-
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(providers): Add Clerk OAuth Provider #11349
base: main
Are you sure you want to change the base?
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
2 Skipped Deployments
|
@rogervila is attempting to deploy a commit to the authjs Team on Vercel. A member of the Team first needs to authorize it. |
Dear reviewers (@ThangHuuVu, @k-taro56, @ubbe-xyz, @ndom91), I understand there are many PRs to review and I do not want to put extra pressure. Nonetheless, I would like to ask for authorization on the Vercel - proxy CI step so I can see if the PR is green. Thank you! |
This would be useful for auth work my team is planning! |
*/ | ||
export default function Clerk( | ||
config: OAuthUserConfig<ClerkProfile> & { | ||
baseUrl: string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No need for baseUrl
or wellKnown
, if the user passes issuer
, we will construct the correct discovery URL.
Anything related to it should be dropped.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure which is correct, but either Clerk is OIDC or OAuth compliant.
https://clerk.com/docs/advanced-usage/clerk-idp says OAuth2, but since you set the well-known endpoint, I am not sure.
Can you clarify?
type: "oauth", | ||
wellKnown: `${baseUrl}/.well-known/openid-configuration`, | ||
authorization: { | ||
url: `${baseUrl}/oauth/authorize`, | ||
params: { scope: "email profile" }, | ||
}, | ||
token: `${baseUrl}/oauth/token`, | ||
userinfo: { | ||
url: `${baseUrl}/oauth/userinfo`, | ||
async request({ tokens, provider }) { | ||
const profile = await fetch(provider.userinfo?.url as URL, { | ||
headers: { | ||
Authorization: `Bearer ${tokens.access_token}`, | ||
"User-Agent": "authjs", | ||
}, | ||
}).then(async (res) => await res.json()) | ||
|
||
return profile | ||
}, | ||
}, | ||
profile(profile) { | ||
return profile | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
type: "oauth", | |
wellKnown: `${baseUrl}/.well-known/openid-configuration`, | |
authorization: { | |
url: `${baseUrl}/oauth/authorize`, | |
params: { scope: "email profile" }, | |
}, | |
token: `${baseUrl}/oauth/token`, | |
userinfo: { | |
url: `${baseUrl}/oauth/userinfo`, | |
async request({ tokens, provider }) { | |
const profile = await fetch(provider.userinfo?.url as URL, { | |
headers: { | |
Authorization: `Bearer ${tokens.access_token}`, | |
"User-Agent": "authjs", | |
}, | |
}).then(async (res) => await res.json()) | |
return profile | |
}, | |
}, | |
profile(profile) { | |
return profile | |
}, | |
type: "oidc", |
When a provider is OIDC compliant, none of these need to be set
* Clerk({ | ||
* clientId: CLERK_CLIENT_ID, | ||
* clientSecret: CLERK_CLIENT_SECRET, | ||
* baseUrl: CLERK_BASE_URL | ||
* }), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be
* Clerk({ | |
* clientId: CLERK_CLIENT_ID, | |
* clientSecret: CLERK_CLIENT_SECRET, | |
* baseUrl: CLERK_BASE_URL | |
* }), | |
* Clerk, |
This should be enough, if the user sets AUTH_CLERK_ID
, AUTH_CLERK_SECRET
and AUTH_CLERK_ISSUER
* | ||
* @module providers/clerk | ||
*/ | ||
import type { OAuthConfig, OAuthUserConfig } from "./index.js" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be updated to OIDCConfig and OIDCUserConfig
* | ||
* ### Resources | ||
* | ||
* - [Clerk - Use Clerk as an OAuth 2 Provider](https://clerk.com/docs/advanced-usage/clerk-idp) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wording should say it's OIDC, not OAuth 2.
See eg.: https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/auth0.ts
☕️ Reasoning
Implement Clerk as an OAuth 2 Provider based on their docs.
🧢 Checklist
🎫 Affected issues
Fixes #9316
📌 Resources