From 2e34970eed9cc1a1bc55a1e05e0a76011a8fe17c Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Wed, 15 Jan 2025 22:23:00 -0300
Subject: [PATCH 01/25] Add bare draft for `useSSO` docs
---
docs/references/expo/use-sso.mdx | 68 ++++++++++++++++++++++++++++++++
1 file changed, 68 insertions(+)
create mode 100644 docs/references/expo/use-sso.mdx
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
new file mode 100644
index 0000000000..c62a12c808
--- /dev/null
+++ b/docs/references/expo/use-sso.mdx
@@ -0,0 +1,68 @@
+---
+title: '`useSSO()`'
+description: Clerk's useSSO() hook is used to create a new SSO flow.
+---
+
+The `useSSO()` hook is used to create a new SSO flow. It can be used in both web and native apps.
+
+## Parameters
+
+
+ - `strategy`
+ - [`OAuthStrategy`](/docs/references/javascript/types/oauth#o-auth-strategy)
+ - [`EnterpriseSSOStrategy`](/docs/references/javascript/types/oauth#o-auth-strategy)
+
+ The strategy corresponding to the SSO provider. For example: `oauth_facebook`, `oauth_github`, `enterprise_sso`, etc.
+
+ ---
+
+ - `redirectUrl?`
+ - `string`
+
+ The URL or path to redirect to after the SSO flow is complete.
+
+ ---
+
+ - `unsafeMetadata?`
+ - [`SignUpUnsafeMetadata`](/docs/references/javascript/types/metadata#sign-up-unsafe-metadata)
+
+ Unsafe metadata to be passed to the SSO provider.
+
+
+## Returns
+
+The `useSSO()` hook returns the `startFlow()` method, which you can use to initiate the SSO flow.
+
+The `startFlow()` method has the following signature:
+
+```ts
+const startFlow: (
+ startSSOFlowParams?: StartSSOFlowParams,
+) => Promise
+```
+
+It accepts the following parameters (`StartSSOFlowParams`):
+
+
+ - `redirectUrl?`
+ - `string`
+
+ The URL or path to redirect to after the OAuth flow is complete.
+
+ ---
+
+ - `unsafeMetadata?`
+ - [`SignUpUnsafeMetadata`](/docs/references/javascript/types/metadata#sign-up-unsafe-metadata)
+
+ Unsafe metadata to be passed to the OAuth provider.
+
+ ---
+ - `identifier?`
+ - string
+
+ The [identifier](/docs/authentication/configuration/sign-up-sign-in-options#identifier) of the user.
+
+
+## How to use the `useSSO()` hook
+
+
From 1e71a1a2808488a9ae6effba39c6acfc9b34cdd0 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Wed, 15 Jan 2025 22:44:00 -0300
Subject: [PATCH 02/25] Update snippets
---
docs/_partials/expo/oauth-custom-flow.mdx | 58 --------
docs/references/expo/use-sso.mdx | 166 +++++++++++++++++++---
2 files changed, 146 insertions(+), 78 deletions(-)
delete mode 100644 docs/_partials/expo/oauth-custom-flow.mdx
diff --git a/docs/_partials/expo/oauth-custom-flow.mdx b/docs/_partials/expo/oauth-custom-flow.mdx
deleted file mode 100644
index 81f09bee6c..0000000000
--- a/docs/_partials/expo/oauth-custom-flow.mdx
+++ /dev/null
@@ -1,58 +0,0 @@
-The following example demonstrates how to create a custom OAuth sign-in flow for [Google accounts](/docs/authentication/social-connections/google).
-
-```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
-import React from 'react'
-import * as WebBrowser from 'expo-web-browser'
-import { Text, View, Button } from 'react-native'
-import { Link } from 'expo-router'
-import { useOAuth } from '@clerk/clerk-expo'
-import * as Linking from 'expo-linking'
-
-export const useWarmUpBrowser = () => {
- React.useEffect(() => {
- // Warm up the android browser to improve UX
- // https://docs.expo.dev/guides/authentication/#improving-user-experience
- void WebBrowser.warmUpAsync()
- return () => {
- void WebBrowser.coolDownAsync()
- }
- }, [])
-}
-
-WebBrowser.maybeCompleteAuthSession()
-
-export default function Page() {
- useWarmUpBrowser()
-
- const { startOAuthFlow } = useOAuth({ strategy: 'oauth_google' })
-
- const onPress = React.useCallback(async () => {
- try {
- const { createdSessionId, signIn, signUp, setActive } = await startOAuthFlow({
- redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }),
- })
-
- // If sign in was successful, set the active session
- if (createdSessionId) {
- setActive!({ session: createdSessionId })
- } else {
- // Use signIn or signUp returned from startOAuthFlow
- // for next steps, such as MFA
- }
- } catch (err) {
- // See https://clerk.com/docs/custom-flows/error-handling
- // for more info on error handling
- console.error(JSON.stringify(err, null, 2))
- }
- }, [])
-
- return (
-
-
- Home
-
-
-
- )
-}
-```
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index c62a12c808..f1e9f5e894 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -9,36 +9,43 @@ The `useSSO()` hook is used to create a new SSO flow. It can be used in both web
- `strategy`
- - [`OAuthStrategy`](/docs/references/javascript/types/oauth#o-auth-strategy)
- - [`EnterpriseSSOStrategy`](/docs/references/javascript/types/oauth#o-auth-strategy)
- The strategy corresponding to the SSO provider. For example: `oauth_facebook`, `oauth_github`, `enterprise_sso`, etc.
+ - [`OAuthStrategy`](/docs/references/javascript/types/sso#o-auth-strategy)
- ---
+ - [`EnterpriseSSOStrategy`](/docs/references/javascript/types/sso#enterprise-sso-strategy)
- - `redirectUrl?`
- - `string`
+ - `strategy?`
- The URL or path to redirect to after the SSO flow is complete.
+ - `string`
- ---
+ Select the SSO strategy. The `enterprise_sso` value depends on the object's `identifier` value. Possible `strategy` values are:
- - `unsafeMetadata?`
- - [`SignUpUnsafeMetadata`](/docs/references/javascript/types/metadata#sign-up-unsafe-metadata)
+ - `oauth_`: The user will be authenticated with their social sign-in account. [See available social providers](/docs/references/javascript/types/oauth#o-auth-provider).
+ - `enterprise_sso`: The user will be authenticated either through SAML or OIDC, depending on the configuration of the [enterprise connection](/docs/authentication/enterprise-connections/overview) matching the identifier.
+
+ ---
- Unsafe metadata to be passed to the SSO provider.
+ - `redirectUrl?`
+ - `string`
+
+ The URL or path to redirect to after the SSO flow is complete.
+
+ ---
+
+ - `unsafeMetadata?`
+ - [`SignUpUnsafeMetadata`](/docs/references/javascript/types/metadata#sign-up-unsafe-metadata)
+
+ Unsafe metadata to be passed to the SSO provider.
## Returns
-The `useSSO()` hook returns the `startFlow()` method, which you can use to initiate the SSO flow.
+The `useSSO()` hook returns the `useSSOFlow()` method, which you can use to initiate the SSO flow.
-The `startFlow()` method has the following signature:
+The `startSSOFlow()` method has the following signature:
```ts
-const startFlow: (
- startSSOFlowParams?: StartSSOFlowParams,
-) => Promise
+const startSSOFlow: (startSSOFlowParams?: StartSSOFlowParams) => Promise
```
It accepts the following parameters (`StartSSOFlowParams`):
@@ -57,12 +64,131 @@ It accepts the following parameters (`StartSSOFlowParams`):
Unsafe metadata to be passed to the OAuth provider.
---
+
- `identifier?`
- string
- The [identifier](/docs/authentication/configuration/sign-up-sign-in-options#identifier) of the user.
+ The [identifier](/docs/authentication/configuration/sign-up-sign-in-options#identifier) of the user. Required for `enterprise_sso` strategy.
-## How to use the `useSSO()` hook
-
-
+## How to use `useSSO()`
+
+
+
+ The following example demonstrates how to create a custom SSO sign-in flow for [Google accounts](/docs/authentication/social-connections/google).
+
+ ```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
+ import React from 'react'
+ import * as WebBrowser from 'expo-web-browser'
+ import { Text, View, Button } from 'react-native'
+ import { Link } from 'expo-router'
+ import { useSSO } from '@clerk/clerk-expo'
+ import * as Linking from 'expo-linking'
+
+ export const useWarmUpBrowser = () => {
+ React.useEffect(() => {
+ // Warm up the android browser to improve UX
+ // https://docs.expo.dev/guides/authentication/#improving-user-experience
+ void WebBrowser.warmUpAsync()
+ return () => {
+ void WebBrowser.coolDownAsync()
+ }
+ }, [])
+ }
+
+ WebBrowser.maybeCompleteAuthSession()
+
+ export default function Page() {
+ useWarmUpBrowser()
+
+ const { useSSOFlow } = useSSO({ strategy: 'oauth_google' })
+
+ const onPress = React.useCallback(async () => {
+ try {
+ const { createdSessionId, signIn, signUp, setActive } = await useSSOFlow({
+ redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }),
+ })
+
+ // If sign in was successful, set the active session
+ if (createdSessionId) {
+ setActive!({ session: createdSessionId })
+ } else {
+ // Use signIn or signUp returned from startOAuthFlow
+ // for next steps, such as MFA
+ }
+ } catch (err) {
+ // See https://clerk.com/docs/custom-flows/error-handling
+ // for more info on error handling
+ console.error(JSON.stringify(err, null, 2))
+ }
+ }, [])
+
+ return (
+
+
+
+ )
+ }
+ ```
+
+
+
+ The following example demonstrates how to create a custom SSO sign-in flow with [SAML](/authentication/enterprise-connections/overview#saml).
+
+ ```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
+ import React from 'react'
+ import * as WebBrowser from 'expo-web-browser'
+ import { Text, View, Button } from 'react-native'
+ import { Link } from 'expo-router'
+ import { useSSO } from '@clerk/clerk-expo'
+ import * as Linking from 'expo-linking'
+
+ export const useWarmUpBrowser = () => {
+ React.useEffect(() => {
+ // Warm up the android browser to improve UX
+ // https://docs.expo.dev/guides/authentication/#improving-user-experience
+ void WebBrowser.warmUpAsync()
+ return () => {
+ void WebBrowser.coolDownAsync()
+ }
+ }, [])
+ }
+
+ WebBrowser.maybeCompleteAuthSession()
+
+ export default function Page() {
+ useWarmUpBrowser()
+
+ const { useSSOFlow } = useSSO({ strategy: 'enterprise_sso' })
+
+ const onPress = React.useCallback(async () => {
+ try {
+ const { createdSessionId, signIn, signUp, setActive } = await useSSOFlow({
+ redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }),
+ // User identifier with a email domain that matches a enterprise connection
+ identifier: 'foo@corp.com',
+ })
+
+ // If sign in was successful, set the active session
+ if (createdSessionId) {
+ setActive!({ session: createdSessionId })
+ } else {
+ // Use signIn or signUp returned from startOAuthFlow
+ // for next steps, such as MFA
+ }
+ } catch (err) {
+ // See https://clerk.com/docs/custom-flows/error-handling
+ // for more info on error handling
+ console.error(JSON.stringify(err, null, 2))
+ }
+ }, [])
+
+ return (
+
+
+
+ )
+ }
+ ```
+
+
From 69c704df95717a463bde96cfdfe65eba4bedd41d Mon Sep 17 00:00:00 2001
From: vi
Date: Thu, 16 Jan 2025 14:59:14 -0500
Subject: [PATCH 03/25] update
---
docs/references/expo/use-sso.mdx | 71 ++++++++++++++++----------------
1 file changed, 36 insertions(+), 35 deletions(-)
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index f1e9f5e894..2326310a0a 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -1,5 +1,5 @@
---
-title: '`useSSO()`'
+title: useSSO()
description: Clerk's useSSO() hook is used to create a new SSO flow.
---
@@ -9,19 +9,14 @@ The `useSSO()` hook is used to create a new SSO flow. It can be used in both web
- `strategy`
-
- [`OAuthStrategy`](/docs/references/javascript/types/sso#o-auth-strategy)
-
- [`EnterpriseSSOStrategy`](/docs/references/javascript/types/sso#enterprise-sso-strategy)
- - `strategy?`
-
- - `string`
-
- Select the SSO strategy. The `enterprise_sso` value depends on the object's `identifier` value. Possible `strategy` values are:
-
- - `oauth_`: The user will be authenticated with their social sign-in account. [See available social providers](/docs/references/javascript/types/oauth#o-auth-provider).
- - `enterprise_sso`: The user will be authenticated either through SAML or OIDC, depending on the configuration of the [enterprise connection](/docs/authentication/enterprise-connections/overview) matching the identifier.
+ - `strategy?`
+ - `string`
+ Select the SSO strategy. The `enterprise_sso` value depends on the object's `identifier` value. Possible `strategy` values are:
+ - `oauth_`: The user will be authenticated with their social sign-in account. [See available social providers](/docs/references/javascript/types/oauth#o-auth-provider).
+ - `enterprise_sso`: The user will be authenticated either through SAML or OIDC, depending on the configuration of the [enterprise connection](/docs/authentication/enterprise-connections/overview) matching the identifier.
---
@@ -78,39 +73,42 @@ It accepts the following parameters (`StartSSOFlowParams`):
The following example demonstrates how to create a custom SSO sign-in flow for [Google accounts](/docs/authentication/social-connections/google).
```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
- import React from 'react'
+ import React, { useCallback, useEffect } from 'react'
import * as WebBrowser from 'expo-web-browser'
- import { Text, View, Button } from 'react-native'
- import { Link } from 'expo-router'
- import { useSSO } from '@clerk/clerk-expo'
import * as Linking from 'expo-linking'
+ import { useSSO } from '@clerk/clerk-expo'
+ import { View, Button } from 'react-native'
export const useWarmUpBrowser = () => {
- React.useEffect(() => {
- // Warm up the android browser to improve UX
- // https://docs.expo.dev/guides/authentication/#improving-user-experience
+ useEffect(() => {
+ // Preloads the browser for Android devices to reduce authentication load time
+ // See: https://docs.expo.dev/guides/authentication/#improving-user-experience
void WebBrowser.warmUpAsync()
return () => {
+ // Cleanup: closes browser when component unmounts
void WebBrowser.coolDownAsync()
}
}, [])
}
+ // Handle any pending authentication sessions
WebBrowser.maybeCompleteAuthSession()
export default function Page() {
useWarmUpBrowser()
- const { useSSOFlow } = useSSO({ strategy: 'oauth_google' })
+ const { startSSOFlow } = useSSO({ strategy: 'oauth_google' })
- const onPress = React.useCallback(async () => {
+ const onPress = useCallback(async () => {
try {
- const { createdSessionId, signIn, signUp, setActive } = await useSSOFlow({
+ const { createdSessionId, setActive } = await startSSOFlow({
+ // Specify redirect URL after successful authentication
+ // Must match the scheme defined in app.json
redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }),
})
- // If sign in was successful, set the active session
if (createdSessionId) {
+ // If sign in was successful, set the active session
setActive!({ session: createdSessionId })
} else {
// Use signIn or signUp returned from startOAuthFlow
@@ -133,44 +131,47 @@ It accepts the following parameters (`StartSSOFlowParams`):
- The following example demonstrates how to create a custom SSO sign-in flow with [SAML](/authentication/enterprise-connections/overview#saml).
+ The following example demonstrates how to create a custom SSO sign-in flow with [SAML](docs/authentication/enterprise-connections/overview#saml).
```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
- import React from 'react'
+ import React, { useCallback, useEffect } from 'react'
import * as WebBrowser from 'expo-web-browser'
- import { Text, View, Button } from 'react-native'
- import { Link } from 'expo-router'
- import { useSSO } from '@clerk/clerk-expo'
import * as Linking from 'expo-linking'
+ import { useSSO } from '@clerk/clerk-expo'
+ import { View, Button } from 'react-native'
export const useWarmUpBrowser = () => {
- React.useEffect(() => {
- // Warm up the android browser to improve UX
- // https://docs.expo.dev/guides/authentication/#improving-user-experience
+ useEffect(() => {
+ // Preloads the browser for Android devices to reduce authentication load time
+ // See: https://docs.expo.dev/guides/authentication/#improving-user-experience
void WebBrowser.warmUpAsync()
return () => {
+ // Cleanup: closes browser when component unmounts
void WebBrowser.coolDownAsync()
}
}, [])
}
+ // Handle any pending authentication sessions
WebBrowser.maybeCompleteAuthSession()
export default function Page() {
useWarmUpBrowser()
- const { useSSOFlow } = useSSO({ strategy: 'enterprise_sso' })
+ const { startSSOFlow } = useSSO({ strategy: 'enterprise_sso' })
- const onPress = React.useCallback(async () => {
+ const onPress = useCallback(async () => {
try {
- const { createdSessionId, signIn, signUp, setActive } = await useSSOFlow({
+ const { createdSessionId, setActive } = await startSSOFlow({
+ // Specify redirect URL after successful authentication
+ // Must match the scheme defined in app.json
redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }),
// User identifier with a email domain that matches a enterprise connection
- identifier: 'foo@corp.com',
+ identifier: 'email',
})
- // If sign in was successful, set the active session
if (createdSessionId) {
+ // If sign in was successful, set the active session
setActive!({ session: createdSessionId })
} else {
// Use signIn or signUp returned from startOAuthFlow
From 7f52af60880e7e3741366da9228eb6f52cf60509 Mon Sep 17 00:00:00 2001
From: vi
Date: Thu, 16 Jan 2025 15:51:12 -0500
Subject: [PATCH 04/25] fix intros to code examples
---
docs/references/expo/use-sso.mdx | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index 2326310a0a..77894ac869 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -66,12 +66,16 @@ It accepts the following parameters (`StartSSOFlowParams`):
The [identifier](/docs/authentication/configuration/sign-up-sign-in-options#identifier) of the user. Required for `enterprise_sso` strategy.
