feat(providers): Add Clerk OAuth Provider #11349
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
2 Skipped Deployments
|
|
@rogervila is attempting to deploy a commit to the authjs Team on Vercel. A member of the Team first needs to authorize it. |
rogervila
changed the title
|
Dear reviewers (@ThangHuuVu, @k-taro56, @ubbe-xyz, @ndom91), I understand there are many PRs to review and I do not want to put extra pressure. Nonetheless, I would like to ask for authorization on the Vercel - proxy CI step so I can see if the PR is green. Thank you! |
|
This would be useful for auth work my team is planning! |
| */ | ||
| export default function Clerk( | ||
| config: OAuthUserConfig<ClerkProfile> & { | ||
| baseUrl: string |
There was a problem hiding this comment.
No need for baseUrl or wellKnown, if the user passes issuer, we will construct the correct discovery URL.
Anything related to it should be dropped.
There was a problem hiding this comment.
I am not sure which is correct, but either Clerk is OIDC or OAuth compliant.
https://clerk.com/docs/advanced-usage/clerk-idp says OAuth2, but since you set the well-known endpoint, I am not sure.
Can you clarify?
| type: "oauth", | ||
| wellKnown: `${baseUrl}/.well-known/openid-configuration`, | ||
| authorization: { | ||
| url: `${baseUrl}/oauth/authorize`, | ||
| params: { scope: "email profile" }, | ||
| }, | ||
| token: `${baseUrl}/oauth/token`, | ||
| userinfo: { | ||
| url: `${baseUrl}/oauth/userinfo`, | ||
| async request({ tokens, provider }) { | ||
| const profile = await fetch(provider.userinfo?.url as URL, { | ||
| headers: { | ||
| Authorization: `Bearer ${tokens.access_token}`, | ||
| "User-Agent": "authjs", | ||
| }, | ||
| }).then(async (res) => await res.json()) | ||
|
|
||
| return profile | ||
| }, | ||
| }, | ||
| profile(profile) { | ||
| return profile | ||
| }, |
There was a problem hiding this comment.
| type: "oauth", | |
| wellKnown: `${baseUrl}/.well-known/openid-configuration`, | |
| authorization: { | |
| url: `${baseUrl}/oauth/authorize`, | |
| params: { scope: "email profile" }, | |
| }, | |
| token: `${baseUrl}/oauth/token`, | |
| userinfo: { | |
| url: `${baseUrl}/oauth/userinfo`, | |
| async request({ tokens, provider }) { | |
| const profile = await fetch(provider.userinfo?.url as URL, { | |
| headers: { | |
| Authorization: `Bearer ${tokens.access_token}`, | |
| "User-Agent": "authjs", | |
| }, | |
| }).then(async (res) => await res.json()) | |
| return profile | |
| }, | |
| }, | |
| profile(profile) { | |
| return profile | |
| }, | |
| type: "oidc", |
When a provider is OIDC compliant, none of these need to be set
| * Clerk({ | ||
| * clientId: CLERK_CLIENT_ID, | ||
| * clientSecret: CLERK_CLIENT_SECRET, | ||
| * baseUrl: CLERK_BASE_URL | ||
| * }), |
There was a problem hiding this comment.
Should be
| * Clerk({ | |
| * clientId: CLERK_CLIENT_ID, | |
| * clientSecret: CLERK_CLIENT_SECRET, | |
| * baseUrl: CLERK_BASE_URL | |
| * }), | |
| * Clerk, |
This should be enough, if the user sets AUTH_CLERK_ID, AUTH_CLERK_SECRET and AUTH_CLERK_ISSUER
| * | ||
| * @module providers/clerk | ||
| */ | ||
| import type { OAuthConfig, OAuthUserConfig } from "./index.js" |
There was a problem hiding this comment.
Should be updated to OIDCConfig and OIDCUserConfig
| * | ||
| * ### Resources | ||
| * | ||
| * - [Clerk - Use Clerk as an OAuth 2 Provider](https://clerk.com/docs/advanced-usage/clerk-idp) |
There was a problem hiding this comment.
Wording should say it's OIDC, not OAuth 2.
See eg.: https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/auth0.ts
☕️ Reasoning
Implement Clerk as an OAuth 2 Provider based on their docs.
🧢 Checklist
🎫 Affected issues
Fixes #9316
📌 Resources