Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(nextjs,backend,integration): Introduce dynamic keys from clerkMiddleware #3525

Merged
merged 39 commits into from
Jul 1, 2024
Merged

feat(nextjs,backend,integration): Introduce dynamic keys from clerkMiddleware #3525

merged 39 commits into from
Jul 1, 2024

Conversation

LauraBeatris
Copy link
Member

@LauraBeatris LauraBeatris commented Jun 5, 2024
edited
Loading

Description

Resolves SDK-1253, SDK-1811, SDK-1770

This PR introduces dynamic keys from clerkMiddleware, solving the following problems:

  • auth() cannot assert the session token signature due to an undefined secret key, leading to a runtime error.
  • auth.createRedirect doesn't redirect to signInUrl or signUpUrl since those aren't propagated as well.

The propagation is done by encrypting an x-clerk-request-data header and sending it from the middleware runtime to the application runtime, where it's going to be decrypted using a key. The key used for encryption is resolved based on the following conditions:

  • If security-sensitive options, such as secretKey are provided, then CLERK_ENCRYPTION_KEY is required
  • Otherwise, fallbacks to CLERK_SECRET_KEY, which is going to have backward compatibility.

Checklist

  • npm test runs as expected.
  • npm run build runs as expected.
  • (If applicable) JSDoc comments have been added or updated for any package exports
  • (If applicable) Documentation has been updated

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

@LauraBeatris LauraBeatris self-assigned this Jun 5, 2024
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jun 5, 2024
edited
Loading

🦋 Changeset detected

Latest commit: c458ab7

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 7 packages
Name Type
@clerk/backend Minor
@clerk/nextjs Minor
@clerk/express Patch
@clerk/fastify Patch
@clerk/remix Patch
@clerk/clerk-sdk-node Patch
@clerk/tanstack-start Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@LauraBeatris LauraBeatris changed the title feat(clerk-nextjs): Propagate clerkMiddleware options to application server feat(nextjs): Propagate clerkMiddleware options to application server Jun 5, 2024
@LauraBeatris LauraBeatris force-pushed the propagate-nextjs-middleware-options branch from 4dd4f25 to 31cd84c Compare June 5, 2024 20:59
@LauraBeatris LauraBeatris force-pushed the propagate-nextjs-middleware-options branch 4 times, most recently from ecf05b8 to daf8b1c Compare June 7, 2024 17:15
nikosdouvlis
nikosdouvlis reviewed Jun 10, 2024
View reviewed changes
packages/nextjs/src/app-router/server/ClerkProvider.tsx Outdated Show resolved Hide resolved
packages/nextjs/src/app-router/server/auth.ts Outdated Show resolved Hide resolved
packages/nextjs/src/server/errors.ts Outdated Show resolved Hide resolved
packages/nextjs/src/server/utils.ts Show resolved Hide resolved
@nikosdouvlis
Copy link
Member

I know that this is still a draft PR, so don't worry about this comment yet. Once everything's is in place, let's also add an e2e test covering this flow. Feel free to ping anyone from team-sdk about this :)

brkalow
brkalow reviewed Jun 10, 2024
View reviewed changes
packages/nextjs/src/app-router/server/ClerkProvider.tsx Outdated Show resolved Hide resolved
packages/nextjs/src/server/clerkMiddleware.ts Outdated Show resolved Hide resolved
packages/nextjs/src/server/utils.ts Outdated Show resolved Hide resolved
This was referenced Jun 11, 2024
Merged
Merged
@LauraBeatris LauraBeatris force-pushed the propagate-nextjs-middleware-options branch 2 times, most recently from c3f1524 to 27ba688 Compare June 12, 2024 17:39
@LauraBeatris LauraBeatris force-pushed the propagate-nextjs-middleware-options branch 2 times, most recently from c782f11 to 4c4ee19 Compare June 12, 2024 19:40
@LauraBeatris LauraBeatris force-pushed the propagate-nextjs-middleware-options branch 3 times, most recently from 9ba87be to 99893b4 Compare June 12, 2024 19:45
@LauraBeatris LauraBeatris force-pushed the propagate-nextjs-middleware-options branch 2 times, most recently from fffc077 to 220cff9 Compare June 13, 2024 16:13
LauraBeatris added 23 commits July 1, 2024 18:44
@LauraBeatris
Add CLERK_ENCRYPTION_KEY to integration tests
919ec6e
@LauraBeatris
Access redirect URLs from middleware options
73942bd
@LauraBeatris
Add changeset
853d90e
@LauraBeatris
Mock ENCRYPTION_KEY on authMiddleware unit tests
c1856cb
@LauraBeatris
Update snapshot for request headers
0be0727
@LauraBeatris
Warn when encryption key is missing instead of throwing
f520025
@LauraBeatris
Reference to docs on error message and changeset
8059461
@LauraBeatris
Add todo comment for next major version
4deca28
@LauraBeatris
Propagate secret key to backend client
aa532db
@LauraBeatris
Update changeset
7109105
@LauraBeatris
Propagate publishableKey to auth
6ee667b
@LauraBeatris
Update changeset to mention Dynamic Keys
b618edf
@LauraBeatris
Update encryption key env var for integration tests
d8cc06e
@LauraBeatris
Add CLERK_ENCRYPTION_KEY to CI
7d462a6
@LauraBeatris
feat(nextjs): Read dynamic keys from clerkClient within middleware …
f7df0ee 
…runtime (#3617)
@LauraBeatris
Rollback changes on authMiddleware
f3d83c8
@LauraBeatris
Fix unit tests and Proxy
25eaaf2
@LauraBeatris
Mention clerkClient on changeset
e2b4078
@LauraBeatris
Fallback to ALS on headers error
89a8a4c
@LauraBeatris
Update changeset
b76e2bb
@LauraBeatris
Fix error formatting
ed3aa79
@LauraBeatris
Extract middleware handler to separate variable
7170e31
@LauraBeatris
Re-throw errors related to static generation bail-out
db5fc1e
@LauraBeatris LauraBeatris force-pushed the propagate-nextjs-middleware-options branch from 20adf12 to a9c0509 Compare July 1, 2024 21:44
@LauraBeatris LauraBeatris force-pushed the propagate-nextjs-middleware-options branch from a9c0509 to c458ab7 Compare July 1, 2024 22:08
@LauraBeatris LauraBeatris merged commit f1847b7 into main Jul 1, 2024
15 checks passed
@LauraBeatris LauraBeatris deleted the propagate-nextjs-middleware-options branch July 1, 2024 22:23
@clerk-cookie clerk-cookie mentioned this pull request Jul 1, 2024
Merged
@dimkl
Copy link
Contributor

dimkl commented Jul 2, 2024

❓ Why did we choose the approach of the clerkClient() Proxy instead of exposing a getClerkClient()?
Even though we have already introduced the Proxy in the @clerk/clerk-sdk-node to load dynamically the env variables, I think that we could avoid using it here, and introduce a more specific API to avoid any confusion over the clerkClient.

cc: @LauraBeatris , @nikosdouvlis , @BRKalow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brkalow brkalow brkalow approved these changes

@nikosdouvlis nikosdouvlis Awaiting requested review from nikosdouvlis

Assignees

@LauraBeatris LauraBeatris

Labels
actions backend fastify integration nextjs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@LauraBeatris @nikosdouvlis @dimkl @brkalow @clerk-cookie