-## How to use `useSSO()`
+## How to use `useSSO()` hook to create a custom SSO sign-in flow
The following example demonstrates how to create a custom SSO sign-in flow for [Google accounts](/docs/authentication/social-connections/google).
+ The `useSSO()` hook is used to create a new SSO flow with the `oauth_google` strategy. When the user presses the sign-in button, the `startSSOFlow()` method is called. If sign-in is successful, `createdSessionId` is used to set the active session. The `redirectUrl` parameter is used to specify the URL to redirect to after the SSO flow is complete.
+
+ If sign-in isn't successful, the `signIn` or `signUp` method returned from `startSSOFlow()` can be used to further authenticate the user.
+
```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
import React, { useCallback, useEffect } from 'react'
import * as WebBrowser from 'expo-web-browser'
@@ -111,7 +115,7 @@ It accepts the following parameters (`StartSSOFlowParams`):
// If sign in was successful, set the active session
setActive!({ session: createdSessionId })
} else {
- // Use signIn or signUp returned from startOAuthFlow
+ // Use signIn or signUp returned from startSSOFlow
// for next steps, such as MFA
}
} catch (err) {
@@ -133,6 +137,10 @@ It accepts the following parameters (`StartSSOFlowParams`):
The following example demonstrates how to create a custom SSO sign-in flow with [SAML](docs/authentication/enterprise-connections/overview#saml).
+ The `useSSO()` hook is used to create a new SSO flow with the `enterprise_sso` strategy and the [`identifier`](/docs/authentication/configuration/sign-up-sign-in-options#identifier) parameter set to the user's email address. When the user presses the sign-in button, the `startSSOFlow()` method is called. If sign-in is successful, `createdSessionId` is used to set the active session. The `redirectUrl` parameter is used to specify the URL to redirect to after the SSO flow is complete.
+
+ If sign-in isn't successful, the `signIn` or `signUp` method returned from `startSSOFlow()` can be used to further authenticate the user.
+
```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
import React, { useCallback, useEffect } from 'react'
import * as WebBrowser from 'expo-web-browser'
@@ -158,7 +166,7 @@ It accepts the following parameters (`StartSSOFlowParams`):
export default function Page() {
useWarmUpBrowser()
- const { startSSOFlow } = useSSO({ strategy: 'enterprise_sso' })
+ const { startSSOFlow } = useSSO({ strategy: 'enterprise_sso', identifier: 'email' })
const onPress = useCallback(async () => {
try {
From bcb5f9ce1a6c63dcdf733125d18b5d6cad6b278c Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 17 Jan 2025 14:56:12 -0300
Subject: [PATCH 05/25] fix: Rollback guides for deprecated `useOAuth`
---
docs/_partials/expo/oauth-custom-flow.mdx | 58 +++++++++++++++++++++++
docs/references/expo/use-oauth.mdx | 2 +-
2 files changed, 59 insertions(+), 1 deletion(-)
create mode 100644 docs/_partials/expo/oauth-custom-flow.mdx
diff --git a/docs/_partials/expo/oauth-custom-flow.mdx b/docs/_partials/expo/oauth-custom-flow.mdx
new file mode 100644
index 0000000000..81f09bee6c
--- /dev/null
+++ b/docs/_partials/expo/oauth-custom-flow.mdx
@@ -0,0 +1,58 @@
+The following example demonstrates how to create a custom OAuth sign-in flow for [Google accounts](/docs/authentication/social-connections/google).
+
+```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
+import React from 'react'
+import * as WebBrowser from 'expo-web-browser'
+import { Text, View, Button } from 'react-native'
+import { Link } from 'expo-router'
+import { useOAuth } from '@clerk/clerk-expo'
+import * as Linking from 'expo-linking'
+
+export const useWarmUpBrowser = () => {
+ React.useEffect(() => {
+ // Warm up the android browser to improve UX
+ // https://docs.expo.dev/guides/authentication/#improving-user-experience
+ void WebBrowser.warmUpAsync()
+ return () => {
+ void WebBrowser.coolDownAsync()
+ }
+ }, [])
+}
+
+WebBrowser.maybeCompleteAuthSession()
+
+export default function Page() {
+ useWarmUpBrowser()
+
+ const { startOAuthFlow } = useOAuth({ strategy: 'oauth_google' })
+
+ const onPress = React.useCallback(async () => {
+ try {
+ const { createdSessionId, signIn, signUp, setActive } = await startOAuthFlow({
+ redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }),
+ })
+
+ // If sign in was successful, set the active session
+ if (createdSessionId) {
+ setActive!({ session: createdSessionId })
+ } else {
+ // Use signIn or signUp returned from startOAuthFlow
+ // for next steps, such as MFA
+ }
+ } catch (err) {
+ // See https://clerk.com/docs/custom-flows/error-handling
+ // for more info on error handling
+ console.error(JSON.stringify(err, null, 2))
+ }
+ }, [])
+
+ return (
+
+
+ Home
+
+
+
+ )
+}
+```
diff --git a/docs/references/expo/use-oauth.mdx b/docs/references/expo/use-oauth.mdx
index 4e3935dfe9..8324818985 100644
--- a/docs/references/expo/use-oauth.mdx
+++ b/docs/references/expo/use-oauth.mdx
@@ -46,7 +46,7 @@ It accepts the following parameters (`StartOAuthFlowParams`):
- `redirectUrl?`
- `string`
- The full URL or path to redirect to after the OAuth flow is complete.
+ The URL or path to redirect to after the OAuth flow is complete.
---
From 2a15e4ea4a2b43ef0596d435297df2efbcb03337 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 17 Jan 2025 14:58:21 -0300
Subject: [PATCH 06/25] chore: Add deprecation warning
---
docs/references/expo/use-oauth.mdx | 3 +++
1 file changed, 3 insertions(+)
diff --git a/docs/references/expo/use-oauth.mdx b/docs/references/expo/use-oauth.mdx
index 8324818985..cc1619ebd5 100644
--- a/docs/references/expo/use-oauth.mdx
+++ b/docs/references/expo/use-oauth.mdx
@@ -5,6 +5,9 @@ description: Clerk's useOAuth() hook is used to create a new OAuth flow.
The `useOAuth()` hook is used to create a new OAuth flow. It can be used in both web and native apps.
+> [!WARNING]
+> This feature is deprecated. Please use the [`useSSO()`](/docs/references/expo/use-sso.mdx) instead.
+
## Parameters
From bc2e51cbba91253f3b3aff03fab89717851f2880 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 17 Jan 2025 15:03:37 -0300
Subject: [PATCH 07/25] chore: Remove `redirectUrl` from properties
---
docs/references/expo/use-sso.mdx | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index 77894ac869..42ebe06feb 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -35,7 +35,7 @@ The `useSSO()` hook is used to create a new SSO flow. It can be used in both web
## Returns
-The `useSSO()` hook returns the `useSSOFlow()` method, which you can use to initiate the SSO flow.
+The `useSSO()` hook returns the `startSSOFlow()` method, which you can use to initiate the SSO flow.
The `startSSOFlow()` method has the following signature:
@@ -46,12 +46,6 @@ const startSSOFlow: (startSSOFlowParams?: StartSSOFlowParams) => Promise
- - `redirectUrl?`
- - `string`
-
- The URL or path to redirect to after the OAuth flow is complete.
-
- ---
- `unsafeMetadata?`
- [`SignUpUnsafeMetadata`](/docs/references/javascript/types/metadata#sign-up-unsafe-metadata)
From bb12f812fae36733b1adea33e6b19b8f0b7887ab Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 17 Jan 2025 15:16:13 -0300
Subject: [PATCH 08/25] chore: Improve description for `strategy` property
---
docs/references/expo/use-sso.mdx | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index 42ebe06feb..3faa71dbfc 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -8,15 +8,12 @@ The `useSSO()` hook is used to create a new SSO flow. It can be used in both web
## Parameters
- - `strategy`
- - [`OAuthStrategy`](/docs/references/javascript/types/sso#o-auth-strategy)
- - [`EnterpriseSSOStrategy`](/docs/references/javascript/types/sso#enterprise-sso-strategy)
+ - `strategy?`
- - `strategy?`
- - `string`
- Select the SSO strategy. The `enterprise_sso` value depends on the object's `identifier` value. Possible `strategy` values are:
- - `oauth_`: The user will be authenticated with their social sign-in account. [See available social providers](/docs/references/javascript/types/oauth#o-auth-provider).
- - `enterprise_sso`: The user will be authenticated either through SAML or OIDC, depending on the configuration of the [enterprise connection](/docs/authentication/enterprise-connections/overview) matching the identifier.
+ - `string`
+ Select the SSO strategy. The `enterprise_sso` value depends on the object's `identifier` value. Possible `strategy` values are:
+ - [`OAuthStrategy`](/docs/references/javascript/types/sso#o-auth-strategy): The user will be authenticated with their social sign-in account. [See available social providers](/docs/references/javascript/types/oauth#o-auth-provider).
+ - [`EnterpriseSSOStrategy`](/docs/references/javascript/types/sso#enterprise-sso-strategy): The user will be authenticated either through SAML, OIDC or EASIE, depending on the configuration of the [enterprise connection](/docs/authentication/enterprise-connections/overview) matching the identifier.
---
@@ -46,7 +43,6 @@ const startSSOFlow: (startSSOFlowParams?: StartSSOFlowParams) => Promise
-
- `unsafeMetadata?`
- [`SignUpUnsafeMetadata`](/docs/references/javascript/types/metadata#sign-up-unsafe-metadata)
From ba4aed04d8e1fa33690526ff43a494c8ca9876d5 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 17 Jan 2025 15:18:29 -0300
Subject: [PATCH 09/25] chore: Fix `useSSO` link
---
docs/references/expo/use-oauth.mdx | 2 +-
docs/references/expo/use-sso.mdx | 13 +++++++------
2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/docs/references/expo/use-oauth.mdx b/docs/references/expo/use-oauth.mdx
index cc1619ebd5..9dea6cff9c 100644
--- a/docs/references/expo/use-oauth.mdx
+++ b/docs/references/expo/use-oauth.mdx
@@ -6,7 +6,7 @@ description: Clerk's useOAuth() hook is used to create a new OAuth flow.
The `useOAuth()` hook is used to create a new OAuth flow. It can be used in both web and native apps.
> [!WARNING]
-> This feature is deprecated. Please use the [`useSSO()`](/docs/references/expo/use-sso.mdx) instead.
+> This feature is deprecated. Please use the [`useSSO()`](/docs/references/expo/use-sso) instead.
## Parameters
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index 3faa71dbfc..5daf77e41c 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -8,12 +8,13 @@ The `useSSO()` hook is used to create a new SSO flow. It can be used in both web
## Parameters
- - `strategy?`
+ - `strategy`
+ - [OAuthStrategy](/docs/references/javascript/types/sso#o-auth-strategy) | [EnterpriseSSOStrategy](/docs/references/javascript/types/sso#enterprise-sso-strategy)
- - `string`
- Select the SSO strategy. The `enterprise_sso` value depends on the object's `identifier` value. Possible `strategy` values are:
- - [`OAuthStrategy`](/docs/references/javascript/types/sso#o-auth-strategy): The user will be authenticated with their social sign-in account. [See available social providers](/docs/references/javascript/types/oauth#o-auth-provider).
- - [`EnterpriseSSOStrategy`](/docs/references/javascript/types/sso#enterprise-sso-strategy): The user will be authenticated either through SAML, OIDC or EASIE, depending on the configuration of the [enterprise connection](/docs/authentication/enterprise-connections/overview) matching the identifier.
+ The strategy to use for authentication. The following strategies are supported:
+
+ - `oauth_`: The user will be authenticated with their social sign-in account. [See available social providers](/docs/references/javascript/types/oauth#o-auth-provider).
+ - `enterprise_sso`: The user will be authenticated either through SAML, EASIE or OIDC, depending on the configuration of the [enterprise connection](/docs/authentication/enterprise-connections/overview) matching the identifier.
---
@@ -46,7 +47,7 @@ It accepts the following parameters (`StartSSOFlowParams`):
- `unsafeMetadata?`
- [`SignUpUnsafeMetadata`](/docs/references/javascript/types/metadata#sign-up-unsafe-metadata)
- Unsafe metadata to be passed to the OAuth provider.
+ Unsafe metadata to be passed to the SSO provider.
---
From 36f8ba99c5cbf8827c3868781c4e116a225ec53a Mon Sep 17 00:00:00 2001
From: Alexis Aguilar <98043211+alexisintech@users.noreply.github.com>
Date: Fri, 17 Jan 2025 16:04:28 -0500
Subject: [PATCH 10/25] docs review
---
docs/references/expo/use-oauth.mdx | 6 ++---
docs/references/expo/use-sso.mdx | 40 +++++++++++++++++++-----------
2 files changed, 28 insertions(+), 18 deletions(-)
diff --git a/docs/references/expo/use-oauth.mdx b/docs/references/expo/use-oauth.mdx
index 9dea6cff9c..7b336b6dcf 100644
--- a/docs/references/expo/use-oauth.mdx
+++ b/docs/references/expo/use-oauth.mdx
@@ -3,10 +3,10 @@ title: '`useOAuth()`'
description: Clerk's useOAuth() hook is used to create a new OAuth flow.
---
-The `useOAuth()` hook is used to create a new OAuth flow. It can be used in both web and native apps.
-
> [!WARNING]
-> This feature is deprecated. Please use the [`useSSO()`](/docs/references/expo/use-sso) instead.
+> This feature is deprecated. Use [`useSSO()`](/docs/references/expo/use-sso) instead.
+
+The `useOAuth()` hook is used to create a new OAuth flow. It can be used in both web and native apps.
## Parameters
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index 5daf77e41c..e927366aaa 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -13,22 +13,22 @@ The `useSSO()` hook is used to create a new SSO flow. It can be used in both web
The strategy to use for authentication. The following strategies are supported:
- - `oauth_`: The user will be authenticated with their social sign-in account. [See available social providers](/docs/references/javascript/types/oauth#o-auth-provider).
- - `enterprise_sso`: The user will be authenticated either through SAML, EASIE or OIDC, depending on the configuration of the [enterprise connection](/docs/authentication/enterprise-connections/overview) matching the identifier.
+ - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). [See a list of supported values for ``](/docs/references/javascript/types/oauth#o-auth-provider).
+ - `'enterprise_sso'`: The user will be authenticated either through SAML, EASIE, or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
- ---
+ ---
- - `redirectUrl?`
- - `string`
+ - `redirectUrl?`
+ - `string`
- The URL or path to redirect to after the SSO flow is complete.
+ The URL or path to redirect to after the SSO flow is complete.
- ---
+ ---
- - `unsafeMetadata?`
- - [`SignUpUnsafeMetadata`](/docs/references/javascript/types/metadata#sign-up-unsafe-metadata)
+ - `unsafeMetadata?`
+ - [`SignUpUnsafeMetadata`](/docs/references/javascript/types/metadata#sign-up-unsafe-metadata)
- Unsafe metadata to be passed to the SSO provider.
+ Unsafe metadata to be passed to the SSO provider.
## Returns
@@ -44,20 +44,30 @@ const startSSOFlow: (startSSOFlowParams?: StartSSOFlowParams) => Promise
- - `unsafeMetadata?`
- - [`SignUpUnsafeMetadata`](/docs/references/javascript/types/metadata#sign-up-unsafe-metadata)
+ - `strategy`
+ - `'oauth_'` | `'enterprise_sso'`
- Unsafe metadata to be passed to the SSO provider.
+ The strategy to use for authentication. The following strategies are supported:
+
+ - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). [See a list of supported values for ``](/docs/references/javascript/types/oauth#o-auth-provider).
+ - `'enterprise_sso'`: The user will be authenticated either through SAML, EASIE, or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
---
- `identifier?`
- string
- The [identifier](/docs/authentication/configuration/sign-up-sign-in-options#identifier) of the user. Required for `enterprise_sso` strategy.
