Skip to content

feat(clerk-js): Send previous session token on /tokens requests#8105

Open
nikosdouvlis wants to merge 4 commits intomainfrom
nikos/plat-2566-send-token-on-refresh
Open

feat(clerk-js): Send previous session token on /tokens requests#8105
nikosdouvlis wants to merge 4 commits intomainfrom
nikos/plat-2566-send-token-on-refresh

Conversation

@nikosdouvlis
Copy link
Member

@nikosdouvlis nikosdouvlis commented Mar 18, 2026
edited by coderabbitai bot
Loading

Why

Session Minter needs the previous session JWT to clone claims at the edge without hitting the DB.

What

Send token (previous session JWT) in the POST body on non-template /tokens requests. Uses conditional spread so the key is absent (not token=) when there's no previous token.

The token param is currently ignored by the backend and will be wired up in PLAT-2471.

Test plan

  • Verify token appears in POST body when a previous token exists
  • Verify token key is absent on first mint
  • Verify token is not sent for template token requests
  • Existing token refresh flows still work

Summary by CodeRabbit

  • New Features

    • Enhanced session token refresh to support Session Minter edge token minting by including the previous session token in token refresh requests.
    • Added configuration support for Session Minter functionality.

  • Tests

    • Added comprehensive test coverage for session token refresh behavior with previous token inclusion.

@vercel
Copy link

vercel bot commented Mar 18, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
clerk-js-sandbox Ready Ready Preview, Comment Mar 19, 2026 11:39am

Request Review

@changeset-bot
Copy link

changeset-bot bot commented Mar 18, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 2b6ae78

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages
Name Type
@clerk/clerk-js Patch
@clerk/chrome-extension Patch
@clerk/expo Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@nikosdouvlis nikosdouvlis mentioned this pull request Mar 18, 2026
Closed
6 tasks
@nikosdouvlis
feat(clerk-js): Send previous session token on /tokens requests
cbc83a0 
Send the current session JWT as `token` in the POST body when
requesting a token refresh. This lets the FAPI Proxy forward it to
Session Minter for claim cloning without a DB read.

Uses conditional spread so the key is absent (not `token=`) when
there's no previous token (first mint).
@nikosdouvlis nikosdouvlis force-pushed the nikos/plat-2566-send-token-on-refresh branch from f0b2a14 to cbc83a0 Compare March 18, 2026 13:23
@nikosdouvlis nikosdouvlis mentioned this pull request Mar 18, 2026
Open
3 tasks
@nikosdouvlis
test(clerk-js): Add tests for sending previous token in /tokens body
388086f 
Unit tests verify the token param is present when lastActiveToken
exists, absent on first mint, absent for template requests, and
matches getRawString() exactly. E2e test verifies token refresh
still works with the new param in the POST body.
@nikosdouvlis nikosdouvlis marked this pull request as ready for review March 18, 2026 14:03
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 18, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2dc3a5c7-ef79-402b-ae5f-be8e3a4e6a31

📥 Commits

Reviewing files that changed from the base of the PR and between 66d9de6 and 2b6ae78.

📒 Files selected for processing (4)
  • packages/clerk-js/src/core/resources/AuthConfig.ts
  • packages/clerk-js/src/core/resources/Session.ts
  • packages/shared/src/types/authConfig.ts
  • packages/shared/src/types/json.ts
📝 Walkthrough

Walkthrough

This pull request adds support for Session Minter edge token minting by enabling the transmission of previous session tokens on /tokens requests. Changes include: extending AuthConfigJSON with an optional session_minter boolean property, updating AuthConfig and AuthConfigResource to include the sessionMinter field, modifying Session.#createTokenResolver to conditionally include the previous token in request parameters when session minting is enabled, and adding comprehensive test coverage across resiliency and unit tests to validate the token transmission behavior. A changeset entry documents the patch update to @clerk/clerk-js.

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'feat(clerk-js): Send previous session token on /tokens requests' directly matches the primary change—adding the previous session token to /tokens request bodies for Session Minter support.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

📝 Coding Plan
  • Generate coding plan for human review comments

Comment @coderabbitai help to get the list of available commands and usage tips.

@nikosdouvlis
feat(clerk-js): Gate previous token in /tokens body behind session_mi…
66d9de6 
…nter flag

Only send the previous session JWT in the POST body when the
environment has session_minter enabled. This lets us roll out
Session Minter incrementally via the environment config.
@pkg-pr-new
Copy link

pkg-pr-new bot commented Mar 19, 2026
edited
Loading

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@8105

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8105

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8105

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8105

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8105

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@8105

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8105

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8105

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8105

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8105

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8105

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8105

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8105

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8105

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8105

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8105

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8105

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8105

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8105

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8105

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8105

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8105

commit: 2b6ae78

@nikosdouvlis
refactor(clerk-js): Move session_minter flag from Environment to Auth…
2b6ae78 
…Config

AuthConfig is the right home for this since it controls auth behavior,
not environment-level display/maintenance settings.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bratsos bratsos bratsos approved these changes

Assignees

No one assigned

Labels

clerk-js integration

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nikosdouvlis @bratsos