Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(backend,shared,clerk-js): Support suffixed cookies [CORE-2086] #3506

Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

feat(backend,shared,clerk-js): Support suffixed cookies [CORE-2086] #3506

wants to merge 11 commits into from
+698 −104

Conversation

dimkl
Copy link
Member

@dimkl dimkl commented Jun 3, 2024
edited
Loading

Description

Generate suffixed and un-suffixed __client_uat (in dev instance), __session, __clerk_db_jwt (In dev instance) cookies from ClerkJS and support reading the either the suffixed or the un-suffixed cookies in the backend SDK using the
__client_uat & __session cookies.
New ClerkJS versions will generate both suffixed and un-suffixed cookies but the backend SDK will consume only 1 of those 2.

Checklist

  • npm test runs as expected.
  • npm run build runs as expected.
  • (If applicable) JSDoc comments have been added or updated for any package exports
  • (If applicable) Documentation has been updated

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

@dimkl dimkl self-assigned this Jun 3, 2024
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jun 3, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 3e2faed

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 15 packages
Name Type
@clerk/clerk-js Minor
@clerk/backend Minor
@clerk/shared Minor
@clerk/chrome-extension Patch
@clerk/clerk-expo Patch
@clerk/express Patch
@clerk/fastify Patch
@clerk/nextjs Patch
@clerk/remix Patch
@clerk/clerk-sdk-node Patch
@clerk/tanstack-start Patch
@clerk/elements Patch
@clerk/clerk-react Patch
@clerk/testing Patch
@clerk/ui Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@dimkl dimkl mentioned this pull request Jun 5, 2024
Closed
11 tasks
@dimkl dimkl force-pushed the CORE-2086/suffixed-cookies-draft branch 2 times, most recently from f12aaa0 to 7dcea49 Compare June 5, 2024 13:47
@dimkl dimkl requested review from nikosdouvlis and BRKalow and removed request for nikosdouvlis June 5, 2024 13:47
@dimkl dimkl changed the title Core 2086: suffixed cookies [WIP] feat(backend,shared,clerk-js): Support suffixed cookies [CORE-2086] Jun 5, 2024
@dimkl dimkl force-pushed the CORE-2086/suffixed-cookies-draft branch from 7dcea49 to 50ca6e3 Compare June 5, 2024 13:49
@dimkl dimkl marked this pull request as ready for review June 5, 2024 13:50
@dimkl dimkl force-pushed the CORE-2086/suffixed-cookies-draft branch from 50ca6e3 to 6a7c065 Compare June 5, 2024 13:55
@dimkl dimkl force-pushed the CORE-2086/suffixed-cookies-draft branch from 6a7c065 to 976ae21 Compare June 5, 2024 14:34
@dimkl dimkl requested a review from colinclerk June 5, 2024 14:34
colinclerk
colinclerk reviewed Jun 6, 2024
View reviewed changes
packages/backend/src/tokens/authenticateContext.ts
return false;
}
const tokenIssuer = data.payload.iss.replace(/https?:\/\//gi, '');
return this.frontendApi === tokenIssuer;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we check if this is correct for sites using proxy/domain/satellite?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@colinclerk Yes. The issuer of our tokens is the same as our FapiURL. For the satellite apps, we are using the FapiURL of the primary domain, so this check is valid.
What are you referring to as domain?

@dimkl dimkl force-pushed the CORE-2086/suffixed-cookies-draft branch 5 times, most recently from 0655a51 to da8dd2b Compare June 12, 2024 12:36
@dimkl dimkl force-pushed the CORE-2086/suffixed-cookies-draft branch 4 times, most recently from e05b4b2 to c6335a2 Compare June 25, 2024 13:55
dimkl added 11 commits June 26, 2024 12:41
@dimkl
fix(clerk-js): Support get/set/remove into both suffixed/un-suffixed …
22c56e5 
…cookies

This change is required to support setting both suffixed/un-suffixed
cookies using part of the publishableKey to support Multiple apps running
on the same eTLD+1 domain or localhost.
Setting both suffixed/un-suffixed cookies is used to support backwards compatibility.
@dimkl
chore(backend): Rename assertValidSecretKey file to optionsAssertions
7a44855 
The optionsAssertions module will include assertion function for options
used across our package
@dimkl
chore(backend): Enforce publishableKey/frontendApi/instanceType exist…
d0f1172 
…ence in AuthenticateContext
@dimkl
chore(shared): Introduce cookie suffix utils to keys supath
f0c75fc
@dimkl
chore(clerk-js): Use cookie suffix utils from the @clerk/shared/keys
e16ce2b
@dimkl
feat(backend): Determine usage of suffixed / un-suddixed cookies usin…
40a7ff0 
…g client_uat / session
@dimkl
fix(backend,shared,clerk-js): Improve cookie suffixes (#3543)
50f0c2a
@dimkl
fix(backend): Update tests pk & avoid using suffixed cookies in some …
9fda65e 
…edge cases
@dimkl
fix(shared,backend): Pass subtle as getCookieSuffix arg to support no…
2baff00 
…de@18 missing crypto.subtle
@dimkl
fix(clerk-js): Use dev browser id instead of dev browser jwt in dev b…
2fb9cc5 
…rowser creation
@dimkl
fix(clerk-js): Use crypto-js sha1 for cookie suffix generation on in-…
3e2faed 
…secure context

To avoid bundling the whole crypto-js library we used dynamic imports to load the
dependency only if required and subpath imports to allow treeshake add only
the required code parts from the crypto-js
@dimkl dimkl force-pushed the CORE-2086/suffixed-cookies-draft branch from 864369d to 3e2faed Compare June 26, 2024 09:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@colinclerk colinclerk colinclerk left review comments

@BRKalow BRKalow Awaiting requested review from BRKalow

@nikosdouvlis nikosdouvlis Awaiting requested review from nikosdouvlis

At least 1 approving review is required to merge this pull request.

Assignees

@dimkl dimkl

Labels
backend clerk-js integration
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@dimkl @colinclerk @clerk-cookie