+ **Required** if `strategy` is set to `'enterprise_sso'`. The [identifier](/docs/authentication/configuration/sign-up-sign-in-options#identifier) of the user.
+
+ ---
+
+ - `unsafeMetadata?`
+ - [`SignUpUnsafeMetadata`](/docs/references/javascript/types/metadata#sign-up-unsafe-metadata)
+
+ Metadata that can be read and set from the frontend and the backend. Once the authentication process is complete, the value of this field will be automatically copied to the created user's unsafe metadata (`User.unsafeMetadata`). One common use case is to collect custom information about the user during the authentication process and store it in this property. Read more about [unsafe metadata](/docs/users/metadata#unsafe-metadata).
-## How to use `useSSO()` hook to create a custom SSO sign-in flow
+## How to use the `useSSO()` hook
From 11600ffdbcfa90df5bef9fd74e50f56923bdbb1f Mon Sep 17 00:00:00 2001
From: Alexis Aguilar <98043211+alexisintech@users.noreply.github.com>
Date: Fri, 17 Jan 2025 16:36:15 -0500
Subject: [PATCH 11/25] update oauth connections custom flow guide
---
docs/_partials/expo/sso-custom-flow.mdx | 125 ++++++++++++++++++++++
docs/custom-flows/oauth-connections.mdx | 35 ++++---
docs/manifest.json | 4 +-
docs/references/expo/use-sso.mdx | 134 +-----------------------
4 files changed, 147 insertions(+), 151 deletions(-)
create mode 100644 docs/_partials/expo/sso-custom-flow.mdx
diff --git a/docs/_partials/expo/sso-custom-flow.mdx b/docs/_partials/expo/sso-custom-flow.mdx
new file mode 100644
index 0000000000..b04c2e7447
--- /dev/null
+++ b/docs/_partials/expo/sso-custom-flow.mdx
@@ -0,0 +1,125 @@
+
+
+ The following example demonstrates how to create a custom SSO sign-in flow for [Google accounts](/docs/authentication/social-connections/google).
+
+ ```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
+ import React, { useCallback, useEffect } from 'react'
+ import * as WebBrowser from 'expo-web-browser'
+ import * as Linking from 'expo-linking'
+ import { useSSO } from '@clerk/clerk-expo'
+ import { View, Button } from 'react-native'
+
+ export const useWarmUpBrowser = () => {
+ useEffect(() => {
+ // Preloads the browser for Android devices to reduce authentication load time
+ // See: https://docs.expo.dev/guides/authentication/#improving-user-experience
+ void WebBrowser.warmUpAsync()
+ return () => {
+ // Cleanup: closes browser when component unmounts
+ void WebBrowser.coolDownAsync()
+ }
+ }, [])
+ }
+
+ // Handle any pending authentication sessions
+ WebBrowser.maybeCompleteAuthSession()
+
+ export default function Page() {
+ useWarmUpBrowser()
+
+ const { startSSOFlow } = useSSO({ strategy: 'oauth_google' })
+
+ const onPress = useCallback(async () => {
+ try {
+ const { createdSessionId, setActive, signIn, signUp } = await startSSOFlow({
+ // URL to redirect to after successful authentication
+ // Must match the scheme defined in app.json
+ redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }),
+ })
+
+ // If sign in was successful, set the active session
+ if (createdSessionId) {
+ setActive!({ session: createdSessionId })
+ } else {
+ // Use `signIn` or `signUp` returned from `startSSOFlow`
+ // for next steps, such as MFA
+ }
+ } catch (err) {
+ // See https://clerk.com/docs/custom-flows/error-handling
+ // for more info on error handling
+ console.error(JSON.stringify(err, null, 2))
+ }
+ }, [])
+
+ return (
+
+
+
+ )
+ }
+ ```
+
+
+
+ The following example demonstrates how to create a custom SSO sign-in flow with [SAML](docs/authentication/enterprise-connections/overview#saml).
+
+ ```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
+ import React, { useCallback, useEffect } from 'react'
+ import * as WebBrowser from 'expo-web-browser'
+ import * as Linking from 'expo-linking'
+ import { useSSO } from '@clerk/clerk-expo'
+ import { View, Button } from 'react-native'
+
+ export const useWarmUpBrowser = () => {
+ useEffect(() => {
+ // Preloads the browser for Android devices to reduce authentication load time
+ // See: https://docs.expo.dev/guides/authentication/#improving-user-experience
+ void WebBrowser.warmUpAsync()
+ return () => {
+ // Cleanup: closes browser when component unmounts
+ void WebBrowser.coolDownAsync()
+ }
+ }, [])
+ }
+
+ // Handle any pending authentication sessions
+ WebBrowser.maybeCompleteAuthSession()
+
+ export default function Page() {
+ useWarmUpBrowser()
+
+ const { startSSOFlow } = useSSO({ strategy: 'enterprise_sso', identifier: 'email' })
+
+ const onPress = useCallback(async () => {
+ try {
+ const { createdSessionId, setActive, signIn, signUp } = await startSSOFlow({
+ // URL to redirect to after successful authentication
+ // Must match the scheme defined in app.json
+ redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }),
+ // User identifier with a email domain that matches a enterprise connection
+ identifier: 'email',
+ })
+
+ // If sign in was successful, set the active session
+ if (createdSessionId) {
+ setActive!({ session: createdSessionId })
+ } else {
+ // Use `signIn` or `signUp` returned from `startSSOFlow`
+ // for next steps, such as MFA
+ }
+ } catch (err) {
+ // See https://clerk.com/docs/custom-flows/error-handling
+ // for more info on error handling
+ console.error(JSON.stringify(err, null, 2))
+ }
+ }, [])
+
+ return (
+
+
+
+ )
+ }
+ ```
+
+
diff --git a/docs/custom-flows/oauth-connections.mdx b/docs/custom-flows/oauth-connections.mdx
index 3456fe07f6..c55e26cfa0 100644
--- a/docs/custom-flows/oauth-connections.mdx
+++ b/docs/custom-flows/oauth-connections.mdx
@@ -1,29 +1,32 @@
---
-title: Build a custom flow for authenticating with OAuth connections
-description: Learn how to use the Clerk API to build a custom sign-up and sign-in flow that supports OAuth connections.
+title: Build a custom flow for authenticating with SSO connections
+description: Learn how to use the Clerk API to build a custom sign-up and sign-in flow that supports SSO connections.
---
## Before you start
-You must configure your application instance through the Clerk Dashboard for the social connection(s) that you want to use, as described at [the top of the OAuth guide](/docs/authentication/social-connections/oauth#configuration).
+You must configure your application instance through the Clerk Dashboard for the SSO connection that you want to use.
+
+- For OAuth SSO, refer to [this guide](/docs/authentication/social-connections/oauth#enable-a-social-connection).
+- For Enterprise SSO, refer to [this guide](/docs/authentication/enterprise-connections/overview).
## Create the sign-up and sign-in flow
-When using OAuth, the sign-up and sign-in flows are equivalent.
+When using SSO, the sign-up and sign-in flows are equivalent.
- A successful OAuth flow consists of the following steps:
+ A successful SSO flow consists of the following steps:
- 1. Start the OAuth flow by calling [`SignIn.authenticateWithRedirect(params)`](/docs/references/javascript/sign-in/authenticate-with#authenticate-with-redirect) or [`SignUp.authenticateWithRedirect(params)`](/docs/references/javascript/sign-up/authenticate-with#authenticate-with-redirect). Both of these methods require a `redirectUrl` param, which is the URL that the browser will be redirected to once the user authenticates with the OAuth provider.
+ 1. Start the SSO flow by calling [`SignIn.authenticateWithRedirect(params)`](/docs/references/javascript/sign-in/authenticate-with#authenticate-with-redirect) or [`SignUp.authenticateWithRedirect(params)`](/docs/references/javascript/sign-up/authenticate-with#authenticate-with-redirect). Both of these methods require a `redirectUrl` param, which is the URL that the browser will be redirected to once the user authenticates with the OAuth provider.
1. Create a route at the URL that the `redirectUrl` param points to. The following example names this route `/sso-callback`. This route should call the [`Clerk.handleRedirectCallback()`](/docs/references/javascript/clerk/handle-navigation#handle-redirect-callback) method or simply render the prebuilt [``](/docs/components/control/authenticate-with-callback) component.
The following example shows two files:
- 1. The sign-in page where the user can start the OAuth flow.
- 1. The SSO callback page where the OAuth flow is completed.
+ 1. The sign-in page where the user can start the SSO flow.
+ 1. The SSO callback page where the SSO flow is completed.
```tsx {{ filename: 'app/sign-in/page.tsx' }}
@@ -90,7 +93,7 @@ When using OAuth, the sign-up and sign-in flows are equivalent.
### Build the flow
-
+
@@ -159,9 +162,9 @@ When using OAuth, the sign-up and sign-in flows are equivalent.
-## OAuth account transfer flows
+## SSO account transfer flows
-It is common for users who are authenticating with OAuth to use a sign-in button when they mean to sign-up, and vice versa. For those cases, the `SignIn` and `SignUp` objects have a `transferable` status that indicates whether the user can be transferred to the other flow.
+It is common for users who are authenticating with SSO to use a sign-in button when they mean to sign-up, and vice versa. For those cases, the `SignIn` and `SignUp` objects have a `transferable` status that indicates whether the user can be transferred to the other flow.
**If you would like to keep your sign-in and sign-up flows completely separate, then you can skip this section.**
@@ -176,7 +179,7 @@ The following example demonstrates how to handle these cases in your sign-in flo
import { OAuthStrategy } from '@clerk/types'
import { useSignIn, useSignUp } from '@clerk/nextjs'
- export default function OauthSignIn() {
+ export default function SSOSignIn() {
const { signIn } = useSignIn()
const { signUp, setActive } = useSignUp()
@@ -194,7 +197,7 @@ The following example demonstrates how to handle these cases in your sign-in flo
if (!signIn || !signUp) return null
// If the user has an account in your application, but does not yet
- // have an OAuth account connected to it, you can transfer the OAuth
+ // have an SSO account connected to it, you can transfer the SSO
// account to the existing user account.
const userExistsButNeedsToSignIn =
signUp.verifications.externalAccount.status === 'transferable' &&
@@ -210,9 +213,9 @@ The following example demonstrates how to handle these cases in your sign-in flo
}
}
- // If the user has an OAuth account but does not yet
+ // If the user has an SSO account but does not yet
// have an account in your app, you can create an account
- // for them using the OAuth information.
+ // for them using the SSO information.
const userNeedsToBeCreated = signIn.firstFactorVerification.status === 'transferable'
if (userNeedsToBeCreated) {
@@ -227,7 +230,7 @@ The following example demonstrates how to handle these cases in your sign-in flo
}
} else {
// If the user has an account in your application
- // and has an OAuth account connected to it, you can sign them in.
+ // and has an SSO account connected to it, you can sign them in.
signInWith(strategy)
}
}
diff --git a/docs/manifest.json b/docs/manifest.json
index e768454f97..3c029dfd77 100644
--- a/docs/manifest.json
+++ b/docs/manifest.json
@@ -1697,8 +1697,8 @@
"href": "/docs/custom-flows/google-one-tap"
},
{
- "title": "OAuth connections",
- "href": "/docs/custom-flows/oauth-connections"
+ "title": "SSO connections",
+ "href": "/docs/custom-flows/sso-connections"
},
{
"title": "Enterprise connections",
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index e927366aaa..20aca84037 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -69,136 +69,4 @@ It accepts the following parameters (`StartSSOFlowParams`):
## How to use the `useSSO()` hook
-
-
- The following example demonstrates how to create a custom SSO sign-in flow for [Google accounts](/docs/authentication/social-connections/google).
-
- The `useSSO()` hook is used to create a new SSO flow with the `oauth_google` strategy. When the user presses the sign-in button, the `startSSOFlow()` method is called. If sign-in is successful, `createdSessionId` is used to set the active session. The `redirectUrl` parameter is used to specify the URL to redirect to after the SSO flow is complete.
-
- If sign-in isn't successful, the `signIn` or `signUp` method returned from `startSSOFlow()` can be used to further authenticate the user.
-
- ```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
- import React, { useCallback, useEffect } from 'react'
- import * as WebBrowser from 'expo-web-browser'
- import * as Linking from 'expo-linking'
- import { useSSO } from '@clerk/clerk-expo'
- import { View, Button } from 'react-native'
-
- export const useWarmUpBrowser = () => {
- useEffect(() => {
- // Preloads the browser for Android devices to reduce authentication load time
- // See: https://docs.expo.dev/guides/authentication/#improving-user-experience
- void WebBrowser.warmUpAsync()
- return () => {
- // Cleanup: closes browser when component unmounts
- void WebBrowser.coolDownAsync()
- }
- }, [])
- }
-
- // Handle any pending authentication sessions
- WebBrowser.maybeCompleteAuthSession()
-
- export default function Page() {
- useWarmUpBrowser()
-
- const { startSSOFlow } = useSSO({ strategy: 'oauth_google' })
-
- const onPress = useCallback(async () => {
- try {
- const { createdSessionId, setActive } = await startSSOFlow({
- // Specify redirect URL after successful authentication
- // Must match the scheme defined in app.json
- redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }),
- })
-
- if (createdSessionId) {
- // If sign in was successful, set the active session
- setActive!({ session: createdSessionId })
- } else {
- // Use signIn or signUp returned from startSSOFlow
- // for next steps, such as MFA
- }
- } catch (err) {
- // See https://clerk.com/docs/custom-flows/error-handling
- // for more info on error handling
- console.error(JSON.stringify(err, null, 2))
- }
- }, [])
-
- return (
-
-
-
- )
- }
- ```
-
-
-
- The following example demonstrates how to create a custom SSO sign-in flow with [SAML](docs/authentication/enterprise-connections/overview#saml).
-
- The `useSSO()` hook is used to create a new SSO flow with the `enterprise_sso` strategy and the [`identifier`](/docs/authentication/configuration/sign-up-sign-in-options#identifier) parameter set to the user's email address. When the user presses the sign-in button, the `startSSOFlow()` method is called. If sign-in is successful, `createdSessionId` is used to set the active session. The `redirectUrl` parameter is used to specify the URL to redirect to after the SSO flow is complete.
-
- If sign-in isn't successful, the `signIn` or `signUp` method returned from `startSSOFlow()` can be used to further authenticate the user.
-
- ```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
- import React, { useCallback, useEffect } from 'react'
- import * as WebBrowser from 'expo-web-browser'
- import * as Linking from 'expo-linking'
- import { useSSO } from '@clerk/clerk-expo'
- import { View, Button } from 'react-native'
-
- export const useWarmUpBrowser = () => {
- useEffect(() => {
- // Preloads the browser for Android devices to reduce authentication load time
- // See: https://docs.expo.dev/guides/authentication/#improving-user-experience
- void WebBrowser.warmUpAsync()
- return () => {
- // Cleanup: closes browser when component unmounts
- void WebBrowser.coolDownAsync()
- }
- }, [])
- }
-
- // Handle any pending authentication sessions
- WebBrowser.maybeCompleteAuthSession()
-
- export default function Page() {
- useWarmUpBrowser()
-
- const { startSSOFlow } = useSSO({ strategy: 'enterprise_sso', identifier: 'email' })
-
- const onPress = useCallback(async () => {
- try {
- const { createdSessionId, setActive } = await startSSOFlow({
- // Specify redirect URL after successful authentication
- // Must match the scheme defined in app.json
- redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }),
- // User identifier with a email domain that matches a enterprise connection
- identifier: 'email',
- })
-
- if (createdSessionId) {
- // If sign in was successful, set the active session
- setActive!({ session: createdSessionId })
- } else {
- // Use signIn or signUp returned from startOAuthFlow
- // for next steps, such as MFA
- }
- } catch (err) {
- // See https://clerk.com/docs/custom-flows/error-handling
- // for more info on error handling
- console.error(JSON.stringify(err, null, 2))
- }
- }, [])
-
- return (
-
-
-
- )
- }
- ```
-
-
+
From 5c6d8955a7174e407bf3bfef1d7dfe4866fc80ea Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 17 Jan 2025 18:46:11 -0300
Subject: [PATCH 12/25] Update strategies types from OAuth-specific to general
SSO (#1907)
Co-authored-by: victoria
Co-authored-by: Alexis Aguilar <98043211+alexisintech@users.noreply.github.com>
---
docs/manifest.json | 4 ++--
.../backend/user/get-user-oauth-access-token.mdx | 2 +-
docs/references/expo/use-oauth.mdx | 4 ++--
.../javascript/sign-in/authenticate-with.mdx | 4 ++--
.../javascript/sign-in/first-factor.mdx | 4 ++--
docs/references/javascript/sign-in/sign-in.mdx | 2 +-
.../javascript/sign-up/authenticate-with.mdx | 2 +-
docs/references/javascript/sign-up/sign-up.mdx | 2 +-
.../javascript/sign-up/verification.mdx | 2 +-
.../javascript/types/sign-in-first-factor.mdx | 2 +-
.../javascript/types/{oauth.mdx => sso.mdx} | 16 ++++++++++++----
.../javascript/user/create-metadata.mdx | 2 +-
12 files changed, 27 insertions(+), 19 deletions(-)
rename docs/references/javascript/types/{oauth.mdx => sso.mdx} (81%)
diff --git a/docs/manifest.json b/docs/manifest.json
index 3c029dfd77..a274c971f2 100644
--- a/docs/manifest.json
+++ b/docs/manifest.json
@@ -2174,8 +2174,8 @@
"href": "/docs/references/javascript/types/metadata"
},
{
- "title": "OAuth types",
- "href": "/docs/references/javascript/types/oauth"
+ "title": "SSO types",
+ "href": "/docs/references/javascript/types/sso"
},
{
"title": "`OrganizationDomain`",
diff --git a/docs/references/backend/user/get-user-oauth-access-token.mdx b/docs/references/backend/user/get-user-oauth-access-token.mdx
index 9b01b1d98a..003c2e2ff1 100644
--- a/docs/references/backend/user/get-user-oauth-access-token.mdx
+++ b/docs/references/backend/user/get-user-oauth-access-token.mdx
@@ -25,7 +25,7 @@ function getUserOauthAccessToken(
---
- `provider`
- - oauth\_$\{[OAuthProvider](/docs/references/javascript/types/oauth#o-auth-provider)}
+ - oauth\_$\{[OAuthProvider](/docs/references/javascript/types/sso#o-auth-provider)}
The OAuth provider to retrieve the access token for. If using a custom OAuth provider, prefix the provider name with `oauth_custom_` (e.g., `oauth_custom_foo`).
diff --git a/docs/references/expo/use-oauth.mdx b/docs/references/expo/use-oauth.mdx
index 7b336b6dcf..91a329fe9d 100644
--- a/docs/references/expo/use-oauth.mdx
+++ b/docs/references/expo/use-oauth.mdx
@@ -1,5 +1,5 @@
---
-title: '`useOAuth()`'
+title: useOAuth()
description: Clerk's useOAuth() hook is used to create a new OAuth flow.
