Clerk logo

Clerk Docs

Ctrl + K
Go to clerk.dev

Networkless Token Verification

Networkless token verification using the JWT verification key

Clerk's JWT session token can be verified in a networkless manner using the JWT verification key. By default Clerk will use our JWKs endpoint to fetch and cache the key for any subsequent verification. If you use the CLERK_JWT_KEY environment variable to supply the key, Clerk will pick it up and do networkless verification for session tokens using it.

To learn more about Clerk's token verification you can find more information on our guide to validating session tokens.

The value of the JWT verification key can also be added on the instance level or on any single middleware call e.g. for Next.js

1

Custom instance initialization:

1

Validate the Authorized Party of a session token

Clerk's JWT session token, contains the azp claim, which equals the Origin of the request during token generation. You can provide the middlewares with a list of whitelisted origins to verify against, to protect your application of the subdomain cookie leaking attack. You can find an example below:

Express

1

Next.js

1

Was this helpful?

Clerk © 2022