Update Manual JWT verification page

[octoper]

Warning

Requires clerk/clerk#481 to be merged

This PR updates the example in Manual JWT verification to use @clerk/backend instead of relying on external libraries

[github-actions]

Hey, here’s your docs preview: https://clerk.com/docs/pr/925

[S3Prototype]

Approved with suggested changes

[dimkl]

There is already another PR to update this file but it's been outdated.
ref: https://github.com/clerk/clerk-docs/blob/207c8b87517ed4c96b1577163d97e62563ef8f6d/docs/backend-requests/handling/manual-jwt.mdx#example-usage

I would expect to suggest customers to use the clerkClient.authenticateRequest() instead of manually retrieving the token from cookies or authorization header.
If the docs team prefers the current changes (using low level utils), ignore my comment and proceed with merging it.

[alexisintech]

There is already another PR to update this file but it's been outdated. ref: https://github.com/clerk/clerk-docs/blob/207c8b87517ed4c96b1577163d97e62563ef8f6d/docs/backend-requests/handling/manual-jwt.mdx#example-usage

I would expect to suggest customers to use the clerkClient.authenticateRequest() instead of manually retrieving the token from cookies or authorization header. If the docs team prefers the current changes (using low level utils), ignore my comment and proceed with merging it.

I agree that it can be simpler for the user by using our product - so utilizing our authenticateRequest() method instead of manually retrieving the token. Thank you for thinking of this!!
@octoper would you mind making this change?

[S3Prototype]

@octoper Gentle reminder about this PR

[alexisintech]

import { clerkClient } from '@clerk/nextjs/server';
import { NextRequest, NextResponse } from 'next/server';

export async function GET(req: NextRequest) {
const { isSignedIn, token } = await clerkClient.authenticateRequest(req);

if (!isSignedIn) {
return NextResponse.json({ status: 401 });
}

// Perform protected actions

return NextResponse.json({ message: token });
}

[alexisintech]

https://clerkinc.slack.com/archives/C046VRJPCNS/p1718914496517829

[alexisintech]

I've removed the hefty instructions for using verifyToken() - in clerk/docs#1184, the example was moved to its reference page with an in-depth explanation.

The Manual JWT Verification page will now advocate for using authenticateRequest()

@dimkl @octoper can you guys review and let me know your thoughts before I merge 🫶

[dimkl]

I have some notes that should apply before merging this PR.

• I believe that authenticate-request should not be part of the /docs/references/backend/sessions as it's not exactly related to the sessions and it's definitely not related to our backend endpoints grouped in that url path.
• code example in authenticate request page should be updated to use @clerk/backend package instead of nextjs
• I think we should keep a code example of how authenticateRequest() can be used in this page, otherwise does this page make much sense? It's just an intro and a ref to another page.

cc: @alexisintech , @octoper

[alexisintech]

yeah I agree - this page will definitely get reworked in the upcoming IA. for now, I've made the changes you requested :)