From e64a9f85e8c5c8bca0601dc4464a1f03e53eaba0 Mon Sep 17 00:00:00 2001 From: Haris Chaniotakis Date: Fri, 6 Dec 2024 23:13:48 +0200 Subject: [PATCH 1/9] fix: JWT Template shortcodes for verified email and phone number (#1779) --- docs/backend-requests/making/jwt-templates.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/backend-requests/making/jwt-templates.mdx b/docs/backend-requests/making/jwt-templates.mdx index 4dce58e567..c07b5f5b1a 100644 --- a/docs/backend-requests/making/jwt-templates.mdx +++ b/docs/backend-requests/making/jwt-templates.mdx @@ -123,7 +123,7 @@ The result of a conditional expression is that of the first operand that does no ```json { - "has_verified_contact_info": "{{user.has_verified_email || user.has_verified_phone}}", + "has_verified_contact_info": "{{user.email_verified || user.phone_number_verified}}", // fallback to a string value "full_name": "{{user.full_name || 'Awesome User'}}", From 86708f73bb21858d6d8c0f484cf6ab16222a95b0 Mon Sep 17 00:00:00 2001 From: victoria Date: Fri, 6 Dec 2024 16:56:37 -0500 Subject: [PATCH 2/9] (/components/clerk-provider) clarify how ClerkProvider can be used (#1759) Co-authored-by: Alexis Aguilar <98043211+alexisintech@users.noreply.github.com> --- docs/_partials/clerk-provider.mdx | 1 + docs/components/clerk-provider.mdx | 8 ++++---- docs/guides/authjs-migration.mdx | 4 +++- docs/guides/waitlist.mdx | 4 +++- docs/integrations/databases/convex.mdx | 8 ++++++-- docs/quickstarts/chrome-extension.mdx | 2 +- docs/quickstarts/expo.mdx | 4 +++- docs/quickstarts/nextjs.mdx | 2 +- docs/quickstarts/react.mdx | 4 +++- docs/quickstarts/tanstack-start.mdx | 2 +- 10 files changed, 26 insertions(+), 13 deletions(-) create mode 100644 docs/_partials/clerk-provider.mdx diff --git a/docs/_partials/clerk-provider.mdx b/docs/_partials/clerk-provider.mdx new file mode 100644 index 0000000000..d64638d8f5 --- /dev/null +++ b/docs/_partials/clerk-provider.mdx @@ -0,0 +1 @@ +The [``](/docs/components/clerk-provider) component provides session and user context to Clerk's hooks and components. It's recommended to wrap your entire app at the entry point with `` to make authentication globally accessible. See the [reference docs](/docs/components/clerk-provider) for other configuration options. diff --git a/docs/components/clerk-provider.mdx b/docs/components/clerk-provider.mdx index abe1e84ba0..676a3bb84e 100644 --- a/docs/components/clerk-provider.mdx +++ b/docs/components/clerk-provider.mdx @@ -1,13 +1,13 @@ --- title: '``' -description: The component wraps your React application to provide active session and user context to Clerk's hooks and other components. +description: The component provides session and user context to Clerk's hooks and components. --- -The `` component wraps your React application to provide active session and user context to Clerk's hooks and other components. +The `` component is required to integrate Clerk into your React application, providing session and user context to Clerk's hooks and components. -## Usage +The recommended approach is to wrap your entire app with `` at the entry point to make authentication globally accessible. If you only need authentication for specific routes or pieces of your application, render `` deeper in the component tree. This allows you to implement Clerk's functionality precisely where required without impacting the rest of your app. -The `` component must be added to your React entrypoint. +## Usage diff --git a/docs/guides/authjs-migration.mdx b/docs/guides/authjs-migration.mdx index 7ccf9daa74..82b0d2ae11 100644 --- a/docs/guides/authjs-migration.mdx +++ b/docs/guides/authjs-migration.mdx @@ -69,7 +69,9 @@ This guide shows how to migrate an application using Auth.js (formerly NextAuth. ### Wrap your Next.js app in `` - You will need to remove the `` provider from Auth.js and replace it with the `` provider from Clerk. `` will need to wrap your application, or wrap the portion of your app where you want to handle authentication. + Remove the `` provider from Auth.js and replace it with ``. + + ```tsx {{ filename: 'app/layout.tsx', mark: [1, 6, 10] }} diff --git a/docs/guides/waitlist.mdx b/docs/guides/waitlist.mdx index b1d25f2da8..0f3bffa54d 