Docs

authenticateRequest()

Authenticates a token passed from the frontend. Networkless if the secretKey or jwtKey are provided. Otherwise, performs a network call to retrieve the JWKS from Clerk's Backend API.

function authenticateRequest: (request: Request, options: AuthenticateRequestOptions) => Promise<RequestState>;
  • Name
    request
    Type
    Request
    Description

    Request object

  • Name
    options?
    Type
    AuthenticateRequestOptions
    Description

    Optional options to configure the authentication.

  • Name
    secretKey?
    Type
    string
    Description

    The Clerk secret key from the API Keys page in the Clerk Dashboard.

  • Name
    publishableKey?
    Type
    string
    Description

    The Clerk publishable key from the API Keys page in the Clerk Dashboard.

  • Name
    domain?
    Type
    string
    Description

    The domain for the application. For development, you can pass the localhost your application is running on. For example: localhost:3001

  • Name
    isSatellite?
    Type
    boolean
    Description

    Set to true if the instance is a satellite domain in a multi-domain setup.

  • Name
    proxyUrl?
    Type
    string
    Description

    The proxy URL from a multi-domain setup.

  • Name
    signInUrl?
    Type
    string
    Description

    The sign-in URL from a multi-domain setup. It's recommended to use the environment variable instead.

  • Name
    signUpUrl?
    Type
    string
    Description

    It's recommended to use sign-up URL from a multi-domain setup. Use the environment variable instead.

  • Name
    signInForceRedirectUrl?
    Type
    string
    Description

    If provided, this URL will always be redirected to after the user signs in. It's recommended to use the environment variable instead.

  • Name
    signUpForceRedirectUrl?
    Type
    string
    Description

    If provided, this URL will always be redirected to after the user signs up. It's recommended to use the environment variable instead.

  • Name
    signInFallbackRedirectUrl?
    Type
    string
    Description

    The fallback URL to redirect to after the user signs in, if there's no redirect_url in the path already. Defaults to /. It's recommended to use the environment variable instead.

  • Name
    signUpFallbackRedirectUrl?
    Type
    string
    Description

    The fallback URL to redirect to after the user signs up, if there's no redirect_url in the path already. Defaults to /. It's recommended to use the environment variable instead.

  • Name
    jwtKey?
    Type
    string
    Description

    The PEM public key from the API Keys page -> Show JWT public key -> PEM Public Key section of the Clerk Dashboard. It's recommended to use the environment variable instead.

  • Name
    audience?
    Type
    string | string[]
    Description

    A string or list of audiences.

  • Name
    clockSkewInMs?
    Type
    number
    Description

    Specifies the allowed time difference (in milliseconds) between the Clerk server (which generates the token) and the clock of the user's application server when validating a token. Defaults to 5000 ms (5 seconds).

  • Name
    jwksCacheTtlInMs? (deprecated)
    Type
    number
    Description

    Deprecated. Specifying a cache TTL is now a no-op.

  • Name
    skipJwksCache?
    Type
    boolean
    Description

    A flag to skip ignore cache and always fetch JWKS before each jwt verification.

Example

The following example takes the token passed by the frontend as a Bearer token in the Authorization header, and performs a networkless authenication by passing secretKey to createClerkClient(). This will verify if the user is signed into the application or not.

import { createClerkClient } from '@clerk/backend';

export async function GET(req: Request) {
  const clerkClient = createClerkClient({
    secretKey: process.env.CLERK_SECRET_KEY,
  });

  const { isSignedIn } = await clerkClient.authenticateRequest(req);

  if (!isSignedIn) {
    return Response.json({ status: 401 });
  }

  // Perform protected actions

  return Response.json({ message: 'This is a reply' });
}

Feedback

What did you think of this content?