Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Manual JWT verification page #925

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Update Manual JWT verification page #925

wants to merge 2 commits into from
+20 −37

Conversation

octoper
Copy link
Member

@octoper octoper commented Apr 19, 2024

This PR updates the example in Manual JWT verification to use @clerk/backend instead of relying on external libraries

@octoper octoper requested a review from a team as a code owner April 19, 2024 19:20
@octoper octoper force-pushed the vaggelis/update-manual-jwt-verification branch from cbea9d5 to f6d8653 Compare April 21, 2024 08:37
@octoper octoper force-pushed the vaggelis/update-manual-jwt-verification branch from f6d8653 to b0f5d73 Compare April 23, 2024 12:01
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 24, 2024
edited by bradlc

Hey, here’s your docs preview: https://clerk.com/docs/pr/925

S3Prototype
S3Prototype approved these changes Apr 24, 2024
View reviewed changes
Copy link
Contributor

@S3Prototype S3Prototype left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved with suggested changes

docs/backend-requests/handling/manual-jwt.mdx
@@ -21,16 +21,9 @@ There are three ways to obtain your public key:

1. Using the Backend API in JSON Web Key Set (JWKS) format at the following endpoint [https://api.clerk.com/v1/jwks](https://clerk.com/docs/reference/backend-api/tag/JWKS#operation/GetJWKS).

2. Using the Frontend API in JSON Web Key Set (JWKS) format at the following endpoint `https://<YOUR_FRONTEND_API>/.well-known/jwks.json`. This can be obtained from the Clerk Dashboard on the [API Keys](https://dashboard.clerk.com/last-active?path=api-keys) page. Scroll down and click on **Advanced** and in the **JWT public key** section, copy the **JWKS URL**.
2. Using the Frontend API in JSON Web Key Set (JWKS) format at the following endpoint `https://<YOUR_FRONTEND_API>/.well-known/jwks.json`. This can be obtained from the Clerk Dashboard on the [API Keys](https://dashboard.clerk.com/last-active?path=api-keys) page. At the left sidebar click on **Show JWT public key** and in the model that will show up you can find and copy the **JWKS URL**.
Copy link
Contributor

@S3Prototype S3Prototype Apr 24, 2024
edited by alexisintech

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
2. Using the Frontend API in JSON Web Key Set (JWKS) format at the following endpoint `https://<YOUR_FRONTEND_API>/.well-known/jwks.json`. This can be obtained from the Clerk Dashboard on the [API Keys](https://dashboard.clerk.com/last-active?path=api-keys) page. At the left sidebar click on **Show JWT public key** and in the model that will show up you can find and copy the **JWKS URL**.
2. Use the Frontend API in JSON Web Key Set (JWKS) format at the following endpoint `https://<YOUR_FRONTEND_API>/.well-known/jwks.json`. This can be obtained from the Clerk Dashboard on the [API Keys](https://dashboard.clerk.com/last-active?path=api-keys) page. In the left sidebar, select **Show JWT public key**. In the modal that appears, copy the **JWKS URL**.

docs/backend-requests/handling/manual-jwt.mdx
/>

3. Using the PEM public key provided in the Clerk Dashboard on the [API Keys](https://dashboard.clerk.com/last-active?path=api-keys) page. Scroll down and click on **Advanced** and in the **JWT public key** section, copy the **PEM public key**. This option should only be used as a fallback for when the first two options are not available.
3. Using the PEM public key provided in the Clerk Dashboard on the [API Keys](https://dashboard.clerk.com/last-active?path=api-keys) page. At the left sidebar click on **Show JWT public key** and in the model that will show up you can find and copy the **PEM Public Key**.. This option should only be used as a fallback for when the first two options are not available.
Copy link
Contributor

@S3Prototype S3Prototype Apr 24, 2024
edited by alexisintech

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
3. Using the PEM public key provided in the Clerk Dashboard on the [API Keys](https://dashboard.clerk.com/last-active?path=api-keys) page. At the left sidebar click on **Show JWT public key** and in the model that will show up you can find and copy the **PEM Public Key**.. This option should only be used as a fallback for when the first two options are not available.
3. Use the PEM public key provided in the Clerk Dashboard on the [API Keys](https://dashboard.clerk.com/last-active?path=api-keys) page. In the left sidebar, select **Show JWT public key**. In the modal that appears, copy the **PEM Public Key**. This option should only be used as a fallback for when the first two options are not available.