---
@@ -12,7 +12,7 @@ The `useOAuth()` hook is used to create a new OAuth flow. It can be used in both
- `strategy`
- - [`OAuthStrategy`](/docs/references/javascript/types/oauth#o-auth-strategy)
+ - [`OAuthStrategy`](/docs/references/javascript/types/sso#o-auth-strategy)
The strategy corresponding to the OAuth provider. For example: `oauth_facebook`, `oauth_github`, etc.
diff --git a/docs/references/javascript/sign-in/authenticate-with.mdx b/docs/references/javascript/sign-in/authenticate-with.mdx
index 28f01674a6..f531cb380d 100644
--- a/docs/references/javascript/sign-in/authenticate-with.mdx
+++ b/docs/references/javascript/sign-in/authenticate-with.mdx
@@ -19,11 +19,11 @@ function authenticateWithRedirect(params: AuthenticateWithRedirectParams): Promi
- `strategy`
- - [OAuthStrategy](/docs/references/javascript/types/oauth#o-auth-strategy) | 'saml' | 'enterprise\_sso'
+ - [OAuthStrategy](/docs/references/javascript/types/sso#o-auth-strategy) | 'saml' | 'enterprise\_sso'
The strategy to use for authentication. The following strategies are supported:
- - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). See a list of [supported values for ``](/docs/references/javascript/types/oauth).
+ - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). See a list of [supported values for ``](/docs/references/javascript/types/sso#o-auth-provider).
- `'saml'` (deprecated): **Deprecated in favor of `'enterprise_sso'`.** The user will be authenticated with their [SAML account](/docs/authentication/enterprise-connections/overview#saml).
- `'enterprise_sso'`: The user will be authenticated either through SAML or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
diff --git a/docs/references/javascript/sign-in/first-factor.mdx b/docs/references/javascript/sign-in/first-factor.mdx
index 30ce3221b8..bc6e1909f3 100644
--- a/docs/references/javascript/sign-in/first-factor.mdx
+++ b/docs/references/javascript/sign-in/first-factor.mdx
@@ -21,7 +21,7 @@ function prepareFirstFactor(params: PrepareFirstFactorParams): Promise
- `strategy`
- - `'email_link' | 'email_code' | 'phone_code' | 'web3_metamask_signature' | 'web3_coinbase_wallet_signature' | 'web3_okx_wallet_signature' | 'passkey' | 'oauth_' | 'enterprise_sso' | 'reset_password_phone_code' | 'reset_password_email_code'`
+ - `'email_link' | 'email_code' | 'phone_code' | 'web3_metamask_signature' | 'web3_coinbase_wallet_signature' | 'web3_okx_wallet_signature' | 'passkey' | 'oauth_' | 'saml' | 'enterprise_sso' | 'reset_password_phone_code' | 'reset_password_email_code'`
The `strategy` value depends on the `SignIn.identifier` value. Each authentication identifier supports different verification strategies. The following strategies are supported:
@@ -32,7 +32,7 @@ function prepareFirstFactor(params: PrepareFirstFactorParams): Promise
- `'web3_coinbase_wallet_signature'`: The verification will attempt to be completed using the user's Web3 wallet address via [Coinbase Wallet](https://www.coinbase.com/wallet). Requires `web3WalletId` parameter to be set.
- `'web3_okx_wallet_signature'`: The verification will attempt to be completed using the user's Web3 wallet address via [OKX Wallet](https://www.okx.com/help/section/faq-web3-wallet). Requires `web3WalletId` parameter to be set.
- `'passkey'`: The verification will attempt to be completed using the user's passkey.
- - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). See a list of [supported values for ``](/docs/references/javascript/types/oauth).
+ - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). [See a list of supported values for ``](/docs/references/javascript/types/sso#o-auth-provider).
- `'saml'` (deprecated): **Deprecated in favor of `'enterprise_sso'`.** The user will be authenticated with their [SAML account](/docs/authentication/enterprise-connections/overview#saml).
- `'enterprise_sso'`: The user will be authenticated either through SAML or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
- `'reset_password_phone_code'`: Used when the user is trying to reset their password. The user will receive a one-time code via SMS. Requires `phoneNumberId` parameter to be set.
diff --git a/docs/references/javascript/sign-in/sign-in.mdx b/docs/references/javascript/sign-in/sign-in.mdx
index 653be794bf..e852aa50ea 100644
--- a/docs/references/javascript/sign-in/sign-in.mdx
+++ b/docs/references/javascript/sign-in/sign-in.mdx
@@ -119,7 +119,7 @@ function create(params: SignInCreateParams): Promise
- `'email_link'`: User will receive an email magic link via email. The `identifier` parameter can also be specified to select one of the user's known email addresses. The `redirectUrl` parameter can also be specified.
- `'email_code'`: User will receive a one-time authentication code via email. The `identifier` parameter can also be specified to select one of the user's known email addresses.
- `'phone_code'`: User will receive a one-time authentication code via SMS. The `identifier` parameter can also be specified to select one of the user's known phone numbers.
- - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). See a list of [supported values for ``](/docs/references/javascript/types/oauth).
+ - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). [See a list of supported values for ``](/docs/references/javascript/types/sso#o-auth-provider).
- `'saml'` (deprecated): **Deprecated in favor of `'enterprise_sso'`.** The user will be authenticated with their [SAML account](/docs/authentication/enterprise-connections/overview#saml).
- `'enterprise_sso'`: The user will be authenticated either through SAML or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
- `'passkey'`: The user will be authenticated with their [passkey](/docs/authentication/configuration/sign-up-sign-in-options#passkeys).
diff --git a/docs/references/javascript/sign-up/authenticate-with.mdx b/docs/references/javascript/sign-up/authenticate-with.mdx
index 3fc181b19f..fe261e6285 100644
--- a/docs/references/javascript/sign-up/authenticate-with.mdx
+++ b/docs/references/javascript/sign-up/authenticate-with.mdx
@@ -42,7 +42,7 @@ function authenticateWithRedirect(params: AuthenticateWithRedirectParams): Promi
The strategy to use for authentication. The following strategies are supported:
- - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). See a list of [supported values for ``](/docs/references/javascript/types/oauth).
+ - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). See a list of [supported values for ``](/docs/references/javascript/types/sso#o-auth-provider).
- `'saml'` (deprecated): **Deprecated in favor of `'enterprise_sso'`.** The user will be authenticated with their [SAML account](/docs/authentication/enterprise-connections/overview#saml).
- `'enterprise_sso'`: The user will be authenticated either through SAML or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
diff --git a/docs/references/javascript/sign-up/sign-up.mdx b/docs/references/javascript/sign-up/sign-up.mdx
index fa19463c05..86e4afd4bb 100644
--- a/docs/references/javascript/sign-up/sign-up.mdx
+++ b/docs/references/javascript/sign-up/sign-up.mdx
@@ -169,7 +169,7 @@ function create(params: SignUpCreateParams): Promise
The strategy to use for the sign-up flow. The following strategies are supported:
- - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). See a list of [supported values for ``](/docs/references/javascript/types/oauth).
+ - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). [See a list of supported values for ``](/docs/references/javascript/types/sso#o-auth-provider).
- `'saml'` (deprecated): **Deprecated in favor of `'enterprise_sso'`.** The user will be authenticated with their [SAML account](/docs/authentication/enterprise-connections/overview#saml).
- `'enterprise_sso'`: The user will be authenticated either through SAML or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
- `'ticket'`: The user will be authenticated via the ticket _or token_ generated from the Backend API.
diff --git a/docs/references/javascript/sign-up/verification.mdx b/docs/references/javascript/sign-up/verification.mdx
index c3b31667d2..80a78ec01b 100644
--- a/docs/references/javascript/sign-up/verification.mdx
+++ b/docs/references/javascript/sign-up/verification.mdx
@@ -27,7 +27,7 @@ function prepareVerification(params: PrepareVerificationParams): Promise'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). See a list of [supported values for ``](/docs/references/javascript/types/oauth).
+ - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). [See a list of supported values for ``](/docs/references/javascript/types/sso#o-auth-provider).
- `'saml'` (deprecated): **Deprecated in favor of `'enterprise_sso'`.** The user will be authenticated with their [SAML account](/docs/authentication/enterprise-connections/overview#saml).
- `'enterprise_sso'`: The user will be authenticated either through SAML or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
- `'web3_metamask_signature'`: The verification will attempt to be completed using the user's Web3 wallet address via [Metamask](https://metamask.io/). The `web3_wallet_id` parameter can also be specified to select which of the user's known Web3 wallets will be used.
diff --git a/docs/references/javascript/types/sign-in-first-factor.mdx b/docs/references/javascript/types/sign-in-first-factor.mdx
index 76a3df8958..e1c9a3667d 100644
--- a/docs/references/javascript/types/sign-in-first-factor.mdx
+++ b/docs/references/javascript/types/sign-in-first-factor.mdx
@@ -20,7 +20,7 @@ type SignInFirstFactor =
- `strategy`
- - `'email_code'` | `'email_link'` | `'phone_code'` | `'password'` | `'reset_password_phone_code'` | `'reset_password_email_code'` | `'web3_metamask_signature'` | `'web3_coinbase_wallet_signature'` | `'web3_okx_wallet_signature'` | [`OAuthStrategy`](/docs/references/javascript/types/oauth) | `'saml'`
+ - `'email_code'` | `'email_link'` | `'phone_code'` | `'password'` | `'passkey'` | `'reset_password_phone_code'` | `'reset_password_email_code'` | `'web3_metamask_signature'` | `'web3_coinbase_wallet_signature'` | `'web3_okx_wallet_signature'` | [`OAuthStrategy`](/docs/references/javascript/types/sso) | `'saml'` | `'enterprise_sso'`
The strategy of the factor.
diff --git a/docs/references/javascript/types/oauth.mdx b/docs/references/javascript/types/sso.mdx
similarity index 81%
rename from docs/references/javascript/types/oauth.mdx
rename to docs/references/javascript/types/sso.mdx
index 289e390c4d..519354a6e1 100644
--- a/docs/references/javascript/types/oauth.mdx
+++ b/docs/references/javascript/types/sso.mdx
@@ -1,6 +1,6 @@
---
-title: OAuth Types
-description: Types related to social providers and strategies.
+title: SSO Types
+description: Types related to SSO providers and strategies.
---
## `OAuthStrategy`
@@ -64,10 +64,18 @@ type OAuthProvider =
| 'x'
```
-### `CustomOAuthStrategy`
+## `CustomOAuthStrategy`
-A type that represents a custom OAuth strategy.
+A type that represents a [custom OAuth strategy](/docs/authentication/social-connections/custom-provider).
```ts
type CustomOAuthStrategy = `oauth_custom_${string}`
```
+
+## `EnterpriseSSOStrategy`
+
+A type that represents an [Enterprise SSO](/docs/authentication/enterprise-connections/authentication-flows) strategy.
+
+```ts
+type EnterpriseSSOStrategy = `enterprise_sso`
+```
diff --git a/docs/references/javascript/user/create-metadata.mdx b/docs/references/javascript/user/create-metadata.mdx
index 61ea7aab1c..303946d10c 100644
--- a/docs/references/javascript/user/create-metadata.mdx
+++ b/docs/references/javascript/user/create-metadata.mdx
@@ -175,7 +175,7 @@ function createExternalAccount(params: CreateExternalAccountParams): Promise
- `strategy`
- - [`OAuthStrategy`](/docs/references/javascript/types/oauth#o-auth-strategy)
+ - [`OAuthStrategy`](/docs/references/javascript/types/sso#o-auth-strategy)
The strategy corresponding to the OAuth provider. For example: `'oauth_facebook'`, `'oauth_github'`, etc.
From ba8abea51d5ec764b733974710c53f8eddacab43 Mon Sep 17 00:00:00 2001
From: Alexis Aguilar <98043211+alexisintech@users.noreply.github.com>
Date: Fri, 17 Jan 2025 16:49:16 -0500
Subject: [PATCH 13/25] fix broken links
---
docs/references/expo/use-sso.mdx | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index 20aca84037..3f3299081b 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -13,7 +13,7 @@ The `useSSO()` hook is used to create a new SSO flow. It can be used in both web
The strategy to use for authentication. The following strategies are supported:
- - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). [See a list of supported values for ``](/docs/references/javascript/types/oauth#o-auth-provider).
+ - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). [See a list of supported values for ``](/docs/references/javascript/types/sso#o-auth-provider).
- `'enterprise_sso'`: The user will be authenticated either through SAML, EASIE, or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
---
@@ -49,7 +49,7 @@ It accepts the following parameters (`StartSSOFlowParams`):
The strategy to use for authentication. The following strategies are supported:
- - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). [See a list of supported values for ``](/docs/references/javascript/types/oauth#o-auth-provider).
+ - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). [See a list of supported values for ``](/docs/references/javascript/types/sso#o-auth-provider).
- `'enterprise_sso'`: The user will be authenticated either through SAML, EASIE, or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
---
From cad401c9ab57ed4fdd1535f0f35551b4cae80e04 Mon Sep 17 00:00:00 2001
From: Alexis Aguilar <98043211+alexisintech@users.noreply.github.com>
Date: Tue, 21 Jan 2025 17:42:06 -0500
Subject: [PATCH 14/25] fix links
---
docs/references/javascript/sign-in/authenticate-with.mdx | 2 +-
docs/references/javascript/sign-in/first-factor.mdx | 2 +-
docs/references/javascript/sign-in/sign-in.mdx | 2 +-
docs/references/javascript/sign-up/authenticate-with.mdx | 2 +-
docs/references/javascript/sign-up/sign-up.mdx | 2 +-
docs/references/javascript/sign-up/verification.mdx | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/docs/references/javascript/sign-in/authenticate-with.mdx b/docs/references/javascript/sign-in/authenticate-with.mdx
index f531cb380d..d77d0b4691 100644
--- a/docs/references/javascript/sign-in/authenticate-with.mdx
+++ b/docs/references/javascript/sign-in/authenticate-with.mdx
@@ -23,7 +23,7 @@ function authenticateWithRedirect(params: AuthenticateWithRedirectParams): Promi
The strategy to use for authentication. The following strategies are supported:
- - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). See a list of [supported values for ``](/docs/references/javascript/types/sso#o-auth-provider).
+ - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). See a list of [supported values for ``](/docs/references/javascript/types/sso).
- `'saml'` (deprecated): **Deprecated in favor of `'enterprise_sso'`.** The user will be authenticated with their [SAML account](/docs/authentication/enterprise-connections/overview#saml).
- `'enterprise_sso'`: The user will be authenticated either through SAML or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
diff --git a/docs/references/javascript/sign-in/first-factor.mdx b/docs/references/javascript/sign-in/first-factor.mdx
index bc6e1909f3..71f79de0f6 100644
--- a/docs/references/javascript/sign-in/first-factor.mdx
+++ b/docs/references/javascript/sign-in/first-factor.mdx
@@ -32,7 +32,7 @@ function prepareFirstFactor(params: PrepareFirstFactorParams): Promise
- `'web3_coinbase_wallet_signature'`: The verification will attempt to be completed using the user's Web3 wallet address via [Coinbase Wallet](https://www.coinbase.com/wallet). Requires `web3WalletId` parameter to be set.
