authenticateRequest()
Authenticates a token passed from the frontend. Networkless if the secretKey
or jwtKey
are provided. Otherwise, performs a network call to retrieve the JWKS from Clerk's Backend API.
- Name
request
- Type
Request
- Description
Request
object
- Name
options?
- Type
AuthenticateRequestOptions
- Description
Optional options to configure the authentication.
- Name
secretKey?
- Type
string
- Description
The Clerk secret key from the API Keys page in the Clerk Dashboard.
- Name
publishableKey?
- Type
string
- Description
The Clerk publishable key from the API Keys page in the Clerk Dashboard.
- Name
domain?
- Type
string
- Description
The domain for the application. For development, you can pass the localhost your application is running on. For example:
localhost:3001
- Name
isSatellite?
- Type
boolean
- Description
Set to
true
if the instance is a satellite domain in a multi-domain setup.
- Name
proxyUrl?
- Type
string
- Description
The proxy URL from a multi-domain setup.
- Name
signInUrl?
- Type
string
- Description
The sign-in URL from a multi-domain setup. It's recommended to use the environment variable instead.
- Name
signUpUrl?
- Type
string
- Description
It's recommended to use sign-up URL from a multi-domain setup. Use the environment variable instead.
- Name
signInForceRedirectUrl?
- Type
string
- Description
If provided, this URL will always be redirected to after the user signs in. It's recommended to use the environment variable instead.
- Name
signUpForceRedirectUrl?
- Type
string
- Description
If provided, this URL will always be redirected to after the user signs up. It's recommended to use the environment variable instead.
- Name
signInFallbackRedirectUrl?
- Type
string
- Description
The fallback URL to redirect to after the user signs in, if there's no
redirect_url
in the path already. Defaults to/
. It's recommended to use the environment variable instead.
- Name
signUpFallbackRedirectUrl?
- Type
string
- Description
The fallback URL to redirect to after the user signs up, if there's no
redirect_url
in the path already. Defaults to/
. It's recommended to use the environment variable instead.
- Name
jwtKey?
- Type
string
- Description
The PEM public key from the API Keys page -> Advanced -> JWT public key section of the Clerk Dashboard. It's recommended to use the environment variable instead.
- Name
audience?
- Type
string | string[]
- Description
A string or list of audiences.
- Name
clockSkewInMs?
- Type
number
- Description
Specifies the allowed time difference (in milliseconds) between the Clerk server (which generates the token) and the clock of the user's application server when validating a token. Defaults to 5000 ms (5 seconds).
- Name
jwksCacheTtlInMs?
- Type
number
- Description
Specifies the allowed time (in milliseconds) the JWKs are considered valid in cache . Defaults to 3600_000 ms (1 hour).
- Name
skipJwksCache?
- Type
boolean
- Description
A flag to skip ignore cache and always fetch JWKs before each jwt verification.
authenticateRequest()
example
Takes the token passed by the frontend as a Bearer token in the Authorization header, and performs a networkless authenication. This will verify if the user is signed into the application or not.