100644 --- a/docs/guides/waitlist.mdx +++ b/docs/guides/waitlist.mdx @@ -80,7 +80,9 @@ In [**Waitlist** mode](/docs/authentication/configuration/restrictions#waitlist) ### Add `` to your app - The [``](/docs/components/clerk-provider) component wraps your app to provide active session and user context to Clerk's hooks and other components. To use the `` component in your app, you must provide the `waitlistUrl` prop, which points to the URL of your waitlist page. + + + To use the `` component in your app, you must provide the `waitlistUrl` prop, which points to the URL of your waitlist page. ```tsx {{ filename: 'app/layout.tsx', mark: [6] }} import { ClerkProvider } from '@clerk/nextjs' diff --git a/docs/integrations/databases/convex.mdx b/docs/integrations/databases/convex.mdx index c98732de47..2c825606aa 100644 --- a/docs/integrations/databases/convex.mdx +++ b/docs/integrations/databases/convex.mdx @@ -112,9 +112,13 @@ This tutorial assumes that you have already [set up a Clerk application](/docs/q ### Configure the Clerk and Convex providers - Both Clerk and Convex have Provider components that are required to wrap your React application to provide the authentication and client context. + Both Clerk and Convex have provider components that are required to provide authentication and client context. - You may have already had a `` configured. Be sure that `` wraps `ConvexProviderWithClerk`, and that `useAuth` is passed to `ConvexProviderWithClerk`. + Clerk's provider component is ``, which should wrap your entire app at the entry point to make authentication globally accessible. See the [reference docs](/docs/components/clerk-provider) for other configuration options. + + Convex offers a provider that is specifically for integrating with Clerk called [``](https://docs.convex.dev/auth/clerk). + + The following example demonstrates how to configure Clerk and Convex's providers. Clerk's `useAuth()` hook must be passed to `` and Clerk's `` must be wrapped around it. ```ts {{ filename: 'src/main.tsx' }} import React from 'react' diff --git a/docs/quickstarts/chrome-extension.mdx b/docs/quickstarts/chrome-extension.mdx index fcc1493cae..3cb0d1d644 100644 --- a/docs/quickstarts/chrome-extension.mdx +++ b/docs/quickstarts/chrome-extension.mdx @@ -79,7 +79,7 @@ description: Add authentication and user management to your Chrome Extension wit ### Add `` to your app - All Clerk hooks and components must be children of the [``](/docs/components/clerk-provider) component, which provides active session and user context. Wrap your app in the `` component and pass your Publishable Key as a prop. + ```tsx {{ filename: 'src/popup.tsx', mark: [1, [7, 11], 15, 19] }} import { ClerkProvider } from '@clerk/chrome-extension' diff --git a/docs/quickstarts/expo.mdx b/docs/quickstarts/expo.mdx index 65d5069244..76500378d6 100644 --- a/docs/quickstarts/expo.mdx +++ b/docs/quickstarts/expo.mdx @@ -91,7 +91,9 @@ description: Add authentication and user management to your Expo app with Clerk. ### Add `` to your root layout - The [``](/docs/components/clerk-provider) component wraps your app to provide active session and user context to Clerk's hooks and other components. You must pass your Publishable Key as a prop to the `` component. + + + Pass your publishable key as a prop to the component. Clerk also provides [``](/docs/components/control/clerk-loaded), which won't render its children until the Clerk API has loaded. diff --git a/docs/quickstarts/nextjs.mdx b/docs/quickstarts/nextjs.mdx index e7e6e9f178..d7222bc320 100644 --- a/docs/quickstarts/nextjs.mdx +++ b/docs/quickstarts/nextjs.mdx @@ -97,7 +97,7 @@ description: Add authentication and user management to your Next.js app with Cle ### Add `` and Clerk components to your app - The [``](/docs/components/clerk-provider) component wraps your app to provide active session and user context to Clerk's hooks and other components. + You can control which content signed-in and signed-out users can see with Clerk's [prebuilt control components](/docs/components/overview#what-are-control-components). Create a header using the following components: diff --git a/docs/quickstarts/react.mdx b/docs/quickstarts/react.mdx index 7e04683d0c..9951acbcd9 100644 --- a/docs/quickstarts/react.mdx +++ b/docs/quickstarts/react.mdx @@ -119,7 +119,9 @@ description: Add authentication and user management to your React app with Clerk ### Add `` to your app - The [``](/docs/components/clerk-provider) component wraps your app to provide active session and user context to Clerk's hooks and other components. You must pass your Publishable Key as a prop to the `` component. + + + Pass your publishable key as a prop to the component. ```tsx {{ filename: 'src/main.tsx', mark: [5, 16, 18] }} import React from 'react' diff --git a/docs/quickstarts/tanstack-start.mdx b/docs/quickstarts/tanstack-start.mdx index 1e4ac7964b..4363013d83 100644 --- a/docs/quickstarts/tanstack-start.mdx +++ b/docs/quickstarts/tanstack-start.mdx @@ -94,7 +94,7 @@ description: Learn how to use Clerk to quickly and easily add secure authenticat ### Add `` to your app - The [``](/docs/components/clerk-provider) component wraps your app to provide active session and user context to Clerk's hooks and other components. + Add the `` component to your app's root route, as shown in the following example: From a24a17ffff91ec5a1d4ba6edfd46e9a967f1844a Mon Sep 17 00:00:00 2001 From: victoria Date: Fri, 6 Dec 2024 17:47:39 -0500 Subject: [PATCH 3/9] fix: formatting (#1782) --- docs/guides/authjs-migration.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/authjs-migration.mdx b/docs/guides/authjs-migration.mdx index 82b0d2ae11..f08dfd11e0 100644 --- a/docs/guides/authjs-migration.mdx +++ b/docs/guides/authjs-migration.mdx @@ -71,7 +71,7 @@ This guide shows how to migrate an application using Auth.js (formerly NextAuth. Remove the `` provider from Auth.js and replace it with ``. - + ```tsx {{ filename: 'app/layout.tsx', mark: [1, 6, 10] }} From 3b396ab2ab3f08bea987ff1a26576d5ca126c634 Mon Sep 17 00:00:00 2001 From: Alexis Aguilar <98043211+alexisintech@users.noreply.github.com> Date: Fri, 6 Dec 2024 18:27:05 -0500 Subject: [PATCH 4/9] update expo docs (#1666) Co-authored-by: victoria --- docs/_partials/expo/oauth-custom-flow.mdx | 58 ++ docs/custom-flows/email-password-mfa.mdx | 68 ++- docs/custom-flows/email-password.mdx | 230 +++----- docs/custom-flows/manage-totp-based-mfa.mdx | 56 +- docs/custom-flows/oauth-connections.mdx | 59 +- docs/custom-flows/sign-out.mdx | 28 +- docs/custom-flows/user-impersonation.mdx | 554 ++++++------------ docs/guides/custom-types.mdx | 4 +- docs/manifest.json | 42 +- docs/quickstarts/expo.mdx | 410 +++++++------ .../backend/types/backend-invitation.mdx | 2 +- .../types/backend-organization-invitation.mdx | 4 +- .../types/backend-organization-membership.mdx | 4 +- .../backend/types/backend-organization.mdx | 4 +- .../references/backend/types/backend-user.mdx | 6 +- docs/references/expo/overview.mdx | 25 +- .../expo/read-session-user-data.mdx | 13 +- docs/references/expo/use-oauth.mdx | 61 ++ .../javascript/external-account.mdx | 2 +- .../javascript/organization-invitation.mdx | 2 +- .../javascript/organization-membership.mdx | 2 +- .../javascript/organization/organization.mdx | 2 +- .../javascript/sign-up/authenticate-with.mdx | 4 +- .../references/javascript/sign-up/sign-up.mdx | 4 +- docs/references/javascript/types/metadata.mdx | 79 +++ docs/references/javascript/types/oauth.mdx | 10 +- .../types/user-organization-invitation.mdx | 2 +- docs/references/javascript/user/user.mdx | 8 +- docs/users/user-impersonation.mdx | 2 +- 29 files changed, 866 insertions(+), 879 deletions(-) create mode 100644 docs/_partials/expo/oauth-custom-flow.mdx create mode 100644 docs/references/expo/use-oauth.mdx create mode 100644 docs/references/javascript/types/metadata.mdx diff --git a/docs/_partials/expo/oauth-custom-flow.mdx b/docs/_partials/expo/oauth-custom-flow.mdx new file mode 100644 index 0000000000..81f09bee6c --- /dev/null +++ b/docs/_partials/expo/oauth-custom-flow.mdx @@ -0,0 +1,58 @@ +The following example demonstrates how to create a custom OAuth sign-in flow for [Google accounts](/docs/authentication/social-connections/google). + +```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }} +import React from 'react' +import * as WebBrowser from 'expo-web-browser' +import { Text, View, Button } from 'react-native' +import { Link } from 'expo-router' +import { useOAuth } from '@clerk/clerk-expo' +import * as Linking from 'expo-linking' + +export const useWarmUpBrowser = () => { + React.useEffect(() => { + // Warm up the android browser to improve UX + // https://docs.expo.dev/guides/authentication/#improving-user-experience + void WebBrowser.warmUpAsync() + return () => { + void WebBrowser.coolDownAsync() + } + }, []) +} + +WebBrowser.maybeCompleteAuthSession() + +export default function Page() { + useWarmUpBrowser() + + const { startOAuthFlow } = useOAuth({ strategy: 'oauth_google' }) + + const onPress = React.useCallback(async () => { + try { + const { createdSessionId, signIn, signUp, setActive } = await startOAuthFlow({ + redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }), + }) + + // If sign in was successful, set the active session + if (createdSessionId) { + setActive!({ session: createdSessionId }) + } else { + // Use signIn or signUp returned from startOAuthFlow + // for next steps, such as MFA + } + } catch (err) { + // See https://clerk.com/docs/custom-flows/error-handling + // for more info on error handling + console.error(JSON.stringify(err, null, 2)) + } + }, []) + + return ( + + + Home + + + ) } @@ -69,10 +69,10 @@ The following example shows two files: ```jsx {{ filename: 'app/sign-up/sso-callback/page.tsx' }} import { AuthenticateWithRedirectCallback } from '@clerk/nextjs' - export default function SSOCallback() { + export default function Page() { // Handle the redirect flow by rendering the // prebuilt AuthenticateWithRedirectCallback component. - // This is the final step in the custom SAML flow. + // This is the final step in the custom Enterprise SSO flow. return } ``` @@ -80,13 +80,13 @@ The following example shows two files: -## SAML account transfer flows +## Enterprise account transfer flows -It is common for users who are authenticating with SAML to use a sign-in button when they mean to sign-up, and vice versa. For those cases, the `SignIn` and `SignUp` objects have a `transferable` status that indicates whether the user can be transferred to the other flow. +It is common for users who are authenticating with an enterprise account to use a sign-in button when they mean to sign-up, and vice versa. For those cases, the `SignIn` and `SignUp` objects have a `transferable` status that indicates whether the user can be transferred to the other flow. **If you would like to keep your sign-in and sign-up flows completely separate, then you can skip this section.** -The following example demonstrates how to handle these cases in your sign-in flow. To apply the same logic to the sign-up flow, simply replace `signIn.authenticateWithRedirect()` with `signUp.authenticateWithRedirect()` in your code. +The following example demonstrates how to handle these cases in your sign-in flow. To apply the same logic to the sign-up flow, simply replace [`signIn.authenticateWithRedirect()`][sign-in-redirect] with [`signUp.authenticateWithRedirect()`][sign-up-redirect] in your code. @@ -96,13 +96,13 @@ The following example demonstrates how to handle these cases in your sign-in flo import * as React from 'react' import { useSignIn, useSignUp } from '@clerk/nextjs' - export default function SAMLSignIn() { + export default function Page() { const { signIn } = useSignIn() const { signUp, setActive } = useSignUp() if (!signIn || !signUp) return null - const signInWithSAML = (e: React.FormEvent) => { + const signInWithEnterpriseSSO = (e: React.FormEvent) => { e.preventDefault() const email = (e.target as HTMLFormElement).email.value @@ -110,7 +110,7 @@ The following example demonstrates how to handle these cases in your sign-in flo signIn .authenticateWithRedirect({ identifier: email, - strategy: 'saml', + strategy: 'enterprise_sso', redirectUrl: '/sso-callback', redirectUrlComplete: '/', }) @@ -127,7 +127,7 @@ The following example demonstrates how to handle these cases in your sign-in flo if (!signIn || !signUp) return null // If the user has an account in your application, but does not yet - // have a SAML account connected to it, you can transfer the SAML + // have a enterprise account connected to it, you can transfer the enterprise // account to the existing user account. const userExistsButNeedsToSignIn = signUp.verifications.externalAccount.status === 'transferable' && @@ -143,9 +143,9 @@ The following example demonstrates how to handle these cases in your sign-in flo } } - // If the user has a SAML account but does not yet + // If the user has a enterprise account but does not yet // have an account in your app, you can create an account - // for them using the SAML information. + // for them using the enterprise account's information. const userNeedsToBeCreated = signIn.firstFactorVerification.status === 'transferable' if (userNeedsToBeCreated) { @@ -160,18 +160,22 @@ The following example demonstrates how to handle these cases in your sign-in flo } } else { // If the user has an account in your application - // and has an SAML account connected to it, you can sign them in. - signInWithSAML(e) + // and has an enterprise account connected to it, you can sign them in. + signInWithEnterpriseSSO(e) } } return (
handleSignIn(e)}> - +
) } ``` + +[sign-in-redirect]: /docs/references/javascript/sign-in/authenticate-with#authenticate-with-redirect + +[sign-up-redirect]: /docs/references/javascript/sign-up/authenticate-with#authenticate-with-redirect diff --git a/docs/manifest.json b/docs/manifest.json index 1952a20efe..7f84702730 100644 --- a/docs/manifest.json +++ b/docs/manifest.json @@ -1673,8 +1673,8 @@ "href": "/docs/custom-flows/oauth-connections" }, { - "title": "SAML connections", - "href": "/docs/custom-flows/saml-connections" + "title": "Enterprise connections", + "href": "/docs/custom-flows/enterprise-connections" }, { "title": "Sign out", diff --git a/docs/references/javascript/sign-in/authenticate-with.mdx b/docs/references/javascript/sign-in/authenticate-with.mdx index bd7949b32c..f54ad008f2 100644 --- a/docs/references/javascript/sign-in/authenticate-with.mdx +++ b/docs/references/javascript/sign-in/authenticate-with.mdx @@ -19,16 +19,20 @@ function authenticateWithRedirect(params: AuthenticateWithRedirectParams): Promi - `strategy` - - [OAuthStrategy](/docs/references/javascript/types/oauth#o-auth-strategy) | 'saml' + - [OAuthStrategy](/docs/references/javascript/types/oauth#o-auth-strategy) | 'saml' | 'enterprise\_sso' - The strategy corresponding to the OAuth provider. For example: `oauth_facebook`, `oauth_github`, etc. + The strategy to use for authentication. The following strategies are supported: + + - `oauth_`: The user will be authenticated with their social sign-in account. [See available social providers](/docs/references/javascript/types/oauth#o-auth-provider). + - `saml`: The user will be authenticated with SAML. **Deprecated in favor of `enterprise_sso`.** + - `enterprise_sso`: The user will be authenticated either through SAML or OIDC, depending on the configuration of the [enterprise connection](/docs/authentication/enterprise-connections/overview) matching the identifier. --- - `redirectUrl` - `string` - Full URL or path to the route that will complete the OAuth or SAML flow. Typically, this will be a simple `/sso-callback` route that calls `Clerk.handleRedirectCallback` or mounts the `` component. + The full URL or path to the route that will complete the OAuth or SAML flow. Typically, this will be a simple `/sso-callback` route that calls `Clerk.handleRedirectCallback` or mounts the `` component. --- @@ -36,6 +40,13 @@ function authenticateWithRedirect(params: AuthenticateWithRedirectParams): Promi - `string` The URL that the user will be redirected to, after successful authorization from the OAuth provider and Clerk sign in. + + --- + + - `identifier` + - `string | undefined` + + Identifier to use for targeting an enterprise connection at sign-in. ### `authenticateWithMetamask()` diff --git a/docs/references/javascript/sign-up/authenticate-with.mdx b/docs/references/javascript/sign-up/authenticate-with.mdx index c98405e5ad..3b20ac50ff 100644 --- a/docs/references/javascript/sign-up/authenticate-with.mdx +++ b/docs/references/javascript/sign-up/authenticate-with.mdx @@ -38,26 +38,27 @@ function authenticateWithRedirect(params: AuthenticateWithRedirectParams): Promi --- - `strategy` - - `'oauth_' | 'saml'` + - `'oauth_' | 