Skip to content

feat(backend): introduce handshake#2300

Merged
SokratisVidros merged 19 commits into
mainfrom
client_handshake_Refactor
Dec 13, 2023
Merged

feat(backend): introduce handshake#2300
SokratisVidros merged 19 commits into
mainfrom
client_handshake_Refactor

Conversation

@brkalow

@brkalow brkalow commented Dec 8, 2023

Copy link
Copy Markdown
Member

Description

  • Remove issuer verification
  • Replace interstitial flow with handshake flow
  • Update existing interstitial related tests

Checklist

  • npm test runs as expected.
  • npm run build runs as expected.
  • (If applicable) JSDoc comments have been added or updated for any package exports
  • (If applicable) Documentation has been updated

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

Packages affected

  • @clerk/backend
  • @clerk/chrome-extension
  • @clerk/clerk-js
  • @clerk/clerk-expo
  • @clerk/fastify
  • gatsby-plugin-clerk
  • @clerk/localizations
  • @clerk/nextjs
  • @clerk/clerk-react
  • @clerk/remix
  • @clerk/clerk-sdk-node
  • @clerk/shared
  • @clerk/themes
  • @clerk/types
  • build/tooling/chore

@changeset-bot

changeset-bot Bot commented Dec 8, 2023

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: fb6e5c1

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 6 packages
Name Type
@clerk/backend Major
@clerk/fastify Patch
gatsby-plugin-clerk Patch
@clerk/nextjs Patch
@clerk/remix Patch
@clerk/clerk-sdk-node Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

Comment thread packages/backend/src/index.ts Outdated
Comment thread packages/backend/src/tokens/request.ts Outdated
Comment thread packages/backend/src/tokens/request.ts Outdated
let verifyResult: JwtPayload;

try {
verifyResult = await verifyToken(sessionToken, authenticateContext);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: for a follow up PR: verifyToken should return result, error to avoid controlling the flow with via an exception. The code will read much better.

cc: @nikosdouvlis this affects the V5 API exports

Comment thread packages/backend/src/tokens/request.ts
Comment thread packages/backend/src/tokens/request.ts Outdated
Comment thread packages/backend/src/tokens/request.ts Outdated
Comment thread packages/backend/src/tokens/request.ts Outdated
Comment thread packages/backend/src/tokens/request.ts Outdated
Comment thread packages/nextjs/src/server/authMiddleware.ts Outdated
@github-actions

Copy link
Copy Markdown
Contributor

⚠️ Changes detected under the ClerkJS ui directory!

Don't forget to apply the same changes under the /ui.retheme directory:
packages/clerk-js/src/ui/** ➡️ packages/clerk-js/src/ui.retheme/**

Also, you may need to update the following files:

  • packages/localizations/src/en-US.retheme.ts
  • packages/localizations/src/index.retheme.ts
  • packages/types/src/appearance.retheme.ts
  • packages/types/src/clerk.retheme.ts
  • packages/types/src/index.retheme.ts
  • packages/types/src/localization.retheme.ts

@nikosdouvlis nikosdouvlis force-pushed the client_handshake_Refactor branch from 8210b4a to 1b6aed6 Compare December 12, 2023 16:16
Comment thread packages/backend/src/tokens/authStatus.ts Outdated
Comment thread packages/backend/src/tokens/handshake.ts Outdated
Comment thread packages/backend/src/tokens/request.ts
Comment thread packages/backend/src/tokens/request.ts Outdated
return handleInterstitialCase(res, requestState, interstitial.data);

if (requestState.status === AuthStatus.Handshake) {
// TODO: Handle handshake

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nikosdouvlis Reminder for this ☝️

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@SokratisVidros
Posting here for posterity - this will be handled with a 2nd PR once we've completed testing the nextjs integration.

@brkalow brkalow force-pushed the client_handshake_Refactor branch from eb57432 to 073be40 Compare December 12, 2023 22:25
@brkalow brkalow force-pushed the client_handshake_Refactor branch from 073be40 to da79ae6 Compare December 12, 2023 22:28
SokratisVidros and others added 8 commits December 13, 2023 10:50
* Test suite start

* feat(backend,nextjs,utils): Fix jest

* first test

* Fix bug in jwks cache for multiple runtime keys

* Add all the tests, including many failing

* Add all the tests, including many failing

* fix(shared): Correctly construct proxy URL

---------

Co-authored-by: Nikos Douvlis <nikosdouvlis@gmail.com>
Co-authored-by: Bryce Kalow <bryce@clerk.dev>
brkalow and others added 8 commits December 13, 2023 10:50
* feat(backend): Remove interstitial endpoints

