@clerk/chrome-extension
Advanced tools
Changelog · Report a Bug · Request a Feature · Get help
Clerk is the easiest way to add authentication and user management to your Chrome Extension. Add sign up, sign in, and profile management to your application in minutes.
>=18.17.0 or laterAdd @clerk/chrome-extension to your project:
npm install @clerk/chrome-extension
Retrieve the Publishable key from your Clerk dashboard and set it as an environment variable. For example, if you used Vite:
VITE_CLERK_PUBLISHABLE_KEY=pk_test_xxx
Add <ClerkProvider> to your app and define the routerPush & routerReplace properties. For example, with using react-router-dom:
// App.tsx
import { SignedIn, SignedOut, SignIn, SignUp, ClerkProvider } from '@clerk/chrome-extension';
import { useNavigate, Routes, Route, MemoryRouter } from 'react-router-dom';
function HelloUser() {
return <p>Hello user</p>;
}
const publishableKey = process.env.VITE_CLERK_PUBLISHABLE_KEY || '';
function ClerkProviderWithRoutes() {
const navigate = useNavigate();
return (
<ClerkProvider
publishableKey={publishableKey}
routerPush={to => navigate(to)}
routerReplace={to => navigate(to, { replace: true })}
>
<Routes>
<Route
path='/sign-up/*'
element={<SignUp signInUrl='/' />}
/>
<Route
path='/'
element={
<>
<SignedIn>
<HelloUser />
</SignedIn>
<SignedOut>
<SignIn
afterSignInUrl='/'
signUpUrl='/sign-up'
/>
</SignedOut>
</>
}
/>
</Routes>
</ClerkProvider>
);
}
function App() {
return (
<MemoryRouter>
<ClerkProviderWithRoutes />
</MemoryRouter>
);
}
export default App;
Example repositories:
If you want to use WebSSO (extension shares authentication state with a website in same browser) you'll need to add the syncSessionWithTab prop to <ClerkProvider>.
manifest.json)You must enable the following permissions in your manifest.json file:
{
"permissions": ["cookies", "storage"]
}
More info on the "cookies" permission: Google Developer Cookies Reference. More info on the "storage" permission: Google Developer Storage Reference.
You must enable the following host permissions in your manifest.json file:
"host_permissions": ["http://localhost"]
localhost, you'll want replace that entry with your domain: http://<DOMAIN>"host_permissions": ["https://<YOUR_CLERK_FRONTEND_API_GOES_HERE>/"]
For more info on host permissions visit Google's developer host_permissions reference.
Add your Chrome extension origin to your instance's allowed_origins using the Backend API:
curl -X PATCH https://api.clerk.com/v1/instance \
-H "Authorization: Bearer sk_secret_key" \
-H "Content-type: application/json" \
-d '{"allowed_origins": ["chrome-extension://extension_id_goes_here"]}'
Setting the allowed_origins is required for both Development and Production instances.
You can get in touch with us in any of the following ways:
We're open to all community contributions! If you'd like to contribute in any way, please read our contribution guidelines and code of conduct.
@clerk/chrome-extension follows good practices of security, but 100% security cannot be assured.
@clerk/chrome-extension is provided "as is" without any warranty. Use at your own risk.
For more information and to report security issues, please refer to our security documentation.
This project is licensed under the MIT license.
See LICENSE for more information.
FAQs
Clerk SDK for Chrome extensions
The npm package @clerk/chrome-extension receives a total of 13,372 weekly downloads. As such, @clerk/chrome-extension popularity was classified as popular.
We found that @clerk/chrome-extension demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
November CVE publications fell 25% YoY even as 2025 totals rose, showing how a few major CNAs can swing “global” counts and skew perceived risk.
Security News
React disclosed a CVSS 10.0 RCE in React Server Components and is advising users to upgrade affected packages and frameworks to patched versions now.
Research
/Security News
We spotted a wave of auto-generated “elf-*” npm packages published every two minutes from new accounts, with simple malware variants and early takedowns underway.