-
Notifications
You must be signed in to change notification settings - Fork 388
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add email link same device/browser setting docs #1044
Conversation
58ff990
to
345bc19
Compare
Hey, here’s your docs preview: https://clerk.com/docs/pr/1044 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well written, thank you!
9a8c48a
to
77c6b6a
Compare
Hey, here’s your docs preview: https://clerk.com/docs/pr/1044 |
77c6b6a
to
ccab59c
Compare
Hey, here’s your docs preview: https://clerk.com/docs/pr/1044 |
ccab59c
to
f9517bd
Compare
Hey, here’s your docs preview: https://clerk.com/docs/pr/1044 |
@@ -20,7 +20,7 @@ function handleEmailLinkVerification( | |||
|
|||
When users click on email links they get redirected to the URL that was provided during email link verification flow initialization. The URL will contain a couple of important query parameters added by Clerk. These are called `__clerk_status` and `__clerk_created_session`. | |||
|
|||
The `__clerk_status` query parameter is the outcome of the verification and can take three values: **verified**, **failed** or **expired**. | |||
The `__clerk_status` query parameter is the outcome of the verification and can take four values: **verified**, **failed**, **expired**, or **client_mismatch**. **client_mismatch** can only be a verification outcome if [Require the same device or browser](/docs/security/email-link-protection) is turned on for sign-ins or sign-ups. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The `__clerk_status` query parameter is the outcome of the verification and can take four values: **verified**, **failed**, **expired**, or **client_mismatch**. **client_mismatch** can only be a verification outcome if [Require the same device or browser](/docs/security/email-link-protection) is turned on for sign-ins or sign-ups. | |
The `__clerk_status` query parameter is the outcome of the verification and accepts the following values: `verified`, `failed`, `expired`, or `client_mismatch`. `client_mismatch` can only be a verification outcome if the [**Require the same device or browser**](/docs/security/email-link-protection) setting is turned on for sign-ins or sign-ups. |
To configure this security setting, go to [Email, Phone, and Username](https://dashboard.clerk.com/last-active?path=user-authentication/email-phone-username) section of the Clerk Dashboard. | ||
|
||
To enable this protection for sign-ups, go to **Contact information** > **Email address**. Open the modal and make sure **Require the same device and browser** is enabled under the **Email verification link** checkbox. | ||
|
||
To enable this protection for sign-ins, go to **Authentication strategies** > **Email verification link**. Ensure **Require the same device and browser** is toggled on in the configuration modal. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a way I can test this in the Dashboard? It's not currently there, and I don't see it in staging either.
To configure this security setting, go to [Email, Phone, and Username](https://dashboard.clerk.com/last-active?path=user-authentication/email-phone-username) section of the Clerk Dashboard. | |
To enable this protection for sign-ups, go to **Contact information** > **Email address**. Open the modal and make sure **Require the same device and browser** is enabled under the **Email verification link** checkbox. | |
To enable this protection for sign-ins, go to **Authentication strategies** > **Email verification link**. Ensure **Require the same device and browser** is toggled on in the configuration modal. | |
To configure this security setting, navigate to the [Clerk Dashboard](https://dashboard.clerk.com/last-active?path=user-authentication/email-phone-username) and in the navigation sidebar, select **Email, Phone, Username**. | |
To enable this protection for **sign-ups**: | |
1. In the **Contact information** section, next to **Email address**, select the settings icon. | |
1. Under the **Email verification link** checkbox, ensure **Require the same device and browser** is enabled. | |
To enable this protection for **sign-ins**: | |
1. In the **Authentication strategies** section, next to **Email verification link**, select the settings icon. | |
1. Ensure **Require the same device and browser** is toggled on. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's enabled in staging now! https://clerkinc.slack.com/archives/CHZ1FBBEG/p1717534767333909
I also updated this section a bit. I realized the previous wording was implying the setting could be turned on for sign-ins only, for example, but it's the same setting for both sign-ins and sign-ups. You can't turn it on only for one or the other. Lmk what you think!
add additional detail about disabling email link protection
f9517bd
to
5e98405
Compare
|
||
Authentication strategies section: | ||
1. In the **Authentication strategies** section, next to **Email verification link**, select the settings icon. | ||
2. Ensure **Require the same device and browser** is toggled on. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a checkbox instead of a toggle. Not sure why that decision was made - do we want to make those consistent in the Dashboard?
2. Ensure **Require the same device and browser** is toggled on. | |
2. Ensure **Require the same device and browser** is checked. |
In particular, clarify how the require same client setting will affect email link flows.
Hey, here’s your docs preview: https://clerk.com/docs/pr/1044 |
New documentation for email link require same client setting
handleEmailLinkVerification()
documentation to add info about the newclient_mismatch
status that will be introduced if this setting is turned on🔎 Previews: