You can now enable Organizations directly in your app during development, without navigating to the Clerk Dashboard.
When you first use organization components or hooks in a development instance, Clerk will automatically prompt you to enable Organizations. The prompt includes a toggle to allow personal accounts and a link to the Dashboard for advanced configuration.
This reduces friction when building B2B applications — no more context switching between your code editor and the Dashboard just to enable a feature.
Build custom role based access control (RBAC) systems by managing over organization roles and permissions via an API.
You can now implement completely manage permissions and roles through the Clerk Backend API. Build sophisticated access control systems tailored to your application's needs — whether you're syncing roles from external systems, automating permission assignments, or creating custom admin interfaces.
What's new
The following endpoints are now available on Clerk's backend API:
Organization Permissions
GET /v1/organization_permissions - List all permissions with pagination and filtering
POST /v1/organization_permissions - Create a new permission
GET /v1/organization_permissions/{permission_id} - Retrieve a specific permission
PATCH /v1/organization_permissions/{permission_id} - Update a permission
DELETE /v1/organization_permissions/{permission_id} - Delete a permission
Organization Roles
GET /v1/organization_roles - List all roles
POST /v1/organization_roles - Create a new role
GET /v1/organization_roles/{role_id} - Retrieve a specific role
PATCH /v1/organization_roles/{role_id} - Update a role
DELETE /v1/organization_roles/{role_id} - Delete a role
Role Permissions
POST /v1/organization_roles/{role_id}/permissions/{permission_id} - Assign a permission to a role
DELETE /v1/organization_roles/{role_id}/permissions/{permission_id} - Remove a permission from a role
Getting started
Visit the API reference for detailed documentation on request parameters and response formats.
Last Friday, Troy Hunt shared that 625 million never-before-leaked passwords had been added to Have I Been Pwned, the password leak detection service. The update brought relief to our team at Clerk, which had been fighting credential stuffing attacks for the two weeks prior.
Attackers were attempting to test millions of stolen passwords in quick bursts, with seemingly endless rotating IPs and TLS fingerprints to slip past rate limiters.
While we were able to mitigate the vast majority of the attack, leaks of this scale mean that even 99.9% effectiveness isn’t enough.
So we decided to kill credential stuffing for good, with a mechanism we’re calling Client Trust.
Introducing Client Trust
Client Trust is Clerk’s new defense against credential stuffing. It works by treating every new device as untrusted until the user has signed in on it.
Here’s what that means in practice:
If a user enters a valid password
and hasn’t enabled two-factor authentication
and is signing in from a new client (device)
Then Clerk will automatically require a second factor, with either a one-time passcode or a magic link, depending on the application’s settings.
That’s it. No extra configuration and no guesswork. Just automatic protection from day one.
Security that adapts to reality
We know that developers don’t want to choose between user experience and security. Client Trust is designed to make that trade-off obsolete.
It’s invisible when it should be, and decisive when it must be. No more leaked-password panics. No more hoping users turned on 2FA.
With Client Trust, your users are protected even when their password is included in a 0-day credential leak.
Free for everyone
Client Trust is included in all Clerk plans, and automatically enabled for new applications.
Existing applications must enable the update manually from the Updates page of the dashboard. For most customers, it’s available as one-click update.
You can now update billing plan prices even when the plan has active paid subscriptions.
What changed?
Previously, when a billing plan had active paid subscriptions, the price fields in the dashboard were disabled and couldn't be modified. This was a protective measure to prevent accidental changes that could affect existing subscribers.
With this update, you now have full control over your plan pricing, regardless of subscription status.
How pricing updates work
When you update the price of a plan with active subscriptions:
Existing subscriptions continue at their current price
New subscriptions use the updated pricing immediately
We're working on additional functionality that will give you even more control over pricing updates. In a future release, you'll be able to automatically transition existing subscriptions to updated pricing at their next billing date.
The Clerk Expo SDK now supports native Sign in with Apple, providing a seamless authentication experience for iOS users.
Clerk's Expo SDK now includes native Sign in with Apple support, allowing iOS users to authenticate using their Apple ID directly within your Expo applications. This integration provides a streamlined, privacy-focused authentication method that meets Apple's requirements for apps offering third-party sign-in options.
Native integration benefits
Unlike web-based OAuth flows, the native Sign in with Apple implementation offers:
Faster authentication - No browser redirects or context switching
Better user experience - Native iOS UI that users recognize and trust
Privacy features - Support for Apple's Hide My Email functionality
App Store compliance - Meets Apple's guidelines for apps with social login
Getting started
To enable Sign in with Apple in your Expo app, configure the OAuth provider in your Clerk Dashboard and add the authentication strategy to your sign-in flow. The SDK handles the native integration automatically on iOS devices, falling back to web-based flows on other platforms
