-
Notifications
You must be signed in to change notification settings - Fork 390
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Manual JWT verification page #925
Conversation
cbea9d5
to
f6d8653
Compare
f6d8653
to
b0f5d73
Compare
Hey, here’s your docs preview: https://clerk.com/docs/pr/925 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved with suggested changes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is already another PR to update this file but it's been outdated.
ref: https://github.com/clerk/clerk-docs/blob/207c8b87517ed4c96b1577163d97e62563ef8f6d/docs/backend-requests/handling/manual-jwt.mdx#example-usage
I would expect to suggest customers to use the clerkClient.authenticateRequest()
instead of manually retrieving the token from cookies or authorization header.
If the docs team prefers the current changes (using low level utils), ignore my comment and proceed with merging it.
I agree that it can be simpler for the user by using our product - so utilizing our |
@octoper Gentle reminder about this PR |
import { clerkClient } from '@clerk/nextjs/server'; export async function GET(req: NextRequest) { if (!isSignedIn) { // Perform protected actions return NextResponse.json({ message: token }); |
Co-authored-by: Shaquil Hansford <[email protected]>
Co-authored-by: Shaquil Hansford <[email protected]>
Co-authored-by: Shaquil Hansford <[email protected]>
I've removed the hefty instructions for using verifyToken() - in clerk/docs#1184, the example was moved to its reference page with an in-depth explanation. The Manual JWT Verification page will now advocate for using @dimkl @octoper can you guys review and let me know your thoughts before I merge 🫶 |
} | ||
} | ||
``` | ||
The `authenticateRequest()` method from Clerk's JavaScript Backend SDK does all of this for you. It accepts the request object and authenticates the session token in it. See the [reference page](/docs/references/backend/sessions/authenticate-request) for example usage and more information. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have some notes that should apply before merging this PR.
- I believe that
authenticate-request
should not be part of the/docs/references/backend/sessions
as it's not exactly related to thesessions
and it's definitely not related to our backend endpoints grouped in that url path. - code example in authenticate request page should be updated to use
@clerk/backend
package instead of nextjs - I think we should keep a code example of how
authenticateRequest()
can be used in this page, otherwise does this page make much sense? It's just an intro and a ref to another page.
cc: @alexisintech , @octoper
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah I agree - this page will definitely get reworked in the upcoming IA. for now, I've made the changes you requested :)
Warning
Requires clerk/clerk#481 to be merged
This PR updates the example in Manual JWT verification to use
@clerk/backend
instead of relying on external libraries