feat(nextjs): Support Accountless mode #4602
Conversation
🦋 Changeset detectedLatest commit: b27445d The changes in this PR will be included in the next version bump. This PR includes changesets to release 22 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
…der and update middleware to read sk and pk from cookies
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -224,6 +237,8 @@ | |||
| } | |||
| } | |||
|
|
|||
| const ACCOUNTLESS_ENCRYPTION_KEY = 'clerk_accountless_dummy_key'; | |||
Check failure
Code scanning / CodeQL
Hard-coded credentials Critical
|
!snapshot |
|
Hey @nikosdouvlis - the snapshot version command generated the following package versions:
Tip: Use the snippet copy button below to quickly install the required packages. npm i @clerk/astro@1.4.14-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/backend@1.18.0-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/chrome-extension@1.3.38-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/clerk-js@5.35.0-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/elements@0.19.5-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/clerk-expo@2.3.7-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/expo-passkeys@0.0.7-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/express@1.3.16-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/fastify@2.0.18-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/localizations@3.6.5-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/nextjs@6.5.0-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/nuxt@0.0.2-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/clerk-react@5.16.1-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/remix@4.2.54-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/clerk-sdk-node@5.0.67-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/shared@2.15.1-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/tanstack-start@0.5.1-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/testing@1.3.28-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/themes@2.1.46-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/types@4.35.0-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/ui@0.1.22-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact
npm i @clerk/vue@0.0.6-snapshot.v86758dae8d163423fa7a7e671b8ed2acfe654bd1 --save-exact |
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 1 Skipped Deployment
|
panteliselef
force-pushed
the
elef/user-1072-support-accountless-in-clerknextjs
branch
from
8f908b0
to
18e8fe4
Compare
panteliselef
force-pushed
the
elef/user-1072-support-accountless-in-clerknextjs
branch
from
18e8fe4
to
5e0181d
Compare
React does not like the fact that <html><body> may be missing and that Suspense is not used inside <html>
…s-in-clerknextjs # Conflicts: # packages/clerk-js/src/core/clerk.ts # packages/clerk-js/src/ui/Components.tsx # packages/clerk-js/src/ui/lazyModules/components.ts
| export function ClientComponent() { | ||
| useAuth(); | ||
|
|
There was a problem hiding this comment.
this is just auto formatting
| @@ -23,6 +24,9 @@ export function createBackendApiClient(options: CreateBackendApiOptions) { | |||
| const request = buildRequest(options); | |||
|
|
|||
| return { | |||
| __experimental_accountlessApplications: new AccountlessApplicationAPI( | |||
There was a problem hiding this comment.
i'd like to have this as experimental for a while
| @@ -51,13 +51,23 @@ type BuildRequestOptions = { | |||
| apiVersion?: string; | |||
| /* Library/SDK name */ | |||
| userAgent?: string; | |||
|
|
|||
| skipSecretKey?: boolean; | |||
There was a problem hiding this comment.
the endpoint for creating the accountless keys doesn't require a secret key
| }, | ||
| "#fs": { | ||
| "edge-light": "./runtime/browser/fs.js", | ||
| "worker": "./runtime/browser/fs.js", | ||
| "browser": "./runtime/browser/fs.js", | ||
| "node": { | ||
| "require": "./runtime/node/fs.js", | ||
| "import": "./runtime/node/fs.js" | ||
| }, | ||
| "default": "./runtime/browser/fs.js" |
There was a problem hiding this comment.
fixes a bug in nextjs where importing from node:fs is prohibited and the dev server or build step fails even if the code is wrapped with try/catch.
| "#fs": { | ||
| "edge-light": "./runtime/browser/fs.js", | ||
| "worker": "./runtime/browser/fs.js", | ||
| "browser": "./runtime/browser/fs.js", | ||
| "node": { | ||
| "require": "./runtime/node/fs.js", | ||
| "import": "./runtime/node/fs.js" | ||
| }, | ||
| "default": "./runtime/browser/fs.js" |
There was a problem hiding this comment.
fixes a bug in nextjs where importing from node:fs is prohibited and the dev server or build step fails even if the code is wrapped with try/catch.
| @@ -0,0 +1,12 @@ | |||
| const { existsSync, writeFileSync, readFileSync, appendFileSync, mkdirSync, rmSync } = require('node:fs'); | |||
| const path = require('node:path'); | |||
There was a problem hiding this comment.
i added path inside the #fs module because it was faster, let me know if you disagree
There was a problem hiding this comment.