- `'web3_okx_wallet_signature'`: The verification will attempt to be completed using the user's Web3 wallet address via [OKX Wallet](https://www.okx.com/help/section/faq-web3-wallet). Requires `web3WalletId` parameter to be set.
- `'passkey'`: The verification will attempt to be completed using the user's passkey.
- - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). [See a list of supported values for ``](/docs/references/javascript/types/sso#o-auth-provider).
+ - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). See a list of [supported values for ``](/docs/references/javascript/types/sso).
- `'saml'` (deprecated): **Deprecated in favor of `'enterprise_sso'`.** The user will be authenticated with their [SAML account](/docs/authentication/enterprise-connections/overview#saml).
- `'enterprise_sso'`: The user will be authenticated either through SAML or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
- `'reset_password_phone_code'`: Used when the user is trying to reset their password. The user will receive a one-time code via SMS. Requires `phoneNumberId` parameter to be set.
diff --git a/docs/references/javascript/sign-in/sign-in.mdx b/docs/references/javascript/sign-in/sign-in.mdx
index e852aa50ea..a50615beef 100644
--- a/docs/references/javascript/sign-in/sign-in.mdx
+++ b/docs/references/javascript/sign-in/sign-in.mdx
@@ -119,7 +119,7 @@ function create(params: SignInCreateParams): Promise
- `'email_link'`: User will receive an email magic link via email. The `identifier` parameter can also be specified to select one of the user's known email addresses. The `redirectUrl` parameter can also be specified.
- `'email_code'`: User will receive a one-time authentication code via email. The `identifier` parameter can also be specified to select one of the user's known email addresses.
- `'phone_code'`: User will receive a one-time authentication code via SMS. The `identifier` parameter can also be specified to select one of the user's known phone numbers.
- - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). [See a list of supported values for ``](/docs/references/javascript/types/sso#o-auth-provider).
+ - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). See a list of [supported values for ``](/docs/references/javascript/types/sso).
- `'saml'` (deprecated): **Deprecated in favor of `'enterprise_sso'`.** The user will be authenticated with their [SAML account](/docs/authentication/enterprise-connections/overview#saml).
- `'enterprise_sso'`: The user will be authenticated either through SAML or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
- `'passkey'`: The user will be authenticated with their [passkey](/docs/authentication/configuration/sign-up-sign-in-options#passkeys).
diff --git a/docs/references/javascript/sign-up/authenticate-with.mdx b/docs/references/javascript/sign-up/authenticate-with.mdx
index fe261e6285..b149af6368 100644
--- a/docs/references/javascript/sign-up/authenticate-with.mdx
+++ b/docs/references/javascript/sign-up/authenticate-with.mdx
@@ -42,7 +42,7 @@ function authenticateWithRedirect(params: AuthenticateWithRedirectParams): Promi
The strategy to use for authentication. The following strategies are supported:
- - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). See a list of [supported values for ``](/docs/references/javascript/types/sso#o-auth-provider).
+ - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). See a list of [supported values for ``](/docs/references/javascript/types/sso).
- `'saml'` (deprecated): **Deprecated in favor of `'enterprise_sso'`.** The user will be authenticated with their [SAML account](/docs/authentication/enterprise-connections/overview#saml).
- `'enterprise_sso'`: The user will be authenticated either through SAML or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
diff --git a/docs/references/javascript/sign-up/sign-up.mdx b/docs/references/javascript/sign-up/sign-up.mdx
index 86e4afd4bb..a7d206be10 100644
--- a/docs/references/javascript/sign-up/sign-up.mdx
+++ b/docs/references/javascript/sign-up/sign-up.mdx
@@ -169,7 +169,7 @@ function create(params: SignUpCreateParams): Promise
The strategy to use for the sign-up flow. The following strategies are supported:
- - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). [See a list of supported values for ``](/docs/references/javascript/types/sso#o-auth-provider).
+ - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). See a list of [supported values for ``](/docs/references/javascript/types/sso).
- `'saml'` (deprecated): **Deprecated in favor of `'enterprise_sso'`.** The user will be authenticated with their [SAML account](/docs/authentication/enterprise-connections/overview#saml).
- `'enterprise_sso'`: The user will be authenticated either through SAML or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
- `'ticket'`: The user will be authenticated via the ticket _or token_ generated from the Backend API.
diff --git a/docs/references/javascript/sign-up/verification.mdx b/docs/references/javascript/sign-up/verification.mdx
index 80a78ec01b..0410b4f7cd 100644
--- a/docs/references/javascript/sign-up/verification.mdx
+++ b/docs/references/javascript/sign-up/verification.mdx
@@ -27,7 +27,7 @@ function prepareVerification(params: PrepareVerificationParams): Promise'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). [See a list of supported values for ``](/docs/references/javascript/types/sso#o-auth-provider).
+ - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). See a list of [supported values for ``](/docs/references/javascript/types/sso).
- `'saml'` (deprecated): **Deprecated in favor of `'enterprise_sso'`.** The user will be authenticated with their [SAML account](/docs/authentication/enterprise-connections/overview#saml).
- `'enterprise_sso'`: The user will be authenticated either through SAML or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
- `'web3_metamask_signature'`: The verification will attempt to be completed using the user's Web3 wallet address via [Metamask](https://metamask.io/). The `web3_wallet_id` parameter can also be specified to select which of the user's known Web3 wallets will be used.
From 6d51c33f0c63d9fe42f7e7a08cd129f85dd0e436 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 24 Jan 2025 15:02:36 -0300
Subject: [PATCH 15/25] Update `useSSO` with latest interface
---
docs/_partials/expo/sso-custom-flow.mdx | 20 +++++--------
docs/references/expo/use-sso.mdx | 39 ++++++-------------------
2 files changed, 17 insertions(+), 42 deletions(-)
diff --git a/docs/_partials/expo/sso-custom-flow.mdx b/docs/_partials/expo/sso-custom-flow.mdx
index b04c2e7447..6e62c60fde 100644
--- a/docs/_partials/expo/sso-custom-flow.mdx
+++ b/docs/_partials/expo/sso-custom-flow.mdx
@@ -1,6 +1,6 @@
- The following example demonstrates how to create a custom SSO sign-in flow for [Google accounts](/docs/authentication/social-connections/google).
+ The following example demonstrates how to create a custom SSO sign-in flow for [Google OAuth](/docs/authentication/social-connections/google).
```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
import React, { useCallback, useEffect } from 'react'
@@ -27,14 +27,12 @@
export default function Page() {
useWarmUpBrowser()
- const { startSSOFlow } = useSSO({ strategy: 'oauth_google' })
+ const { startSSOFlow } = useSSO()
const onPress = useCallback(async () => {
try {
const { createdSessionId, setActive, signIn, signUp } = await startSSOFlow({
- // URL to redirect to after successful authentication
- // Must match the scheme defined in app.json
- redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }),
+ strategy: 'oauth_google'
})
// If sign in was successful, set the active session
@@ -88,16 +86,14 @@
export default function Page() {
useWarmUpBrowser()
- const { startSSOFlow } = useSSO({ strategy: 'enterprise_sso', identifier: 'email' })
+ const { startSSOFlow } = useSSO()
const onPress = useCallback(async () => {
try {
const { createdSessionId, setActive, signIn, signUp } = await startSSOFlow({
- // URL to redirect to after successful authentication
- // Must match the scheme defined in app.json
- redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }),
- // User identifier with a email domain that matches a enterprise connection
- identifier: 'email',
+ strategy: 'enterprise_sso',
+ // This identifier would likely be derived from a text input
+ identifier: 'foo@corp.com'
})
// If sign in was successful, set the active session
@@ -116,7 +112,7 @@
return (
-
+
)
}
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index 3f3299081b..5b62147cfa 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -5,44 +5,16 @@ description: Clerk's useSSO() hook is used to create a new SSO flow.
The `useSSO()` hook is used to create a new SSO flow. It can be used in both web and native apps.
-## Parameters
-
-
- - `strategy`
- - [OAuthStrategy](/docs/references/javascript/types/sso#o-auth-strategy) | [EnterpriseSSOStrategy](/docs/references/javascript/types/sso#enterprise-sso-strategy)
-
- The strategy to use for authentication. The following strategies are supported:
-
- - `'oauth_'`: The user will be authenticated with their [social connection account](/docs/authentication/social-connections/overview). [See a list of supported values for ``](/docs/references/javascript/types/sso#o-auth-provider).
- - `'enterprise_sso'`: The user will be authenticated either through SAML, EASIE, or OIDC depending on the configuration of their [enterprise SSO account](/docs/authentication/enterprise-connections/overview).
-
- ---
-
- - `redirectUrl?`
- - `string`
-
- The URL or path to redirect to after the SSO flow is complete.
-
- ---
-
- - `unsafeMetadata?`
- - [`SignUpUnsafeMetadata`](/docs/references/javascript/types/metadata#sign-up-unsafe-metadata)
-
- Unsafe metadata to be passed to the SSO provider.
-
-
## Returns
The `useSSO()` hook returns the `startSSOFlow()` method, which you can use to initiate the SSO flow.
The `startSSOFlow()` method has the following signature:
-```ts
-const startSSOFlow: (startSSOFlowParams?: StartSSOFlowParams) => Promise
-```
-
It accepts the following parameters (`StartSSOFlowParams`):
+## Parameters
+
- `strategy`
- `'oauth_'` | `'enterprise_sso'`
@@ -69,4 +41,11 @@ It accepts the following parameters (`StartSSOFlowParams`):
## How to use the `useSSO()` hook
+To ensure maximum security in production, you must allowlist the SSO callback URL in your Clerk Dashboard by following these steps:
+1. Navigate to [**SSO connections**](https://dashboard.clerk.com/last-active?path=user-authentication/sso-connections)
+2. Under **Allowlist for mobile OAuth redirect**, add `://sso-callback`
+
+> [!TIP]
+> You can also add redirect URLs via [the Backend API](/docs/reference/backend-api/tag/Redirect-URLs#operation/CreateRedirectURL){{ target: '_blank' }}.
+
From 7187a2993bacb5d31fa6a61b25b1d11cb781fea5 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 24 Jan 2025 15:06:17 -0300
Subject: [PATCH 16/25] Update deep link path for SSO callback
---
docs/_partials/expo/sso-custom-flow.mdx | 4 ++--
docs/deployments/deploy-expo.mdx | 18 +++---------------
docs/references/expo/use-sso.mdx | 9 +++++----
3 files changed, 10 insertions(+), 21 deletions(-)
diff --git a/docs/_partials/expo/sso-custom-flow.mdx b/docs/_partials/expo/sso-custom-flow.mdx
index 6e62c60fde..43c37a5d8c 100644
--- a/docs/_partials/expo/sso-custom-flow.mdx
+++ b/docs/_partials/expo/sso-custom-flow.mdx
@@ -32,7 +32,7 @@
const onPress = useCallback(async () => {
try {
const { createdSessionId, setActive, signIn, signUp } = await startSSOFlow({
- strategy: 'oauth_google'
+ strategy: 'oauth_google',
})
// If sign in was successful, set the active session
@@ -93,7 +93,7 @@
const { createdSessionId, setActive, signIn, signUp } = await startSSOFlow({
strategy: 'enterprise_sso',
// This identifier would likely be derived from a text input
- identifier: 'foo@corp.com'
+ identifier: 'foo@corp.com',
})
// If sign in was successful, set the active session
diff --git a/docs/deployments/deploy-expo.mdx b/docs/deployments/deploy-expo.mdx
index ee491a2e96..be72d5c03c 100644
--- a/docs/deployments/deploy-expo.mdx
+++ b/docs/deployments/deploy-expo.mdx
@@ -15,23 +15,11 @@ With Clerk, you can [add OAuth flows in your Expo applications](/docs/custom-flo
Clerk ensures that security critical nonces will be passed only to allowlisted URLs when the OAuth flow is complete in native browsers or webviews.
-So for maximum security in your production instances, you need to allowlist your custom redirect URLs:
+So for maximum security in your production instances, you need to allowlist the OAuth callback URL:
1. In the Clerk Dashboard, navigate to the [**SSO connections**](https://dashboard.clerk.com/last-active?path=user-authentication/sso-connections) page.
-1. Scroll to the **Allowlist for mobile OAuth redirect** section and add your redirect URLs.
- 1. The default is `://oauth-native-callback`
- 1. If you'd like to pass a custom redirect URL, make sure you add that to the allowlist. The format is `/{PATH}`. For example, the redirect URL for the following code example is `myapp://dashboard`.
- ```ts
- const { startOAuthFlow } = useOAuth({ strategy: `oauth_apple` })
-
- const onPress = React.useCallback(async () => {
- const { createdSessionId, setActive } = await startOAuthFlow({
- redirectUrl: Linking.createURL('dashboard', { scheme: 'myapp' }),
- })
-
- // The rest of your code...
- }, [])
- ```
+1. Scroll to the **Allowlist for mobile SSO redirect** section and add your redirect URLs.
+ 1. The default is `://sso-callback`
> [!TIP]
> You can also add redirect URLs via [the Backend API](/docs/reference/backend-api/tag/Redirect-URLs#operation/CreateRedirectURL){{ target: '_blank' }}.
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index 5b62147cfa..bfc3c0cde9 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -9,8 +9,6 @@ The `useSSO()` hook is used to create a new SSO flow. It can be used in both web
The `useSSO()` hook returns the `startSSOFlow()` method, which you can use to initiate the SSO flow.
-The `startSSOFlow()` method has the following signature:
-
It accepts the following parameters (`StartSSOFlowParams`):
## Parameters
@@ -41,9 +39,12 @@ It accepts the following parameters (`StartSSOFlowParams`):
## How to use the `useSSO()` hook
-To ensure maximum security in production, you must allowlist the SSO callback URL in your Clerk Dashboard by following these steps:
+Clerk ensures that security critical nonces will be passed only to allowlisted URLs when the SSO flow is complete in native browsers or webviews.
+
+So for maximum security in your production instances, you need to allowlist your the SSO callback URL in your Clerk Dashboard by following these steps:
+
1. Navigate to [**SSO connections**](https://dashboard.clerk.com/last-active?path=user-authentication/sso-connections)
-2. Under **Allowlist for mobile OAuth redirect**, add `://sso-callback`
+1. Under **Allowlist for mobile SSO redirect**, add `://sso-callback`
> [!TIP]
> You can also add redirect URLs via [the Backend API](/docs/reference/backend-api/tag/Redirect-URLs#operation/CreateRedirectURL){{ target: '_blank' }}.
From 17b642c32d0779b8fbfde67cf2e19ef8ae2fdfd7 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 24 Jan 2025 15:11:51 -0300
Subject: [PATCH 17/25] Update Expo overview to mention `useSSO`
---
docs/manifest.json | 8 ++++----
docs/references/expo/overview.mdx | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/docs/manifest.json b/docs/manifest.json
index a274c971f2..e768454f97 100644
--- a/docs/manifest.json
+++ b/docs/manifest.json
@@ -1697,8 +1697,8 @@
"href": "/docs/custom-flows/google-one-tap"
},
{
- "title": "SSO connections",
- "href": "/docs/custom-flows/sso-connections"
+ "title": "OAuth connections",
+ "href": "/docs/custom-flows/oauth-connections"
},
{
"title": "Enterprise connections",
@@ -2174,8 +2174,8 @@
"href": "/docs/references/javascript/types/metadata"
},
{
- "title": "SSO types",
- "href": "/docs/references/javascript/types/sso"
+ "title": "OAuth types",
+ "href": "/docs/references/javascript/types/oauth"
},
{
"title": "`OrganizationDomain`",
diff --git a/docs/references/expo/overview.mdx b/docs/references/expo/overview.mdx
index 92b3260836..6a60e926e3 100644
--- a/docs/references/expo/overview.mdx
+++ b/docs/references/expo/overview.mdx
@@ -16,7 +16,7 @@ The Expo SDK gives you access to the following resources:
The following hooks are available for both **native** and **web** apps:
- All React hooks are available. See [the React docs](/docs/references/react/overview){{ target: '_blank' }} for more information.
