Product
Introducing SSO
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
@clerk/backend-core
Advanced tools
Readme
This package has been deprecated in favor of the isomorphic @clerk/backend
which is now used across all server-enabled Clerk packages. This package will not receive any future updates. It should not be used directly - please use as a reference only.
This package provides Clerk Backend API core resources and low-level authentication utilities for JavaScript environments. It is mostly used as the base for other Clerk SDKs.
npm install @clerk/backend-core
To build the package locally with the TypeScript compiler, run:
npm run build
@clerk/backend-core
contains all the logic for basic Clerk functionalities, without being platform/environment, specific such as:
This package is used as the base building block for Clerk JavaScript SDKs and environments. This is achieved by providing all the required business logic if only a few environment-specific utilities are implemented by the client.
In essence, the client should supply these key functions in the Clerk Base and ClerkBackendApi classes:
importKeyFunction
.verifySignatureFunction
.decodeBase64Function
.ClerkFetcher
.After supplying those in the Base
and ClerkBackendApi
classes, you can use all the Clerk utilities required for the SDK business logic.
const importKey = async (jwk: JsonWebKey, algorithm: Algorithm) => {
// ...
};
const verifySignature = async (algorithm: Algorithm, key: CryptoKey, signature: Uint8Array, data: Uint8Array) => {
// ...
};
const decodeBase64 = (base64: string) => {
// ...
};
/** Base initialization */
const examplePlatformBase = new Base(importKey, verifySignature, decodeBase64);
After creating the Base
instance you can use core functions such as:
examplePlatformBase.verifySessionToken(...);
examplePlatformBase.getAuthState(...);
The Base
utilities include the building blocks for developing any extra logic and middleware required for the target platform.
Clerk's JWT session token, contains the azp claim, which equals the Origin of the request during token generation. You can provide a list of whitelisted origins to verify against, during every token verification, to protect your application of the subdomain cookie leaking attack. You can find an example below:
const authorizedParties = ['http://localhost:3000', 'https://example.com'];
examplePlatformBase.verifySessionToken(token > { authorizedParties });
API resource management is also provided by this package through the ClerkBackendApi class. For more information on the API resources you can checkout the resource documentation page.
To use the Clerk Backend API wrapper in any JavaScript platform, you would need to provide some specific SDK information and an HTTP fetching utility. See more at the ClerkBackendAPIProps implementation.
You can get in touch with us in any of the following ways:
We're open to all community contributions! If you'd like to contribute in any way, please read our contribution guidelines.
@clerk/backend-core
follows good practices of security, but 100% security cannot be assured.
@clerk/backend-core
is provided "as is" without any warranty. Use at your own risk.
For more information and to report security issues, please refer to our security documentation.
This project is licensed under the MIT license.
See LICENSE for more information.
FAQs
Clerk Backend API core resources and authentication utilities for JavaScript environments.
The npm package @clerk/backend-core receives a total of 1,590 weekly downloads. As such, @clerk/backend-core popularity was classified as popular.
We found that @clerk/backend-core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.