docs/backend-requests/handling/manual-jwt.mdx
@@ -46,40 +39,30 @@ If the above process is successful, it means that the user is signed in to your

## Example usage

In the example below, the [jsonwebtoken](https://www.npmjs.com/package/jsonwebtoken) library is used to verify the token signature. The [cookies](https://www.npmjs.com/package/cookies) library is used to retrieve the `__session` cookie.
In the example below, the [@clerk/backend](https://www.npmjs.com/package/@clerk/backend) is used to verify the token signature. This example uses Next.js route handlers just to showcase how this works, you can use `verifyToken` with any JS framework or no framework at all.
Copy link
Contributor

@S3Prototype S3Prototype Apr 24, 2024
edited by alexisintech

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
In the example below, the [@clerk/backend](https://www.npmjs.com/package/@clerk/backend) is used to verify the token signature. This example uses Next.js route handlers just to showcase how this works, you can use `verifyToken` with any JS framework or no framework at all.
The following example demonstrates how to use [`@clerk/backend`](https://www.npmjs.com/package/@clerk/backend) to verify the token signature. Although this example uses Next.js Route Handlers, you can use `verifyToken` with any JS framework or no framework at all.

dimkl
dimkl reviewed Apr 24, 2024
View reviewed changes
Copy link
Member

@dimkl dimkl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is already another PR to update this file but it's been outdated.
ref: https://github.com/clerk/clerk-docs/blob/207c8b87517ed4c96b1577163d97e62563ef8f6d/docs/backend-requests/handling/manual-jwt.mdx#example-usage

I would expect to suggest customers to use the clerkClient.authenticateRequest() instead of manually retrieving the token from cookies or authorization header.
If the docs team prefers the current changes (using low level utils), ignore my comment and proceed with merging it.

alexisintech
alexisintech approved these changes Apr 26, 2024
View reviewed changes
docs/backend-requests/handling/manual-jwt.mdx
@@ -21,16 +21,9 @@ There are three ways to obtain your public key:

1. Using the Backend API in JSON Web Key Set (JWKS) format at the following endpoint [https://api.clerk.com/v1/jwks](https://clerk.com/docs/reference/backend-api/tag/JWKS#operation/GetJWKS).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
1. Using the Backend API in JSON Web Key Set (JWKS) format at the following endpoint [https://api.clerk.com/v1/jwks](https://clerk.com/docs/reference/backend-api/tag/JWKS#operation/GetJWKS).
1. Use the Backend API in JSON Web Key Set (JWKS) format at the following endpoint [https://api.clerk.com/v1/jwks](https://clerk.com/docs/reference/backend-api/tag/JWKS#operation/GetJWKS).

@alexisintech
Copy link
Member

There is already another PR to update this file but it's been outdated. ref: https://github.com/clerk/clerk-docs/blob/207c8b87517ed4c96b1577163d97e62563ef8f6d/docs/backend-requests/handling/manual-jwt.mdx#example-usage

I would expect to suggest customers to use the clerkClient.authenticateRequest() instead of manually retrieving the token from cookies or authorization header. If the docs team prefers the current changes (using low level utils), ignore my comment and proceed with merging it.

I agree that it can be simpler for the user by using our product - so utilizing our authenticateRequest() method instead of manually retrieving the token. Thank you for thinking of this!!
@octoper would you mind making this change?

@S3Prototype
Copy link
Contributor

@octoper Gentle reminder about this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dimkl dimkl dimkl left review comments

@S3Prototype S3Prototype S3Prototype approved these changes

@alexisintech alexisintech alexisintech approved these changes

@anagstef anagstef Awaiting requested review from anagstef

@LekoArts LekoArts Awaiting requested review from LekoArts

Assignees
No one assigned
Labels
deploy-preview
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@octoper @alexisintech @S3Prototype @dimkl