authenticateRequest()
Authenticates a token passed from the frontend. Networkless if the secretKey or jwtKey are provided. Otherwise, performs a network call to retrieve the JWKS from Clerk's Backend API.
function authenticateRequest: (request: Request, options: AuthenticateRequestOptions) => Promise<RequestState>;- Name
request- Type
Request- Description
Requestobject
- Name
options?- Type
AuthenticateRequestOptions- Description
Optional options to configure the authentication.
- Name
secretKey?- Type
string- Description
The Clerk secret key from the API Keys page in the Clerk Dashboard.
- Name
publishableKey?- Type
string- Description
The Clerk publishable key from the API Keys page in the Clerk Dashboard.
- Name
domain?- Type
string- Description
The domain for the application. For development, you can pass the localhost your application is running on. For example:
localhost:3001
- Name
isSatellite?- Type
boolean- Description
Set to
trueif the instance is a satellite domain in a multi-domain setup.
- Name
proxyUrl?- Type
string- Description
The proxy URL from a multi-domain setup.
- Name
signInUrl?- Type
string- Description
The sign-in URL from a multi-domain setup. It's recommended to use the environment variable instead.
- Name
signUpUrl?- Type
string- Description
It's recommended to use sign-up URL from a multi-domain setup. Use the environment variable instead.
- Name
signInForceRedirectUrl?- Type
string- Description
If provided, this URL will always be redirected to after the user signs in. It's recommended to use the environment variable instead.
- Name
signUpForceRedirectUrl?- Type
string- Description
If provided, this URL will always be redirected to after the user signs up. It's recommended to use the environment variable instead.
- Name
signInFallbackRedirectUrl?- Type
string- Description
The fallback URL to redirect to after the user signs in, if there's no
redirect_urlin the path already. Defaults to/. It's recommended to use the environment variable instead.
- Name
signUpFallbackRedirectUrl?- Type
string- Description
The fallback URL to redirect to after the user signs up, if there's no
redirect_urlin the path already. Defaults to/. It's recommended to use the environment variable instead.
- Name
jwtKey?- Type
string- Description
The PEM public key from the API Keys page -> Advanced -> JWT public key section of the Clerk Dashboard. It's recommended to use the environment variable instead.
- Name
audience?- Type
string | string[]- Description
A string or list of audiences.
- Name
clockSkewInMs?- Type
number- Description
Specifies the allowed time difference (in milliseconds) between the Clerk server (which generates the token) and the clock of the user's application server when validating a token. Defaults to 5000 ms (5 seconds).
- Name
jwksCacheTtlInMs?- Type
number- Description
Specifies the allowed time (in milliseconds) the JWKs are considered valid in cache . Defaults to 3600_000 ms (1 hour).
- Name
skipJwksCache?- Type
boolean- Description
A flag to skip ignore cache and always fetch JWKs before each jwt verification.
authenticateRequest() example
Takes the token passed by the frontend as a Bearer token in the Authorization header, and performs a networkless authenication. This will verify if the user is signed into the application or not.
import { clerkClient } from '@clerk/nextjs/server'
import { NextRequest, NextResponse } from 'next/server'
export async function GET(req: NextRequest) {
const { isSignedIn } = await clerkClient.authenticateRequest(req)
if ( !isSignedIn ) {
return NextResponse.json({ status: 401 })
}
// Perform protected actions
return NextResponse.json({ message: "This is a reply" })
}