Make we can rename it something else if we want to export both.
| const { secretKey, apiUrl = API_URL, apiVersion = API_VERSION, userAgent = USER_AGENT } = options; | ||
| const { | ||
| secretKey, | ||
| skipSecretKey = false, |
There was a problem hiding this comment.
I think requireSecretKey might be a better name.
| skipSecretKey = false, | |
| requireSecretKey = false, |
| // TODO-ACCOUNTLESS: Do we even need this ? I think setting the cookie will reset the router cache. | ||
| redirect(`/clerk-sync-accountless?returnUrl=${returnUrl}`, RedirectType.replace); |
There was a problem hiding this comment.
What is the route for specifically? Would be nice if we could remove! Would it be enough if we triggered a full page refresh?
| @@ -21,3 +21,5 @@ export const SDK_METADATA = { | |||
|
|
|||
| export const TELEMETRY_DISABLED = isTruthy(process.env.NEXT_PUBLIC_CLERK_TELEMETRY_DISABLED); | |||
| export const TELEMETRY_DEBUG = isTruthy(process.env.NEXT_PUBLIC_CLERK_TELEMETRY_DEBUG); | |||
|
|
|||
| export const ALLOW_ACCOUNTLESS = isTruthy(process.env.NEXT_PUBLIC_CLERK_ACCOUNTLESS); | |||
There was a problem hiding this comment.
Maybe a better name:
| export const ALLOW_ACCOUNTLESS = isTruthy(process.env.NEXT_PUBLIC_CLERK_ACCOUNTLESS); | |
| export const ENABLE_KEYLESS = isTruthy(process.env.NEXT_PUBLIC_CLERK_ENABLE_KEYLESS); |
| /** | ||
| * If publishable key avoid appending an invalid script in the dom. |
There was a problem hiding this comment.
| /** | |
| * If publishable key avoid appending an invalid script in the dom. | |
| /** | |
| * If no publishable key, avoid appending an invalid script in the DOM. |
| * Note: Using lazy() with Suspense instead of dynamic is not possible as React will throw a hydration error when `ClerkProvider` wraps `<html><body>...` | ||
| */ | ||
| const LazyAccountlessCreator = dynamic(() => | ||
| import('./lazy-accountless-creator.js').then(m => m.AccountlessCreateKeys), |
There was a problem hiding this comment.
Is the extension necessary?
| import('./lazy-accountless-creator.js').then(m => m.AccountlessCreateKeys), | |
| import('./lazy-accountless-creator').then(m => m.AccountlessCreateKeys), |
There was a problem hiding this comment.
i believe eslint was complaining
|
|
||
| export const ClientClerkProvider = (props: NextClerkProviderProps) => { | ||
| const { children, ...rest } = props; | ||
| const safePk = mergeNextClerkPropsWithEnv(rest).publishableKey; |
There was a problem hiding this comment.
| const safePk = mergeNextClerkPropsWithEnv(rest).publishableKey; | |
| const safePublishableKey = mergeNextClerkPropsWithEnv(rest).publishableKey; |
| const { children, ...rest } = props; | ||
| const safePk = mergeNextClerkPropsWithEnv(rest).publishableKey; | ||
|
|
||
| if (safePk || isNextWithUnstableServerActions || !ALLOW_ACCOUNTLESS) { |
There was a problem hiding this comment.
| if (safePk || isNextWithUnstableServerActions || !ALLOW_ACCOUNTLESS) { | |
| if (safePublishableKey || isNextWithUnstableServerActions || !ALLOW_ACCOUNTLESS) { |
| @@ -97,7 +97,19 @@ export function decorateRequest( | |||
| req: ClerkRequest, | |||
| res: Response, | |||
| requestState: RequestState, | |||
| requestData?: AuthenticateRequestOptions, | |||
| requestData: AuthenticateRequestOptions, | |||
| publicRequestDate: Pick< | |||
There was a problem hiding this comment.
| publicRequestDate: Pick< | |
| publicRequestData: Pick< |
| requestData: AuthenticateRequestOptions, | ||
| publicRequestDate: Pick< |
There was a problem hiding this comment.