-- [`useOAuth()`](/docs/references/expo/use-oauth)
+- [`useSSO()`](/docs/references/expo/use-sso)
- [`useLocalCredentials()`](/docs/references/expo/use-local-credentials)
### Clerk components {{ id: 'components' }}
From 80081e596030de0eb86592570da2d0a91e2195e7 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 24 Jan 2025 15:15:08 -0300
Subject: [PATCH 18/25] Update snippets
---
.../expo/deprecated-oauth-custom-flow.mdx | 58 +++++++++
.../expo/enterprise-sso-custom-flow.mdx | 58 +++++++++
docs/_partials/expo/oauth-custom-flow.mdx | 30 ++---
docs/_partials/expo/sso-custom-flow.mdx | 121 ------------------
docs/manifest.json | 10 +-
docs/references/expo/use-oauth.mdx | 2 +-
docs/references/expo/use-sso.mdx | 8 +-
7 files changed, 145 insertions(+), 142 deletions(-)
create mode 100644 docs/_partials/expo/deprecated-oauth-custom-flow.mdx
create mode 100644 docs/_partials/expo/enterprise-sso-custom-flow.mdx
delete mode 100644 docs/_partials/expo/sso-custom-flow.mdx
diff --git a/docs/_partials/expo/deprecated-oauth-custom-flow.mdx b/docs/_partials/expo/deprecated-oauth-custom-flow.mdx
new file mode 100644
index 0000000000..81f09bee6c
--- /dev/null
+++ b/docs/_partials/expo/deprecated-oauth-custom-flow.mdx
@@ -0,0 +1,58 @@
+The following example demonstrates how to create a custom OAuth sign-in flow for [Google accounts](/docs/authentication/social-connections/google).
+
+```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
+import React from 'react'
+import * as WebBrowser from 'expo-web-browser'
+import { Text, View, Button } from 'react-native'
+import { Link } from 'expo-router'
+import { useOAuth } from '@clerk/clerk-expo'
+import * as Linking from 'expo-linking'
+
+export const useWarmUpBrowser = () => {
+ React.useEffect(() => {
+ // Warm up the android browser to improve UX
+ // https://docs.expo.dev/guides/authentication/#improving-user-experience
+ void WebBrowser.warmUpAsync()
+ return () => {
+ void WebBrowser.coolDownAsync()
+ }
+ }, [])
+}
+
+WebBrowser.maybeCompleteAuthSession()
+
+export default function Page() {
+ useWarmUpBrowser()
+
+ const { startOAuthFlow } = useOAuth({ strategy: 'oauth_google' })
+
+ const onPress = React.useCallback(async () => {
+ try {
+ const { createdSessionId, signIn, signUp, setActive } = await startOAuthFlow({
+ redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }),
+ })
+
+ // If sign in was successful, set the active session
+ if (createdSessionId) {
+ setActive!({ session: createdSessionId })
+ } else {
+ // Use signIn or signUp returned from startOAuthFlow
+ // for next steps, such as MFA
+ }
+ } catch (err) {
+ // See https://clerk.com/docs/custom-flows/error-handling
+ // for more info on error handling
+ console.error(JSON.stringify(err, null, 2))
+ }
+ }, [])
+
+ return (
+
+
+ Home
+
+
+
+ )
+}
+```
diff --git a/docs/_partials/expo/enterprise-sso-custom-flow.mdx b/docs/_partials/expo/enterprise-sso-custom-flow.mdx
new file mode 100644
index 0000000000..faa7cda7f3
--- /dev/null
+++ b/docs/_partials/expo/enterprise-sso-custom-flow.mdx
@@ -0,0 +1,58 @@
+The following example demonstrates how to create a custom SSO sign-in flow with [SAML](docs/authentication/enterprise-connections/overview#saml).
+
+```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
+import React, { useCallback, useEffect } from 'react'
+import * as WebBrowser from 'expo-web-browser'
+import * as Linking from 'expo-linking'
+import { useSSO } from '@clerk/clerk-expo'
+import { View, Button } from 'react-native'
+
+export const useWarmUpBrowser = () => {
+ useEffect(() => {
+ // Preloads the browser for Android devices to reduce authentication load time
+ // See: https://docs.expo.dev/guides/authentication/#improving-user-experience
+ void WebBrowser.warmUpAsync()
+ return () => {
+ // Cleanup: closes browser when component unmounts
+ void WebBrowser.coolDownAsync()
+ }
+ }, [])
+}
+
+// Handle any pending authentication sessions
+WebBrowser.maybeCompleteAuthSession()
+
+export default function Page() {
+ useWarmUpBrowser()
+
+ const { startSSOFlow } = useSSO()
+
+ const onPress = useCallback(async () => {
+ try {
+ const { createdSessionId, setActive, signIn, signUp } = await startSSOFlow({
+ strategy: 'enterprise_sso',
+ // This identifier would likely be derived from a text input
+ identifier: 'foo@corp.com',
+ })
+
+ // If sign in was successful, set the active session
+ if (createdSessionId) {
+ setActive!({ session: createdSessionId })
+ } else {
+ // Use `signIn` or `signUp` returned from `startSSOFlow`
+ // for next steps, such as MFA
+ }
+ } catch (err) {
+ // See https://clerk.com/docs/custom-flows/error-handling
+ // for more info on error handling
+ console.error(JSON.stringify(err, null, 2))
+ }
+ }, [])
+
+ return (
+
+
+
+ )
+}
+```
diff --git a/docs/_partials/expo/oauth-custom-flow.mdx b/docs/_partials/expo/oauth-custom-flow.mdx
index 81f09bee6c..671da6321b 100644
--- a/docs/_partials/expo/oauth-custom-flow.mdx
+++ b/docs/_partials/expo/oauth-custom-flow.mdx
@@ -1,42 +1,43 @@
-The following example demonstrates how to create a custom OAuth sign-in flow for [Google accounts](/docs/authentication/social-connections/google).
+The following example demonstrates how to create a custom SSO flow for [Google OAuth](/docs/authentication/social-connections/google).
```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
-import React from 'react'
+import React, { useCallback, useEffect } from 'react'
import * as WebBrowser from 'expo-web-browser'
-import { Text, View, Button } from 'react-native'
-import { Link } from 'expo-router'
-import { useOAuth } from '@clerk/clerk-expo'
import * as Linking from 'expo-linking'
+import { useSSO } from '@clerk/clerk-expo'
+import { View, Button } from 'react-native'
export const useWarmUpBrowser = () => {
- React.useEffect(() => {
- // Warm up the android browser to improve UX
- // https://docs.expo.dev/guides/authentication/#improving-user-experience
+ useEffect(() => {
+ // Preloads the browser for Android devices to reduce authentication load time
+ // See: https://docs.expo.dev/guides/authentication/#improving-user-experience
void WebBrowser.warmUpAsync()
return () => {
+ // Cleanup: closes browser when component unmounts
void WebBrowser.coolDownAsync()
}
}, [])
}
+// Handle any pending authentication sessions
WebBrowser.maybeCompleteAuthSession()
export default function Page() {
useWarmUpBrowser()
- const { startOAuthFlow } = useOAuth({ strategy: 'oauth_google' })
+ const { startSSOFlow } = useSSO()
- const onPress = React.useCallback(async () => {
+ const onPress = useCallback(async () => {
try {
- const { createdSessionId, signIn, signUp, setActive } = await startOAuthFlow({
- redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }),
+ const { createdSessionId, setActive, signIn, signUp } = await startSSOFlow({
+ strategy: 'oauth_google',
})
// If sign in was successful, set the active session
if (createdSessionId) {
setActive!({ session: createdSessionId })
} else {
- // Use signIn or signUp returned from startOAuthFlow
+ // Use `signIn` or `signUp` returned from `startSSOFlow`
// for next steps, such as MFA
}
} catch (err) {
@@ -48,9 +49,6 @@ export default function Page() {
return (
-
- Home
-
)
diff --git a/docs/_partials/expo/sso-custom-flow.mdx b/docs/_partials/expo/sso-custom-flow.mdx
deleted file mode 100644
index 43c37a5d8c..0000000000
--- a/docs/_partials/expo/sso-custom-flow.mdx
+++ /dev/null
@@ -1,121 +0,0 @@
-
-
- The following example demonstrates how to create a custom SSO sign-in flow for [Google OAuth](/docs/authentication/social-connections/google).
-
- ```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
- import React, { useCallback, useEffect } from 'react'
- import * as WebBrowser from 'expo-web-browser'
- import * as Linking from 'expo-linking'
- import { useSSO } from '@clerk/clerk-expo'
- import { View, Button } from 'react-native'
-
- export const useWarmUpBrowser = () => {
- useEffect(() => {
- // Preloads the browser for Android devices to reduce authentication load time
- // See: https://docs.expo.dev/guides/authentication/#improving-user-experience
- void WebBrowser.warmUpAsync()
- return () => {
- // Cleanup: closes browser when component unmounts
- void WebBrowser.coolDownAsync()
- }
- }, [])
- }
-
- // Handle any pending authentication sessions
- WebBrowser.maybeCompleteAuthSession()
-
- export default function Page() {
- useWarmUpBrowser()
-
- const { startSSOFlow } = useSSO()
-
- const onPress = useCallback(async () => {
- try {
- const { createdSessionId, setActive, signIn, signUp } = await startSSOFlow({
- strategy: 'oauth_google',
- })
-
- // If sign in was successful, set the active session
- if (createdSessionId) {
- setActive!({ session: createdSessionId })
- } else {
- // Use `signIn` or `signUp` returned from `startSSOFlow`
- // for next steps, such as MFA
- }
- } catch (err) {
- // See https://clerk.com/docs/custom-flows/error-handling
- // for more info on error handling
- console.error(JSON.stringify(err, null, 2))
- }
- }, [])
-
- return (
-
-
-
- )
- }
- ```
-
-
-
- The following example demonstrates how to create a custom SSO sign-in flow with [SAML](docs/authentication/enterprise-connections/overview#saml).
-
- ```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
- import React, { useCallback, useEffect } from 'react'
- import * as WebBrowser from 'expo-web-browser'
- import * as Linking from 'expo-linking'
- import { useSSO } from '@clerk/clerk-expo'
- import { View, Button } from 'react-native'
-
- export const useWarmUpBrowser = () => {
- useEffect(() => {
- // Preloads the browser for Android devices to reduce authentication load time
- // See: https://docs.expo.dev/guides/authentication/#improving-user-experience
- void WebBrowser.warmUpAsync()
- return () => {
- // Cleanup: closes browser when component unmounts
- void WebBrowser.coolDownAsync()
- }
- }, [])
- }
-
- // Handle any pending authentication sessions
- WebBrowser.maybeCompleteAuthSession()
-
- export default function Page() {
- useWarmUpBrowser()
-
- const { startSSOFlow } = useSSO()
-
- const onPress = useCallback(async () => {
- try {
- const { createdSessionId, setActive, signIn, signUp } = await startSSOFlow({
- strategy: 'enterprise_sso',
- // This identifier would likely be derived from a text input
- identifier: 'foo@corp.com',
- })
-
- // If sign in was successful, set the active session
- if (createdSessionId) {
- setActive!({ session: createdSessionId })
- } else {
- // Use `signIn` or `signUp` returned from `startSSOFlow`
- // for next steps, such as MFA
- }
- } catch (err) {
- // See https://clerk.com/docs/custom-flows/error-handling
- // for more info on error handling
- console.error(JSON.stringify(err, null, 2))
- }
- }, [])
-
- return (
-
-
-
- )
- }
- ```
-
-
diff --git a/docs/manifest.json b/docs/manifest.json
index e768454f97..d10cc47cbc 100644
--- a/docs/manifest.json
+++ b/docs/manifest.json
@@ -2174,8 +2174,8 @@
"href": "/docs/references/javascript/types/metadata"
},
{
- "title": "OAuth types",
- "href": "/docs/references/javascript/types/oauth"
+ "title": "SSO types",
+ "href": "/docs/references/javascript/types/sso"
},
{
"title": "`OrganizationDomain`",
@@ -2443,7 +2443,11 @@
"href": "/docs/references/expo/use-local-credentials"
},
{
- "title": "useOAuth()",
+ "title": "`useSSO()`",
+ "href": "/docs/references/expo/use-sso"
+ },
+ {
+ "title": "`useOAuth()` (deprecated)",
"href": "/docs/references/expo/use-oauth"
}
]
diff --git a/docs/references/expo/use-oauth.mdx b/docs/references/expo/use-oauth.mdx
index 91a329fe9d..9fb23a157e 100644
--- a/docs/references/expo/use-oauth.mdx
+++ b/docs/references/expo/use-oauth.mdx
@@ -61,4 +61,4 @@ It accepts the following parameters (`StartOAuthFlowParams`):
## How to use the `useOAuth()` hook
-
+
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index bfc3c0cde9..eb8978510c 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -49,4 +49,10 @@ So for maximum security in your production instances, you need to allowlist your
> [!TIP]
> You can also add redirect URLs via [the Backend API](/docs/reference/backend-api/tag/Redirect-URLs#operation/CreateRedirectURL){{ target: '_blank' }}.
-
+### With OAuth
+
+
+
+### With SAML
+
+
From 81107e223b065e310bad4b9c83322f2b7c373ee9 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Fri, 24 Jan 2025 15:26:52 -0300
Subject: [PATCH 19/25] Rollback OAuth connections changes
---
.../expo/enterprise-sso-custom-flow.mdx | 2 +-
docs/custom-flows/oauth-connections.mdx | 35 +++++++++----------
docs/deployments/deploy-expo.mdx | 2 +-
3 files changed, 18 insertions(+), 21 deletions(-)
diff --git a/docs/_partials/expo/enterprise-sso-custom-flow.mdx b/docs/_partials/expo/enterprise-sso-custom-flow.mdx
index faa7cda7f3..09d03253fb 100644
--- a/docs/_partials/expo/enterprise-sso-custom-flow.mdx
+++ b/docs/_partials/expo/enterprise-sso-custom-flow.mdx
@@ -1,4 +1,4 @@
-The following example demonstrates how to create a custom SSO sign-in flow with [SAML](docs/authentication/enterprise-connections/overview#saml).
+The following example demonstrates how to create a custom SSO flow with [SAML](docs/authentication/enterprise-connections/overview#saml).
```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
import React, { useCallback, useEffect } from 'react'
diff --git a/docs/custom-flows/oauth-connections.mdx b/docs/custom-flows/oauth-connections.mdx
index c55e26cfa0..3456fe07f6 100644
--- a/docs/custom-flows/oauth-connections.mdx
+++ b/docs/custom-flows/oauth-connections.mdx
@@ -1,32 +1,29 @@
---
-title: Build a custom flow for authenticating with SSO connections
-description: Learn how to use the Clerk API to build a custom sign-up and sign-in flow that supports SSO connections.
+title: Build a custom flow for authenticating with OAuth connections
+description: Learn how to use the Clerk API to build a custom sign-up and sign-in flow that supports OAuth connections.
---
## Before you start
-You must configure your application instance through the Clerk Dashboard for the SSO connection that you want to use.
-
-- For OAuth SSO, refer to [this guide](/docs/authentication/social-connections/oauth#enable-a-social-connection).
-- For Enterprise SSO, refer to [this guide](/docs/authentication/enterprise-connections/overview).
+You must configure your application instance through the Clerk Dashboard for the social connection(s) that you want to use, as described at [the top of the OAuth guide](/docs/authentication/social-connections/oauth#configuration).
## Create the sign-up and sign-in flow
-When using SSO, the sign-up and sign-in flows are equivalent.
+When using OAuth, the sign-up and sign-in flows are equivalent.
- A successful SSO flow consists of the following steps:
+ A successful OAuth flow consists of the following steps:
- 1. Start the SSO flow by calling [`SignIn.authenticateWithRedirect(params)`](/docs/references/javascript/sign-in/authenticate-with#authenticate-with-redirect) or [`SignUp.authenticateWithRedirect(params)`](/docs/references/javascript/sign-up/authenticate-with#authenticate-with-redirect). Both of these methods require a `redirectUrl` param, which is the URL that the browser will be redirected to once the user authenticates with the OAuth provider.
+ 1. Start the OAuth flow by calling [`SignIn.authenticateWithRedirect(params)`](/docs/references/javascript/sign-in/authenticate-with#authenticate-with-redirect) or [`SignUp.authenticateWithRedirect(params)`](/docs/references/javascript/sign-up/authenticate-with#authenticate-with-redirect). Both of these methods require a `redirectUrl` param, which is the URL that the browser will be redirected to once the user authenticates with the OAuth provider.
1. Create a route at the URL that the `redirectUrl` param points to. The following example names this route `/sso-callback`. This route should call the [`Clerk.handleRedirectCallback()`](/docs/references/javascript/clerk/handle-navigation#handle-redirect-callback) method or simply render the prebuilt [``](/docs/components/control/authenticate-with-callback) component.
The following example shows two files:
- 1. The sign-in page where the user can start the SSO flow.
- 1. The SSO callback page where the SSO flow is completed.
+ 1. The sign-in page where the user can start the OAuth flow.
+ 1. The SSO callback page where the OAuth flow is completed.
```tsx {{ filename: 'app/sign-in/page.tsx' }}
@@ -93,7 +90,7 @@ When using SSO, the sign-up and sign-in flows are equivalent.
### Build the flow
-
+
@@ -162,9 +159,9 @@ When using SSO, the sign-up and sign-in flows are equivalent.
-## SSO account transfer flows
+## OAuth account transfer flows
-It is common for users who are authenticating with SSO to use a sign-in button when they mean to sign-up, and vice versa. For those cases, the `SignIn` and `SignUp` objects have a `transferable` status that indicates whether the user can be transferred to the other flow.
+It is common for users who are authenticating with OAuth to use a sign-in button when they mean to sign-up, and vice versa. For those cases, the `SignIn` and `SignUp` objects have a `transferable` status that indicates whether the user can be transferred to the other flow.
**If you would like to keep your sign-in and sign-up flows completely separate, then you can skip this section.**
@@ -179,7 +176,7 @@ The following example demonstrates how to handle these cases in your sign-in flo
import { OAuthStrategy } from '@clerk/types'
import { useSignIn, useSignUp } from '@clerk/nextjs'
- export default function SSOSignIn() {
+ export default function OauthSignIn() {
const { signIn } = useSignIn()
const { signUp, setActive } = useSignUp()
@@ -197,7 +194,7 @@ The following example demonstrates how to handle these cases in your sign-in flo
if (!signIn || !signUp) return null
// If the user has an account in your application, but does not yet
- // have an SSO account connected to it, you can transfer the SSO
+ // have an OAuth account connected to it, you can transfer the OAuth
// account to the existing user account.
const userExistsButNeedsToSignIn =
signUp.verifications.externalAccount.status === 'transferable' &&
@@ -213,9 +210,9 @@ The following example demonstrates how to handle these cases in your sign-in flo
}
}
- // If the user has an SSO account but does not yet
+ // If the user has an OAuth account but does not yet
// have an account in your app, you can create an account
- // for them using the SSO information.
+ // for them using the OAuth information.
const userNeedsToBeCreated = signIn.firstFactorVerification.status === 'transferable'
if (userNeedsToBeCreated) {
@@ -230,7 +227,7 @@ The following example demonstrates how to handle these cases in your sign-in flo
}
} else {
// If the user has an account in your application
- // and has an SSO account connected to it, you can sign them in.
+ // and has an OAuth account connected to it, you can sign them in.
signInWith(strategy)
}
}
diff --git a/docs/deployments/deploy-expo.mdx b/docs/deployments/deploy-expo.mdx
index be72d5c03c..08258d2815 100644
--- a/docs/deployments/deploy-expo.mdx
+++ b/docs/deployments/deploy-expo.mdx
@@ -15,7 +15,7 @@ With Clerk, you can [add OAuth flows in your Expo applications](/docs/custom-flo
Clerk ensures that security critical nonces will be passed only to allowlisted URLs when the OAuth flow is complete in native browsers or webviews.
-So for maximum security in your production instances, you need to allowlist the OAuth callback URL:
+So for maximum security in your production instances, you need to allowlist the SSO callback URL:
1. In the Clerk Dashboard, navigate to the [**SSO connections**](https://dashboard.clerk.com/last-active?path=user-authentication/sso-connections) page.
1. Scroll to the **Allowlist for mobile SSO redirect** section and add your redirect URLs.
From 0a5b33538f5a26547ece2c2e008a299fb06d9dbf Mon Sep 17 00:00:00 2001
From: Alexis Aguilar <98043211+alexisintech@users.noreply.github.com>
Date: Thu, 30 Jan 2025 16:35:07 -0500
Subject: [PATCH 20/25] docs review
---
.../expo/deprecated-oauth-custom-flow.mdx | 58 ------------------
.../expo/enterprise-sso-custom-flow.mdx | 28 ++++++---
docs/_partials/expo/oauth-custom-flow.mdx | 11 ++--
docs/custom-flows/enterprise-connections.mdx | 36 ++++++-----
docs/custom-flows/oauth-connections.mdx | 40 +++++-------
docs/references/expo/overview.mdx | 17 +++---
docs/references/expo/use-oauth.mdx | 61 ++++++++++++++++++-
docs/references/expo/use-sso.mdx | 55 ++++++++++++++++-
docs/references/expo/web-support/overview.mdx | 9 +--
9 files changed, 186 insertions(+), 129 deletions(-)
delete mode 100644 docs/_partials/expo/deprecated-oauth-custom-flow.mdx
diff --git a/docs/_partials/expo/deprecated-oauth-custom-flow.mdx b/docs/_partials/expo/deprecated-oauth-custom-flow.mdx
deleted file mode 100644
index 81f09bee6c..0000000000
--- a/docs/_partials/expo/deprecated-oauth-custom-flow.mdx
+++ /dev/null
@@ -1,58 +0,0 @@
-The following example demonstrates how to create a custom OAuth sign-in flow for [Google accounts](/docs/authentication/social-connections/google).
-
-```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
-import React from 'react'
-import * as WebBrowser from 'expo-web-browser'
-import { Text, View, Button } from 'react-native'
-import { Link } from 'expo-router'
-import { useOAuth } from '@clerk/clerk-expo'
-import * as Linking from 'expo-linking'
-
-export const useWarmUpBrowser = () => {
- React.useEffect(() => {
- // Warm up the android browser to improve UX
- // https://docs.expo.dev/guides/authentication/#improving-user-experience
- void WebBrowser.warmUpAsync()
- return () => {
- void WebBrowser.coolDownAsync()
- }
- }, [])
-}
-
-WebBrowser.maybeCompleteAuthSession()
-
-export default function Page() {
- useWarmUpBrowser()
-
- const { startOAuthFlow } = useOAuth({ strategy: 'oauth_google' })
-
- const onPress = React.useCallback(async () => {
- try {
- const { createdSessionId, signIn, signUp, setActive } = await startOAuthFlow({
- redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }),
- })
-
- // If sign in was successful, set the active session
- if (createdSessionId) {
- setActive!({ session: createdSessionId })
- } else {
- // Use signIn or signUp returned from startOAuthFlow
- // for next steps, such as MFA
- }
- } catch (err) {
- // See https://clerk.com/docs/custom-flows/error-handling
- // for more info on error handling
- console.error(JSON.stringify(err, null, 2))
- }
- }, [])
-
- return (
-
-
- Home
-
-
-
- )
-}
-```
diff --git a/docs/_partials/expo/enterprise-sso-custom-flow.mdx b/docs/_partials/expo/enterprise-sso-custom-flow.mdx
index 09d03253fb..4d62505224 100644
--- a/docs/_partials/expo/enterprise-sso-custom-flow.mdx
+++ b/docs/_partials/expo/enterprise-sso-custom-flow.mdx
@@ -1,11 +1,12 @@
-The following example demonstrates how to create a custom SSO flow with [SAML](docs/authentication/enterprise-connections/overview#saml).
+Expo supports SAML Enterprise SSO, but does not support EASIE or OIDC.
+
+The following example demonstrates how to create a custom SSO flow with [SAML](docs/authentication/enterprise-connections/overview#saml). In the following example, when the user selects the "Sign in with SAML" button, they will be redirected to the provider's authentication page. Once they authenticate, they will be redirected back to your app. If there are missing requirements, like they need to complete MFA, then the `createdSessionId` will remain `null`, and you'll need to add logic to handle the missing requirements. If there are no missing requirements, then the user will be signed in.
```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
-import React, { useCallback, useEffect } from 'react'
+import React, { useCallback, useEffect, useState } from 'react'
import * as WebBrowser from 'expo-web-browser'
-import * as Linking from 'expo-linking'
import { useSSO } from '@clerk/clerk-expo'
-import { View, Button } from 'react-native'
+import { View, Button, TextInput } from 'react-native'
export const useWarmUpBrowser = () => {
useEffect(() => {
@@ -25,22 +26,25 @@ WebBrowser.maybeCompleteAuthSession()
export default function Page() {
useWarmUpBrowser()
+ const [email, setEmail] = useState('')
+
const { startSSOFlow } = useSSO()
const onPress = useCallback(async () => {
try {
const { createdSessionId, setActive, signIn, signUp } = await startSSOFlow({
strategy: 'enterprise_sso',
- // This identifier would likely be derived from a text input
- identifier: 'foo@corp.com',
+ identifier: email,
})
// If sign in was successful, set the active session
if (createdSessionId) {
setActive!({ session: createdSessionId })
} else {
- // Use `signIn` or `signUp` returned from `startSSOFlow`
- // for next steps, such as MFA
+ // If there is no `createdSessionId`,
+ // there are missing requirements, such as MFA
+ // Use the `signIn` or `signUp` returned from `startSSOFlow`
+ // to handle next steps
}
} catch (err) {
// See https://clerk.com/docs/custom-flows/error-handling
@@ -51,7 +55,13 @@ export default function Page() {
return (
-
+
+
)
}
diff --git a/docs/_partials/expo/oauth-custom-flow.mdx b/docs/_partials/expo/oauth-custom-flow.mdx
index 671da6321b..9a652f467f 100644
--- a/docs/_partials/expo/oauth-custom-flow.mdx
+++ b/docs/_partials/expo/oauth-custom-flow.mdx
@@ -1,9 +1,8 @@
-The following example demonstrates how to create a custom SSO flow for [Google OAuth](/docs/authentication/social-connections/google).
+The following example demonstrates how to create a custom SSO flow for [Google OAuth](/docs/authentication/social-connections/google). In the following example, when the user selects the "Sign in with Google" button, they will be redirected to the Google authentication page. Once they authenticate, they will be redirected back to your app. If there are missing requirements, like they need to complete MFA, then the `createdSessionId` will remain `null`, and you'll need to add logic to handle the missing requirements. If there are no missing requirements, then the user will be signed in.
```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
import React, { useCallback, useEffect } from 'react'
import * as WebBrowser from 'expo-web-browser'
-import * as Linking from 'expo-linking'
import { useSSO } from '@clerk/clerk-expo'
import { View, Button } from 'react-native'
@@ -25,10 +24,12 @@ WebBrowser.maybeCompleteAuthSession()
export default function Page() {
useWarmUpBrowser()
+ // Use the `useSSO()` hook to access the `startSSOFlow()` method
const { startSSOFlow } = useSSO()
const onPress = useCallback(async () => {
try {
+ // Start the OAuth process by calling `startSSOFlow()`
const { createdSessionId, setActive, signIn, signUp } = await startSSOFlow({
strategy: 'oauth_google',
})
@@ -37,8 +38,10 @@ export default function Page() {
if (createdSessionId) {
setActive!({ session: createdSessionId })
} else {
- // Use `signIn` or `signUp` returned from `startSSOFlow`
- // for next steps, such as MFA
+ // If there is no `createdSessionId`,
+ // there are missing requirements, such as MFA
+ // Use the `signIn` or `signUp` returned from `startSSOFlow`
+ // to handle next steps
}
} catch (err) {
// See https://clerk.com/docs/custom-flows/error-handling
diff --git a/docs/custom-flows/enterprise-connections.mdx b/docs/custom-flows/enterprise-connections.mdx
index 261e082868..7ad20b0b16 100644
--- a/docs/custom-flows/enterprise-connections.mdx
+++ b/docs/custom-flows/enterprise-connections.mdx
@@ -11,8 +11,9 @@ You must configure your application instance through the Clerk Dashboard for the
## Create the sign-up and sign-in flow
-When using Enterprise SSO, the sign-in and sign-up flows are equivalent. A successful Enterprise SSO flow consists of the following steps:
+When using Enterprise SSO, **the sign-up and sign-in flows are equivalent.** A successful Enterprise SSO authentication flow consists of the following steps:
+1. Access the [`SignIn`](/docs/references/javascript/sign-in/sign-in) or [`SignUp`](/docs/references/javascript/sign-up/sign-up) object using the [`useSignIn()`](/docs/references/react/use-sign-in) or [`useSignUp()`](/docs/references/react/use-sign-up) hook, respectively.
1. Start the Enterprise SSO flow by calling [`SignIn.authenticateWithRedirect(params)`][sign-in-redirect] or [`SignUp.authenticateWithRedirect(params)`][sign-up-redirect]. Both of these methods require a `redirectUrl` param, which is the URL that the browser will be redirected to once the user authenticates with the identity provider.
1. Create a route at the URL that the `redirectUrl` param points to. The following example names this route `/sso-callback`. This route should either call the [`Clerk.handleRedirectCallback()`](/docs/references/javascript/clerk/handle-navigation#handle-redirect-callback) method or render the prebuilt [``](/docs/components/control/authenticate-with-callback) component.
@@ -21,37 +22,38 @@ The following example shows two files:
1. The sign-in page where the user can start the Enterprise SSO flow.
1. The SSO callback page where the flow is completed.
-
+
```tsx {{ filename: 'app/sign-in/page.tsx' }}
'use client'
import * as React from 'react'
- import { useSignIn, useSignUp } from '@clerk/nextjs'
+ import { useSignIn } from '@clerk/nextjs'
export default function Page() {
- const { signIn } = useSignIn()
- const { signUp } = useSignUp()
-
- if (!signIn || !signUp) return null
+ const { signIn, isLoaded } = useSignIn()
- const signInWithEnterpriseSSO = (e: React.FormEvent) => {
+ const signInWithEnterpriseSSO = async (e: React.FormEvent) => {
e.preventDefault()
+ if (!isLoaded) return null
+
const email = (e.target as HTMLFormElement).email.value
- signIn
+ await signIn
.authenticateWithRedirect({
identifier: email,
strategy: 'enterprise_sso',
- redirectUrl: '/sign-up/sso-callback',
+ redirectUrl: '/sign-in/sso-callback',
redirectUrlComplete: '/',
})
.then((res) => {
console.log(res)
})
.catch((err: any) => {
+ // See https://clerk.com/docs/custom-flows/error-handling
+ // for more info on error handling
console.log(err.errors)
console.error(err, null, 2)
})
@@ -59,14 +61,14 @@ The following example shows two files:
return (
)
}
```
- ```jsx {{ filename: 'app/sign-up/sso-callback/page.tsx' }}
+ ```jsx {{ filename: 'app/sign-in/sso-callback/page.tsx' }}
import { AuthenticateWithRedirectCallback } from '@clerk/nextjs'
export default function Page() {
@@ -78,10 +80,16 @@ The following example shows two files:
```
+
+
+
+
## Enterprise account transfer flows
+{/* TODO(Laura): I believe this is built in with Expo's `useSSO()` hook, so I don't think we need to add Expo example here. Is this correct? */}
+
It is common for users who are authenticating with an enterprise account to use a sign-in button when they mean to sign-up, and vice versa. For those cases, the `SignIn` and `SignUp` objects have a `transferable` status that indicates whether the user can be transferred to the other flow.
**If you would like to keep your sign-in and sign-up flows completely separate, then you can skip this section.**
@@ -90,7 +98,7 @@ The following example demonstrates how to handle these cases in your sign-in flo
- ```tsx {{ filename: 'app/sign-in/[[...sign-in]]/page.tsx', collapsible: true }}
+ ```tsx {{ filename: 'app/sign-in/page.tsx', collapsible: true }}
'use client'
import * as React from 'react'
@@ -111,7 +119,7 @@ The following example demonstrates how to handle these cases in your sign-in flo
.authenticateWithRedirect({
identifier: email,
strategy: 'enterprise_sso',
- redirectUrl: '/sign-up/sso-callback',
+ redirectUrl: '/sign-in/sso-callback',
redirectUrlComplete: '/',
})
.then((res) => {
diff --git a/docs/custom-flows/oauth-connections.mdx b/docs/custom-flows/oauth-connections.mdx
index 3456fe07f6..880d9a6462 100644
--- a/docs/custom-flows/oauth-connections.mdx
+++ b/docs/custom-flows/oauth-connections.mdx
@@ -39,11 +39,21 @@ When using OAuth, the sign-up and sign-in flows are equivalent.
if (!signIn) return null
const signInWith = (strategy: OAuthStrategy) => {
- return signIn.authenticateWithRedirect({
- strategy,
- redirectUrl: '/sign-up/sso-callback',
- redirectUrlComplete: '/',
- })
+ return signIn
+ .authenticateWithRedirect({
+ strategy,
+ redirectUrl: '/sign-up/sso-callback',
+ redirectUrlComplete: '/',
+ })
+ .then((res) => {
+ console.log(res)
+ })
+ .catch((err: any) => {
+ // See https://clerk.com/docs/custom-flows/error-handling
+ // for more info on error handling
+ console.log(err.errors)
+ console.error(err, null, 2)
+ })
}
// Render a button for each supported OAuth provider
@@ -70,26 +80,6 @@ When using OAuth, the sign-up and sign-in flows are equivalent.
- ### Before you start
-
- Install `expo-linking` to handle linking.
-
-
- ```bash {{ filename: 'terminal' }}
- npm install expo-linking
- ```
-
- ```bash {{ filename: 'terminal' }}
- yarn add expo-linking
- ```
-
- ```bash {{ filename: 'terminal' }}
- pnpm add expo-linking
- ```
-
-
- ### Build the flow
-
diff --git a/docs/references/expo/overview.mdx b/docs/references/expo/overview.mdx
index cdf3aa3bc5..36a05e22c0 100644
--- a/docs/references/expo/overview.mdx
+++ b/docs/references/expo/overview.mdx
@@ -11,20 +11,23 @@ The Expo SDK gives you access to the following resources:
### Clerk hooks {{ id: 'hooks' }}
-The following hooks are available for both **native** and **web** apps:
+The Expo SDK provides the following hooks:
-- All React hooks are available. See [the React docs](/docs/references/react/overview){{ target: '_blank' }} for more information.
