npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@clerk/backend-core

v2.13.2

Published

Clerk Backend API core resources and authentication utilities for JavaScript environments.

Downloads

850

Readme

@clerk/backend-core

Chat on Discord Clerk documentation Follow on Twitter

Changelog · Report a Bug · Request a Feature · Ask a Question


Deprecation warning

This package has been deprecated in favor of the isomorphic @clerk/backend which is now used across all server-enabled Clerk packages. This package will not receive any future updates. It should not be used directly - please use as a reference only.

Overview

This package provides Clerk Backend API core resources and low-level authentication utilities for JavaScript environments. It is mostly used as the base for other Clerk SDKs.

Getting Started

Installation

npm install @clerk/backend-core

Build

To build the package locally with the TypeScript compiler, run:

npm run build

Architecture

@clerk/backend-core contains all the logic for basic Clerk functionalities, without being platform/environment, specific such as:

  • Determining the authentication state of a session.
  • Validating a Clerk token state.
  • Clerk API resource management.

How it works

This package is used as the base building block for Clerk JavaScript SDKs and environments. This is achieved by providing all the required business logic if only a few environment-specific utilities are implemented by the client.

In essence, the client should supply these key functions in the Clerk Base and ClerkBackendApi classes:

  1. Public key import importKeyFunction.
  2. JWT signature verification verifySignatureFunction.
  3. Base64 decoding decodeBase64Function.
  4. HTTP fetching utility for the API resource management ClerkFetcher.

After supplying those in the Base and ClerkBackendApi classes, you can use all the Clerk utilities required for the SDK business logic.

Usage

Creating a Base for a new SDK

const importKey = async (jwk: JsonWebKey, algorithm: Algorithm) => {
  //  ...
};

const verifySignature = async (algorithm: Algorithm, key: CryptoKey, signature: Uint8Array, data: Uint8Array) => {
  // ...
};

const decodeBase64 = (base64: string) => {
  // ...
};

/** Base initialization */
const examplePlatformBase = new Base(importKey, verifySignature, decodeBase64);

After creating the Base instance you can use core functions such as:

examplePlatformBase.verifySessionToken(...);

examplePlatformBase.getAuthState(...);

The Base utilities include the building blocks for developing any extra logic and middleware required for the target platform.

Validate the Authorized Party of a session token

Clerk's JWT session token, contains the azp claim, which equals the Origin of the request during token generation. You can provide a list of whitelisted origins to verify against, during every token verification, to protect your application of the subdomain cookie leaking attack. You can find an example below:

const authorizedParties = ['http://localhost:3000', 'https://example.com'];

examplePlatformBase.verifySessionToken(token > { authorizedParties });

Clerk API Resources

API resource management is also provided by this package through the ClerkBackendApi class. For more information on the API resources you can checkout the resource documentation page.

To use the Clerk Backend API wrapper in any JavaScript platform, you would need to provide some specific SDK information and an HTTP fetching utility. See more at the ClerkBackendAPIProps implementation.

Support

You can get in touch with us in any of the following ways:

Contributing

We're open to all community contributions! If you'd like to contribute in any way, please read our contribution guidelines.

Security

@clerk/backend-core follows good practices of security, but 100% security cannot be assured.

@clerk/backend-core is provided "as is" without any warranty. Use at your own risk.

For more information and to report security issues, please refer to our security documentation.

License

This project is licensed under the MIT license.

See LICENSE for more information.