Can you remind me why we need these two different buckets of request data?
| '@clerk/types': minor | ||
| --- | ||
|
|
||
| accountless |
There was a problem hiding this comment.
Once we're ready, let's expand the changeset description here. And consolidate the two changeset files.
| */ | ||
| const dynamicConfig = await getDynamicConfig(); | ||
|
|
||
| const newOrReadKeys = dynamicConfig.accountlessMode |
There was a problem hiding this comment.
About dynamicConfig.accountlessMode we need a way to let us know that the middleware is using the PK and SK from the accountless cookies
| '@clerk/types': minor | ||
| --- | ||
|
|
||
| accountless |
| '@clerk/nextjs': minor | ||
| --- | ||
|
|
||
| accountless |
| # | ||
| # # #### #### #### # # # # ##### # ###### #### #### | ||
| # # # # # # # # # # ## # # # # # # | ||
| # # # # # # # # # # # # # ##### #### #### | ||
| ####### # # # # # # # # # # # # # # | ||
| # # # # # # # # # # # ## # # # # # # # | ||
| # # #### #### #### #### # # # ###### ###### #### #### |
|
!snapshot |
|
Hey @issuedat - the snapshot version command generated the following package versions:
Tip: Use the snippet copy button below to quickly install the required packages. npm i @clerk/astro@1.5.0-snapshot.v20241129092324 --save-exact
npm i @clerk/backend@1.19.0-snapshot.v20241129092324 --save-exact
npm i @clerk/chrome-extension@2.0.1-snapshot.v20241129092324 --save-exact
npm i @clerk/clerk-js@5.36.0-snapshot.v20241129092324 --save-exact
npm i @clerk/elements@0.19.8-snapshot.v20241129092324 --save-exact
npm i @clerk/clerk-expo@2.3.11-snapshot.v20241129092324 --save-exact
npm i @clerk/expo-passkeys@0.0.10-snapshot.v20241129092324 --save-exact
npm i @clerk/express@1.3.19-snapshot.v20241129092324 --save-exact
npm i @clerk/fastify@2.0.21-snapshot.v20241129092324 --save-exact
npm i @clerk/localizations@3.7.1-snapshot.v20241129092324 --save-exact
npm i @clerk/nextjs@6.6.0-snapshot.v20241129092324 --save-exact
npm i @clerk/nuxt@0.0.5-snapshot.v20241129092324 --save-exact
npm i @clerk/clerk-react@5.17.1-snapshot.v20241129092324 --save-exact
npm i @clerk/remix@4.2.57-snapshot.v20241129092324 --save-exact
npm i @clerk/clerk-sdk-node@5.0.70-snapshot.v20241129092324 --save-exact
npm i @clerk/shared@2.17.1-snapshot.v20241129092324 --save-exact
npm i @clerk/tanstack-start@0.5.4-snapshot.v20241129092324 --save-exact
npm i @clerk/testing@1.3.31-snapshot.v20241129092324 --save-exact
npm i @clerk/themes@2.1.49-snapshot.v20241129092324 --save-exact
npm i @clerk/types@4.36.0-snapshot.v20241129092324 --save-exact
npm i @clerk/ui@0.1.25-snapshot.v20241129092324 --save-exact
npm i @clerk/vue@0.0.9-snapshot.v20241129092324 --save-exact |
Description
Opt-in support for Accountless
This is introduced for
@clerk/nextjsbut more sdks may follow in the future.What does the PR do (for development only).
.clerk/Technical
For ClerkProvider as RSC:
clerkMIddlewaredetects missing sk -> basically calls next() as "signed-out" and let rendering to call Server ClerkProvider -> Server ClerkProvider fetches and creates the keys, stores them into a file -> It passes the keys into a client component that will fire a server action on mount that sets the keys into cookies and redirect to a made up url thatclerkMiddelwareexpects ->clerkMiddlewareruns again, this time detects the cookies that contain the accountless keys and properly propagates the pk and sk further down.For ClerkProvider as Client component: The provider will render which fires a server action that creates the keys and set them into cookies. Once this is completed we return only the PK and the claimUrl and we force the ClerkProvider from clerk-react to remount.
Requirements
Checklist
pnpm testruns as expected.pnpm buildruns as expected.Type of change