-
Notifications
You must be signed in to change notification settings - Fork 232
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Manual JWT verification page #925
base: main
Are you sure you want to change the base?
Conversation
cbea9d5
to
f6d8653
Compare
f6d8653
to
b0f5d73
Compare
Hey, here’s your docs preview: https://clerk.com/docs/pr/925 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved with suggested changes
@@ -21,16 +21,9 @@ There are three ways to obtain your public key: | |||
|
|||
1. Using the Backend API in JSON Web Key Set (JWKS) format at the following endpoint [https://api.clerk.com/v1/jwks](https://clerk.com/docs/reference/backend-api/tag/JWKS#operation/GetJWKS). | |||
|
|||
2. Using the Frontend API in JSON Web Key Set (JWKS) format at the following endpoint `https://<YOUR_FRONTEND_API>/.well-known/jwks.json`. This can be obtained from the Clerk Dashboard on the [API Keys](https://dashboard.clerk.com/last-active?path=api-keys) page. Scroll down and click on **Advanced** and in the **JWT public key** section, copy the **JWKS URL**. | |||
2. Using the Frontend API in JSON Web Key Set (JWKS) format at the following endpoint `https://<YOUR_FRONTEND_API>/.well-known/jwks.json`. This can be obtained from the Clerk Dashboard on the [API Keys](https://dashboard.clerk.com/last-active?path=api-keys) page. At the left sidebar click on **Show JWT public key** and in the model that will show up you can find and copy the **JWKS URL**. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2. Using the Frontend API in JSON Web Key Set (JWKS) format at the following endpoint `https://<YOUR_FRONTEND_API>/.well-known/jwks.json`. This can be obtained from the Clerk Dashboard on the [API Keys](https://dashboard.clerk.com/last-active?path=api-keys) page. At the left sidebar click on **Show JWT public key** and in the model that will show up you can find and copy the **JWKS URL**. | |
2. Use the Frontend API in JSON Web Key Set (JWKS) format at the following endpoint `https://<YOUR_FRONTEND_API>/.well-known/jwks.json`. This can be obtained from the Clerk Dashboard on the [API Keys](https://dashboard.clerk.com/last-active?path=api-keys) page. In the left sidebar, select **Show JWT public key**. In the modal that appears, copy the **JWKS URL**. |
/> | ||
|
||
3. Using the PEM public key provided in the Clerk Dashboard on the [API Keys](https://dashboard.clerk.com/last-active?path=api-keys) page. Scroll down and click on **Advanced** and in the **JWT public key** section, copy the **PEM public key**. This option should only be used as a fallback for when the first two options are not available. | ||
3. Using the PEM public key provided in the Clerk Dashboard on the [API Keys](https://dashboard.clerk.com/last-active?path=api-keys) page. At the left sidebar click on **Show JWT public key** and in the model that will show up you can find and copy the **PEM Public Key**.. This option should only be used as a fallback for when the first two options are not available. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
3. Using the PEM public key provided in the Clerk Dashboard on the [API Keys](https://dashboard.clerk.com/last-active?path=api-keys) page. At the left sidebar click on **Show JWT public key** and in the model that will show up you can find and copy the **PEM Public Key**.. This option should only be used as a fallback for when the first two options are not available. | |
3. Use the PEM public key provided in the Clerk Dashboard on the [API Keys](https://dashboard.clerk.com/last-active?path=api-keys) page. In the left sidebar, select **Show JWT public key**. In the modal that appears, copy the **PEM Public Key**. This option should only be used as a fallback for when the first two options are not available. |
@@ -46,40 +39,30 @@ If the above process is successful, it means that the user is signed in to your | |||
|
|||
## Example usage | |||
|
|||
In the example below, the [jsonwebtoken](https://www.npmjs.com/package/jsonwebtoken) library is used to verify the token signature. The [cookies](https://www.npmjs.com/package/cookies) library is used to retrieve the `__session` cookie. | |||
In the example below, the [@clerk/backend](https://www.npmjs.com/package/@clerk/backend) is used to verify the token signature. This example uses Next.js route handlers just to showcase how this works, you can use `verifyToken` with any JS framework or no framework at all. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the example below, the [@clerk/backend](https://www.npmjs.com/package/@clerk/backend) is used to verify the token signature. This example uses Next.js route handlers just to showcase how this works, you can use `verifyToken` with any JS framework or no framework at all. | |
The following example demonstrates how to use [`@clerk/backend`](https://www.npmjs.com/package/@clerk/backend) to verify the token signature. Although this example uses Next.js Route Handlers, you can use `verifyToken` with any JS framework or no framework at all. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is already another PR to update this file but it's been outdated.
ref: https://github.com/clerk/clerk-docs/blob/207c8b87517ed4c96b1577163d97e62563ef8f6d/docs/backend-requests/handling/manual-jwt.mdx#example-usage
I would expect to suggest customers to use the clerkClient.authenticateRequest()
instead of manually retrieving the token from cookies or authorization header.
If the docs team prefers the current changes (using low level utils), ignore my comment and proceed with merging it.
@@ -21,16 +21,9 @@ There are three ways to obtain your public key: | |||
|
|||
1. Using the Backend API in JSON Web Key Set (JWKS) format at the following endpoint [https://api.clerk.com/v1/jwks](https://clerk.com/docs/reference/backend-api/tag/JWKS#operation/GetJWKS). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1. Using the Backend API in JSON Web Key Set (JWKS) format at the following endpoint [https://api.clerk.com/v1/jwks](https://clerk.com/docs/reference/backend-api/tag/JWKS#operation/GetJWKS). | |
1. Use the Backend API in JSON Web Key Set (JWKS) format at the following endpoint [https://api.clerk.com/v1/jwks](https://clerk.com/docs/reference/backend-api/tag/JWKS#operation/GetJWKS). |
I agree that it can be simpler for the user by using our product - so utilizing our |
@octoper Gentle reminder about this PR |
This PR updates the example in Manual JWT verification to use
@clerk/backend
instead of relying on external libraries