'saml' | 'enterprise_sso'` The strategy to use for authentication. The following strategies are supported: - `oauth_`: The user will be authenticated with their social sign-in account. [See available social providers](/docs/references/javascript/types/oauth#o-auth-provider). - - `saml`: The user will be authenticated with SAML. + - `saml`: The user will be authenticated with SAML. **Deprecated** + - `enterprise_sso`: The user will be authenticated either through SAML or OIDC, depending on the configuration of the [enterprise connection](/docs/authentication/enterprise-connections/overview) matching the identifier. --- - `identifier` - `string | undefined` - Identifier to use for targeting a SAML connection at sign-up. + Identifier to use for targeting an enterprise connection at sign-up. --- - `emailAddress` - `string | undefined` - Email address to use for targeting a SAML connection at sign-up. + Email address to use for targeting an enterprise connection at sign-up. --- diff --git a/docs/references/javascript/sign-up/verification.mdx b/docs/references/javascript/sign-up/verification.mdx index 7a15cb0e2c..9c1c158aec 100644 --- a/docs/references/javascript/sign-up/verification.mdx +++ b/docs/references/javascript/sign-up/verification.mdx @@ -20,14 +20,15 @@ function prepareVerification(params: PrepareVerificationParams): Promise - `strategy` - - `'phone_code' | 'email_code' | 'email_link' | 'saml' | 'oauth_' | 'web3_metamask_signature' | 'web3_coinbase_wallet_signature'` + - `'phone_code' | 'email_code' | 'email_link' | 'saml' | 'enterprise_sso' | 'oauth_' | 'web3_metamask_signature' | 'web3_coinbase_wallet_signature'` The verification strategy to validate the user's sign-up request. The following strategies are supported: - `phone_code`: Send an SMS with a unique token to input. - `email_code`: Send an email with a unique token to input. - `email_link`: Send an email with a link which validates sign-up - - `saml`: The user will be authenticated with SAML. **Experimental** + - `saml`: The user will be authenticated with SAML. **Deprecated in favor of `enterprise_sso`.** + - `enterprise_sso`: The user will be authenticated either through SAML or OIDC depending on the configuration of the [enterprise connection](/docs/authentication/enterprise-connections/overview) matching the identifier. - `oauth_`: The user will be authenticated with their social sign-in account. [See available social providers](/docs/references/javascript/types/oauth#o-auth-provider). - `web3_metamask_signature`: The verification will attempt to be completed using the user's Web3 wallet address via [Metamask](https://metamask.io/). The `web3_wallet_id` parameter can also be specified to select which of the user's known Web3 wallets will be used. - `web3_coinbase_wallet_signature`: The verification will attempt to be completed using the user's Web3 wallet address via [Coinbase Wallet](https://www.coinbase.com/wallet). The `web3_wallet_id` parameter can also be specified to select which of the user's known Web3 wallets will be used. diff --git a/docs/references/javascript/types/verification.mdx b/docs/references/javascript/types/verification.mdx index c0955b8f32..432df00c99 100644 --- a/docs/references/javascript/types/verification.mdx +++ b/docs/references/javascript/types/verification.mdx @@ -48,7 +48,7 @@ An interface that represents the state of the verification process of a sign-in - `unverified`: The verification has not been verified yet. - `verified`: The verification has been verified. - - `transferable`: The verification is transferable to between sign-in and sign-up flows. This status is to be used in [OAuth](/docs/custom-flows/oauth-connections#o-auth-account-transfer-flows) and [SAML](/docs/custom-flows/saml-connections#saml-account-transfer-flows) authentication flows. + - `transferable`: The verification is transferable to between sign-in and sign-up flows. This status is to be used in [OAuth](/docs/custom-flows/oauth-connections#o-auth-account-transfer-flows) and [Enterprise SSO](/docs/custom-flows/enterprise-connections#enterprise-account-transfer-flows) authentication flows. - `failed`: The verification has failed. - `expired`: The verification has expired.