* feat(backend,types): Remove local interstitial script

* feat(types): Clean retheme types

* feat(backend): Remove interstitial and interstitial rules

* feat(clerk-js): Remove interstitial from clerk-js

* feat(nextjs): Remove interstitial from authMiddleware

* feat(fastify): Remove interstitial

* feat(gatsby-plugin-clerk): Remove interstitial

* feat(remix): Remove interstitial

* feat(clerk-sdk-node): Remove interstitial

* fix(nextjs): Always respect redirect header if found

As it's possible that we trigger a redirect from authenticateRequest that isn't a handshake status (dev multi-domain sync, for example)

* chore(repo): Fix sdk tests

* fix(clerk-js): Fix tests related to db-jwt

* fix(clerk-js): Keep hasJustSynced check
@SokratisVidros SokratisVidros force-pushed the client_handshake_Refactor branch from 577b981 to 91404bc Compare December 13, 2023 08:53
@SokratisVidros SokratisVidros force-pushed the client_handshake_Refactor branch from c3ec485 to 59943a5 Compare December 13, 2023 09:04
@SokratisVidros SokratisVidros merged commit 86d52fb into main Dec 13, 2023
@SokratisVidros SokratisVidros deleted the client_handshake_Refactor branch December 13, 2023 09:27
octoper pushed a commit that referenced this pull request Dec 13, 2023
* feat(backend): Try the new Client Handshake mechanism

* feat(backend): Update authenticateRequest handler to support multi-domain handshake

* feat(repo): Introduce tests for client handshake (#2265)

* Test suite start

* feat(backend,nextjs,utils): Fix jest

* first test

* Fix bug in jwks cache for multiple runtime keys

* Add all the tests, including many failing

* Add all the tests, including many failing

* fix(shared): Correctly construct proxy URL

---------

Co-authored-by: Nikos Douvlis <nikosdouvlis@gmail.com>
Co-authored-by: Bryce Kalow <bryce@clerk.dev>

* chore(backend): Refactor authenticateRequest to clarify logic

* fix(backend): Fix options passing to authenticateRequest

* feat(backend): Add sec-fetch-dest check for satellite sync, adjust tests to support additional URLs

* feat(backend): Account for clock skew in dev, but still log error

* feat(backend): Refactor backend tests to account for recent refactoring to authenticateRequest

* feat(backend): Treat handshake payload as a signed jwt

* fix(backend): Add tests and adjust logic to ensure existing tests pass

* chore(backend): Refactor tests to conform to new method signature

* chore(repo): Add changeset

* feat(*): Drop interstitial (#2304)

* feat(backend): Remove interstitial endpoints

* feat(backend,types): Remove local interstitial script

* feat(types): Clean retheme types

* feat(backend): Remove interstitial and interstitial rules

* feat(clerk-js): Remove interstitial from clerk-js

* feat(nextjs): Remove interstitial from authMiddleware

* feat(fastify): Remove interstitial

* feat(gatsby-plugin-clerk): Remove interstitial

* feat(remix): Remove interstitial

* feat(clerk-sdk-node): Remove interstitial

* fix(nextjs): Always respect redirect header if found

As it's possible that we trigger a redirect from authenticateRequest that isn't a handshake status (dev multi-domain sync, for example)

* chore(repo): Fix sdk tests

* fix(clerk-js): Fix tests related to db-jwt

* fix(clerk-js): Keep hasJustSynced check

* chore(*): Fix linter

* chore(backend): Remove unused AuthErrorReason properties, destructure from authenticateContext

* chore(clerk-js): Remove unused @ts-expect-error directive

* fix: Address build issues in sdk-node

* fix(remix): Correct Remix build issues

* chore(repo): Apply linting fixes

---------

Co-authored-by: Sokratis Vidros <sokratis.vidros@gmail.com>
Co-authored-by: Colin Sidoti <51144033+colinclerk@users.noreply.github.com>
Co-authored-by: Nikos Douvlis <nikosdouvlis@gmail.com>
Co-authored-by: Colin Sidoti <colin@clerk.dev>
const verifyToken = (token: string, verifyOpts?: VerifyTokenOptions) => {
const issuer = (iss: string) => iss.startsWith('https://clerk.') || iss.includes('.clerk.accounts');
return _verifyToken(token, { issuer, ...options, ...verifyOpts });
};

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Before this change, we supported using the following:

import { clerkClient } from '@clerk/clerk-sdk-node';
clerkClient.verifyToken('token');

With the above change the customers using the @clerk/clerk-sdk-node and clerkClient.verifyToken
would have to pass an issuer and some options for the function to work.
Customers were using the previous one since we had a reported issue to fix this not a long time ago: #2280

Was this change intentional or accidental?

cc: @nikosdouvlis , @SokratisVidros

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dimkl the issuer check has been removed entirely

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ooh. I see. thanks for the clarification 😄
What was the reasoning behind removing the issuer check? Do we think that the rest of the claims are sufficient?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants