Skip to content

feat(backend): handle handshake nonce payload #5865

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
May 9, 2025
Merged

feat(backend): handle handshake nonce payload #5865

merged 14 commits into from
May 9, 2025

Conversation

jacekradko
Copy link
Member

@jacekradko jacekradko commented May 6, 2025
edited
Loading

Description

Implementing the handler for __clerk_handshake_nonce cookie.

Changes

  • Backend token flow update: In HandshakeService, when a handshakeNonce is present, call apiClient.clients.getHandshakePayload(), extract its directives and set cookies

  • Handshake now handles either handshakeNonce or handshakeToken cookies/params

  • Client‐side query param handling:
    • Add __clerk_handshake_nonce to the list of recognized Clerk query parameters in getClerkQueryParam.ts.
    • Strip __clerk_handshake_nonce (alongside other Clerk params) during URL cleanup in core/clerk.ts .

Related: SDKI-979

Checklist

  • pnpm test runs as expected.
  • pnpm build runs as expected.
  • (If applicable) JSDoc comments have been added or updated for any package exports
  • (If applicable) Documentation has been updated

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented May 6, 2025
edited
Loading

🦋 Changeset detected

Latest commit: b09f649

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 14 packages
Name Type
@clerk/clerk-js Minor
@clerk/backend Minor
@clerk/chrome-extension Patch
@clerk/clerk-expo Patch
@clerk/agent-toolkit Patch
@clerk/astro Patch
@clerk/express Patch
@clerk/fastify Patch
@clerk/nextjs Patch
@clerk/nuxt Patch
@clerk/react-router Patch
@clerk/remix Patch
@clerk/tanstack-react-start Patch
@clerk/testing Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel Vercel
Copy link

vercel bot commented May 6, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
clerk-js-sandbox ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 9, 2025 3:44pm

@jacekradko jacekradko requested a review from Copilot May 8, 2025 23:23
@jacekradko jacekradko marked this pull request as ready for review May 8, 2025 23:23
Copilot
Copilot AI reviewed May 8, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements a new handshake nonce flow on both the backend and client sides. Key changes include:

  • Adding '__clerk_handshake_nonce' to recognized query params and URL cleanup.
  • Updating the handshake token resolution logic to prioritize handshakeNonce and fetching handshakePayload directives.
  • Replacing the legacy handshake payload schema and endpoints with the updated directives-based design.

Reviewed Changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
packages/clerk-js/src/utils/getClerkQueryParam.ts Added the new '__clerk_handshake_nonce' parameter for client query handling.
packages/clerk-js/src/core/clerk.ts Removed the handshake nonce parameter after URL cleanup.
packages/backend/src/tokens/request.ts Updated request authentication to check for handshakeNonce as well as handshakeToken.
packages/backend/src/tokens/handshake.ts Implemented handshake nonce logic by fetching payload directives using the nonce.
packages/backend/src/api/resources/HandshakePayload.ts Updated payload structure from (nonce, payload) to directives array.
packages/backend/src/api/endpoints/ClientApi.ts Added new client API endpoint for fetching handshake payload using nonce.
packages/backend/src/api/tests/ClientApi.test.ts Added tests for the new handshake payload flow.
.changeset/eight-heads-act.md Documented the changes affecting handshake nonce flow.
Comments suppressed due to low confidence (1)

packages/backend/src/api/endpoints/HandshakePayloadApi.ts:1

  • [nitpick] If this endpoint is no longer in use with the new handshake payload flow, consider removing the legacy HandshakePayloadApi file entirely to reduce code clutter.
import type { HandshakePayload } from '../resources/HandshakePayload';

@jacekradko jacekradko enabled auto-merge (squash) May 9, 2025 15:48
@jacekradko jacekradko merged commit 0769a9b into main May 9, 2025
31 of 32 checks passed
@jacekradko jacekradko deleted the feat/handle-handshake-payload branch May 9, 2025 15:53
@clerk-cookie clerk-cookie mentioned this pull request May 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@dstaley dstaley dstaley approved these changes

Assignees
No one assigned
Labels
backend clerk-js
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jacekradko @dstaley @clerk-cookie