How should we be using the CLERK_JWT_KEY (JWT_KEY)? When I add it with the other keys my auth fails

Question

How should we be using the CLERK_JWT_KEY (JWT_KEY)? When I add it with the other keys my auth fails

Closed this issue 3 months ago · 7 comments

I'm using the clerk plugin as recommended via the docs: (thank you for it by the way)
.use(clerkPlugin());

and I have my environment variables set locally and in dev/prod. I'm running into a strange issue though. I'm following the Clerk docs and looking to do networkless verification (after the first request to the jwks url is cached) but as soon as I add the CLERK_JWT_KEY my auth stops working both locally and in production. If I do not use the key then my auth works and I'm not sure as to why. I can see that the plugin is already using the clerk client and passing a JWT_KEY so I'm really confused. Any guidance would be appreciated.

Answer 1 · 2024-06-11T18:19:51.000Z

Hey, can you update to the latest version (0.5.x) and let me know if it's fixed? Thanks!

Answer 2 · 2024-06-11T18:24:32.000Z

@wobsoriano I just upgraded and tried but I get the same result. My store basically has all null values:

store: {
    auth: {
      sessionClaims: null,
      sessionId: null,
      userId: null,
      actor: null,
      orgId: null,
      orgRole: null,
      orgSlug: null,
      orgPermissions: null,
      getToken: [Function: getToken],
      has: [Function: has],
      debug: [Function (anonymous)]
    },
    startTime: 4503.259167
  }

Answer 3 · 2024-06-11T18:35:54.000Z

I'm really not sure as to why it's not working. I'll need to explore more on how it works tbh. Sorry about that

Answer 4 · 2024-06-11T19:03:32.000Z

@wobsoriano I guess I can try switching to the clerk node sdk and see if I can just implement it myself but was hoping not to have to. Either way I'll let you know if I find something out.

Answer 5 · 2024-06-11T20:01:06.000Z

Let me know @videate-josh. FYI this module is based on the Fastify middleware.

Answer 6 · 2024-09-20T19:16:02.000Z

feel free to reopen this one, pretty sure you can just do:

import { createClerkClient } from '@clerk/backend'

const app = new Elysia()
  .get('/private', async ({ clerk, request }) => {
    const { isSignedIn } = await clerk.authenticateRequest(request, {
      jwtKey: process.env.CLERK_JWT_KEY,
      authorizedParties: ['https://example.com'],
    })

    if (!isSignedIn) {
      set.status = 401
      return
    }
  
    // Add logic to perform protected actions
  
    return { message: 'This is a reply' }
  })

If you followed the doc here, feel free to ignore the secretKey passed to createClerkClient. Either secretKey or jwtKey should work

Answer 7 · 2024-09-26T23:25:14.000Z

Just to follow up, I had a badly formatted CLERK_JWT_KEY which was causing the issue.