and `member`, but get additional Roles specific to their size. When you modify a Role Set, the changes are automatically applied to all Organizations using it. This makes it easy to roll out new Roles across multiple Organizations at once. Each instance gets one role set by default at no additional cost. Additional role sets require the [Enhanced Organizations add-on](/pricing#organizations). ## Getting started Visit the [Role Sets documentation](https://clerk.com/docs/guides/organizations/control-access/role-sets) to learn how to create and manage Role Sets for your organizations. You can also manage Role Sets through the Clerk Dashboard or programmatically via the Backend API. Visit the [Role Sets documentation](https://clerk.com/docs/guides/organizations/control-access/role-sets) for detailed guides, or see the [Backend API reference](https://clerk.com/docs/reference/backend-api) for API details. --- # Member role can no longer manage secret keys within the Clerk Dashboard URL: https://clerk.com/changelog/2026-01-09-secret-key-management-restricted-to-admins.md Date: 2026-01-09 Category: Dashboard Description: We've further restricted access to your most sensitive keys within the Clerk Dashboard In an ongoing effort to improve the security of your Clerk instances, starting today, only users of your Clerk workspace who are *Admin* roles will be able to manage secret keys on the Instance / API Keys page. The *Member* role can no longer reveal, create, or delete secret keys. *Member* role can still list all Secret keys and view non-sensitive details such as name, creation date and last-used date. --- # JWT format support for OAuth access tokens URL: https://clerk.com/changelog/2026-01-08-jwt-oauth-access-tokens.md Date: 2026-01-08 Category: Product Description: OAuth access tokens can now be issued as JWTs, enabling networkless verification and better compatibility with third-party tools. JWTs are now the default for newly created applications, while existing applications continue using opaque tokens unless changed. ![JWT format support for OAuth access tokens](./jwt-toggle.png) ## Why JWT? JWT access tokens offer several advantages: - **Networkless verification** — JWTs can be verified locally using your instance's public key, without making a network request to Clerk's servers - **Self-contained** — All necessary information (user ID, scopes, expiration) is embedded in the token itself - **Better compatibility** — Many third-party tools and libraries expect JWT tokens ## When to use opaque tokens Opaque tokens remain valuable for security-sensitive scenarios: - **Instant revocation** — Opaque tokens can be invalidated immediately, while JWTs remain valid until they expire ## How to configure To change your OAuth access token format: 1. Navigate to [OAuth applications](https://dashboard.clerk.com/~/oauth-applications) in the Clerk Dashboard 2. Select the **Settings** tab 3. Toggle **Generate access tokens as JWTs** on or off 4. Save your changes Clerk's SDKs automatically handle verification for both token formats — no code changes are required when switching between them. For manual verification of JWT tokens outside of Clerk's SDKs, use the same approach as [session token verification](/docs/guides/sessions/manual-jwt-verification) with your instance's public key. For more details on the differences between token formats, see the [token formats documentation](/docs/guides/development/machine-auth/token-formats).