- [`useSSO()`](/docs/references/expo/use-sso)
- [`useLocalCredentials()`](/docs/references/expo/use-local-credentials)
+Because the Expo SDK is built on top of the Clerk React SDK, you can use the hooks that the React SDK provides. These hooks include access to the [`Clerk`](/docs/references/javascript/clerk/clerk) object, [`User` object](/docs/references/javascript/user/user), [`Organization` object](/docs/references/javascript/organization/organization), and a set of useful helper methods for signing in and signing up.
+
+
+
### Clerk components {{ id: 'components' }}
- **Native** apps:
- - [``](/docs/components/control/clerk-loaded){{ target: '_blank' }}
- - [``](/docs/components/control/clerk-loading){{ target: '_blank' }}
- - [``](/docs/components/control/signed-in){{ target: '_blank' }}
- - [``](/docs/components/control/signed-out){{ target: '_blank' }}
- - [``](/docs/components/protect){{ target: '_blank' }}
+ - [``](/docs/components/control/clerk-loaded)
+ - [``](/docs/components/control/clerk-loading)
+ - [``](/docs/components/control/signed-in)
+ - [``](/docs/components/control/signed-out)
+ - [``](/docs/components/protect)
- **Web** apps:
- All Clerk components are available. See [the component docs](/docs/components/overview) for more information.
diff --git a/docs/references/expo/use-oauth.mdx b/docs/references/expo/use-oauth.mdx
index 9fb23a157e..b0f3650d0b 100644
--- a/docs/references/expo/use-oauth.mdx
+++ b/docs/references/expo/use-oauth.mdx
@@ -1,5 +1,5 @@
---
-title: useOAuth()
+title: useOAuth() (deprecated)
description: Clerk's useOAuth() hook is used to create a new OAuth flow.
---
@@ -61,4 +61,61 @@ It accepts the following parameters (`StartOAuthFlowParams`):
## How to use the `useOAuth()` hook
-
+The following example demonstrates how to create a custom OAuth sign-in flow for [Google accounts](/docs/authentication/social-connections/google).
+
+```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
+import React from 'react'
+import * as WebBrowser from 'expo-web-browser'
+import { Text, View, Button } from 'react-native'
+import { Link } from 'expo-router'
+import { useOAuth } from '@clerk/clerk-expo'
+import * as Linking from 'expo-linking'
+
+export const useWarmUpBrowser = () => {
+ React.useEffect(() => {
+ // Warm up the android browser to improve UX
+ // https://docs.expo.dev/guides/authentication/#improving-user-experience
+ void WebBrowser.warmUpAsync()
+ return () => {
+ void WebBrowser.coolDownAsync()
+ }
+ }, [])
+}
+
+WebBrowser.maybeCompleteAuthSession()
+
+export default function Page() {
+ useWarmUpBrowser()
+
+ const { startOAuthFlow } = useOAuth({ strategy: 'oauth_google' })
+
+ const onPress = React.useCallback(async () => {
+ try {
+ const { createdSessionId, signIn, signUp, setActive } = await startOAuthFlow({
+ redirectUrl: Linking.createURL('/dashboard', { scheme: 'myapp' }),
+ })
+
+ // If sign in was successful, set the active session
+ if (createdSessionId) {
+ setActive!({ session: createdSessionId })
+ } else {
+ // Use signIn or signUp returned from startOAuthFlow
+ // for next steps, such as MFA
+ }
+ } catch (err) {
+ // See https://clerk.com/docs/custom-flows/error-handling
+ // for more info on error handling
+ console.error(JSON.stringify(err, null, 2))
+ }
+ }, [])
+
+ return (
+
+
+ Home
+
+
+
+ )
+}
+```
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index eb8978510c..ec7ef2c523 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -9,9 +9,17 @@ The `useSSO()` hook is used to create a new SSO flow. It can be used in both web
The `useSSO()` hook returns the `startSSOFlow()` method, which you can use to initiate the SSO flow.
-It accepts the following parameters (`StartSSOFlowParams`):
+### `startSSOFlow()`
-## Parameters
+`startSSOFlow()` has the following function signature:
+
+```ts
+function startSSOFlow(startSSOFlowParams: StartSSOFlowParams): Promise
+```
+
+#### Parameters
+
+`startSSOFlow()` accepts the following parameters (`StartSSOFlowParams`):
- `strategy`
@@ -37,8 +45,49 @@ It accepts the following parameters (`StartSSOFlowParams`):
Metadata that can be read and set from the frontend and the backend. Once the authentication process is complete, the value of this field will be automatically copied to the created user's unsafe metadata (`User.unsafeMetadata`). One common use case is to collect custom information about the user during the authentication process and store it in this property. Read more about [unsafe metadata](/docs/users/metadata#unsafe-metadata).
+#### Returns
+
+`startSSOFlow()` returns the following:
+
+
+ - `createdSessionId`
+ - `string | null`
+
+ The ID of the session that was created.
+
+ ---
+
+ - `authSessionResult?`
+ - `WebBrowser.WebBrowserAuthSessionResult | undefined`
+
+ {/* TODO(Laura): Add description */}
+
+ ---
+
+ - `setActive?`
+ - `(params: SetActiveParams) => Promise`
+
+ A method used to set the active session and/or organization. Accepts a [`SetActiveParams`](/docs/references/javascript/types/set-active-params) object.
+
+ ---
+
+ - `signIn?`
+ - [SignIn](/docs/references/javascript/sign-in/sign-in) | undefined
+
+ The [`SignIn`](/docs/references/javascript/sign-in/sign-in) object that was created, which holds the state of the current sign-in and provides helper methods to navigate and complete the sign-in process.
+
+ ---
+
+ - `signUp?`
+ - [SignUp](/docs/references/javascript/sign-up/sign-up) | undefined
+
+ The [`SignUp`](/docs/references/javascript/sign-up/sign-up) object that was created, which holds the state of the current sign-up and provides helper methods to navigate and complete the sign-up process.
+
+
## How to use the `useSSO()` hook
+{/* TODO(Laura): Isn't allowlisting your SSO callback URL only required for production apps? */}
+
Clerk ensures that security critical nonces will be passed only to allowlisted URLs when the SSO flow is complete in native browsers or webviews.
So for maximum security in your production instances, you need to allowlist your the SSO callback URL in your Clerk Dashboard by following these steps:
@@ -53,6 +102,6 @@ So for maximum security in your production instances, you need to allowlist your
-### With SAML
+### With Enterprise SSO
diff --git a/docs/references/expo/web-support/overview.mdx b/docs/references/expo/web-support/overview.mdx
index 134b50e659..0f3e3fcb6f 100644
--- a/docs/references/expo/web-support/overview.mdx
+++ b/docs/references/expo/web-support/overview.mdx
@@ -31,11 +31,6 @@ Use the following guides to learn more about Clerk components, how to build cust
---
- - [Custom flows](/docs/custom-flows/overview)
- - Expo native apps require custom flows in place of prebuilt components. Learn more about custom flows.
-
- ---
-
- - [Client-side helpers](/docs/references/react/use-user)
- - Learn more about our client-side helpers and how to use them.
+ - [Client-side helpers](/docs/references/expo/overview#hooks)
+ - Learn more about Clerk's client-side helpers and how to use them.
From 7d3fd2fbc05b949cfdceefaa01add0724f7e573b Mon Sep 17 00:00:00 2001
From: Alexis Aguilar <98043211+alexisintech@users.noreply.github.com>
Date: Fri, 31 Jan 2025 11:52:43 -0500
Subject: [PATCH 21/25] remove whitelist info from usesso doc
---
docs/deployments/deploy-expo.mdx | 2 +-
docs/references/expo/use-sso.mdx | 12 ------------
2 files changed, 1 insertion(+), 13 deletions(-)
diff --git a/docs/deployments/deploy-expo.mdx b/docs/deployments/deploy-expo.mdx
index 08258d2815..1f91013b6b 100644
--- a/docs/deployments/deploy-expo.mdx
+++ b/docs/deployments/deploy-expo.mdx
@@ -19,7 +19,7 @@ So for maximum security in your production instances, you need to allowlist the
1. In the Clerk Dashboard, navigate to the [**SSO connections**](https://dashboard.clerk.com/last-active?path=user-authentication/sso-connections) page.
1. Scroll to the **Allowlist for mobile SSO redirect** section and add your redirect URLs.
- 1. The default is `://sso-callback`
+ - The default is `://sso-callback`
> [!TIP]
> You can also add redirect URLs via [the Backend API](/docs/reference/backend-api/tag/Redirect-URLs#operation/CreateRedirectURL){{ target: '_blank' }}.
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index ec7ef2c523..9606fae5b0 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -86,18 +86,6 @@ function startSSOFlow(startSSOFlowParams: StartSSOFlowParams): Promise://sso-callback`
-
-> [!TIP]
-> You can also add redirect URLs via [the Backend API](/docs/reference/backend-api/tag/Redirect-URLs#operation/CreateRedirectURL){{ target: '_blank' }}.
-
### With OAuth
From 01eef70c70e4965aa58bec5e72867e78ef4ba5ce Mon Sep 17 00:00:00 2001
From: Alexis Aguilar <98043211+alexisintech@users.noreply.github.com>
Date: Tue, 4 Feb 2025 14:48:39 -0500
Subject: [PATCH 22/25] add callout; update todo
---
docs/_partials/expo/enterprise-sso-custom-flow.mdx | 5 +++--
docs/custom-flows/enterprise-connections.mdx | 4 +++-
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/docs/_partials/expo/enterprise-sso-custom-flow.mdx b/docs/_partials/expo/enterprise-sso-custom-flow.mdx
index 4d62505224..1f681b55af 100644
--- a/docs/_partials/expo/enterprise-sso-custom-flow.mdx
+++ b/docs/_partials/expo/enterprise-sso-custom-flow.mdx
@@ -1,6 +1,7 @@
-Expo supports SAML Enterprise SSO, but does not support EASIE or OIDC.
+> [!IMPORTANT]
+> Expo supports SAML Enterprise SSO, but does not support EASIE or OIDC.
-The following example demonstrates how to create a custom SSO flow with [SAML](docs/authentication/enterprise-connections/overview#saml). In the following example, when the user selects the "Sign in with SAML" button, they will be redirected to the provider's authentication page. Once they authenticate, they will be redirected back to your app. If there are missing requirements, like they need to complete MFA, then the `createdSessionId` will remain `null`, and you'll need to add logic to handle the missing requirements. If there are no missing requirements, then the user will be signed in.
+The following example demonstrates how to create a custom SSO flow with [SAML](docs/authentication/enterprise-connections/overview#saml). In the following example, when the user selects the "Sign in with SAML" button, they'll be redirected to the provider's authentication page. Once they authenticate, they'll be redirected back to your app. If there are missing requirements, like needing to completeMFA, then the `createdSessionId` will remain `null`, and you'll need to add logic to handle the missing requirements. If there are no missing requirements, then the user will be signed in.
```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
import React, { useCallback, useEffect, useState } from 'react'
diff --git a/docs/custom-flows/enterprise-connections.mdx b/docs/custom-flows/enterprise-connections.mdx
index 7ad20b0b16..3ab1e0534b 100644
--- a/docs/custom-flows/enterprise-connections.mdx
+++ b/docs/custom-flows/enterprise-connections.mdx
@@ -22,6 +22,8 @@ The following example shows two files:
1. The sign-in page where the user can start the Enterprise SSO flow.
1. The SSO callback page where the flow is completed.
+{/* Does the signIn need to be awaited? If so, we should update to use try,catch */}
+
@@ -88,7 +90,7 @@ The following example shows two files:
## Enterprise account transfer flows
-{/* TODO(Laura): I believe this is built in with Expo's `useSSO()` hook, so I don't think we need to add Expo example here. Is this correct? */}
+{/* TODO(Laura): I believe this is built in with Expo's `useSSO()` hook, so I don't think we need to add Expo example here. Is this correct? Also, I tested the above example with Nextjs: I went to /sign-in, and tried signing in with a non-existent user, and it created the user for me. So is this section even necessary? */}
It is common for users who are authenticating with an enterprise account to use a sign-in button when they mean to sign-up, and vice versa. For those cases, the `SignIn` and `SignUp` objects have a `transferable` status that indicates whether the user can be transferred to the other flow.
From 1fff4b925df4941c197693a4474f1c1fff8551fd Mon Sep 17 00:00:00 2001
From: Alexis Aguilar <98043211+alexisintech@users.noreply.github.com>
Date: Tue, 4 Feb 2025 16:13:32 -0500
Subject: [PATCH 23/25] final docs review :fingerscrossed:
---
.../custom-flows/sso-connections.mdx | 12 ++
.../expo/enterprise-sso-custom-flow.mdx | 19 ++-
docs/_partials/expo/oauth-custom-flow.mdx | 50 ++++---
docs/custom-flows/enterprise-connections.mdx | 125 +-----------------
docs/custom-flows/oauth-connections.mdx | 123 +----------------
docs/references/expo/use-sso.mdx | 11 +-
6 files changed, 69 insertions(+), 271 deletions(-)
create mode 100644 docs/_partials/custom-flows/sso-connections.mdx
diff --git a/docs/_partials/custom-flows/sso-connections.mdx b/docs/_partials/custom-flows/sso-connections.mdx
new file mode 100644
index 0000000000..281f2ab2b4
--- /dev/null
+++ b/docs/_partials/custom-flows/sso-connections.mdx
@@ -0,0 +1,12 @@
+The following example **will both sign up _and_ sign in users**, eliminating the need for a separate sign-up page. However, if you want to have separate sign-up and sign-in pages, the sign-up and sign-in flows are equivalent, meaning that all you have to do is swap out the `SignIn` object for the `SignUp` object using the [`useSignUp()`](/docs/references/react/use-sign-up) hook.
+
+The following example:
+
+1. Accesses the [`SignIn`](/docs/references/javascript/sign-in/sign-in) object using the [`useSignIn()`](/docs/references/react/use-sign-in) hook.
+1. Starts the authentication process by calling [`SignIn.authenticateWithRedirect(params)`](/docs/references/javascript/sign-in/authenticate-with#authenticate-with-redirect). This method requires a `redirectUrl` param, which is the URL that the browser will be redirected to once the user authenticates with the identity provider.
+1. Creates a route at the URL that the `redirectUrl` param points to. The following example names this route `/sso-callback`. This route should either render the prebuilt [``](/docs/components/control/authenticate-with-callback) component or call the [`Clerk.handleRedirectCallback()`](/docs/references/javascript/clerk/handle-navigation#handle-redirect-callback) method if you're not using the prebuilt component.
+
+The following example shows two files:
+
+1. The sign-in page where the user can start the authentication flow.
+1. The SSO callback page where the flow is completed.
diff --git a/docs/_partials/expo/enterprise-sso-custom-flow.mdx b/docs/_partials/expo/enterprise-sso-custom-flow.mdx
index 1f681b55af..40aaed799e 100644
--- a/docs/_partials/expo/enterprise-sso-custom-flow.mdx
+++ b/docs/_partials/expo/enterprise-sso-custom-flow.mdx
@@ -1,10 +1,17 @@
> [!IMPORTANT]
-> Expo supports SAML Enterprise SSO, but does not support EASIE or OIDC.
+> Expo supports [SAML](/docs/authentication/enterprise-connections/overview#saml) Enterprise SSO, but does not support [OIDC](/docs/authentication/enterprise-connections/overview#oidc).
-The following example demonstrates how to create a custom SSO flow with [SAML](docs/authentication/enterprise-connections/overview#saml). In the following example, when the user selects the "Sign in with SAML" button, they'll be redirected to the provider's authentication page. Once they authenticate, they'll be redirected back to your app. If there are missing requirements, like needing to completeMFA, then the `createdSessionId` will remain `null`, and you'll need to add logic to handle the missing requirements. If there are no missing requirements, then the user will be signed in.
+The following example **will both sign up _and_ sign in users**, eliminating the need for a separate sign-up page.
+
+The following example:
+
+1. Accesses the `startSSOFlow()` method using the [`useSSO()`](/docs/references/expo/use-sso) hook.
+1. Calls the `startSSOFlow()` method with the `strategy` param set to `enterprise_sso` and the `identifier` param set to the user's email address that they provided.
+ - If authentication is successful, the `setActive()` method is called to set the active session with the new `createdSessionId`.
+ - If authentication is not successful, you can handle the missing requirements, such as MFA, using the [`signIn`](/docs/references/javascript/sign-in/sign-in) or [`signUp`](/docs/references/javascript/sign-up/sign-up) object returned from `startSSOFlow()`, depending on if the user is signing in or signing up. These objects include properties, like `status`, that can be used to determine the next steps. See the respective linked references for more information.
```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
-import React, { useCallback, useEffect, useState } from 'react'
+import React, { useEffect, useState } from 'react'
import * as WebBrowser from 'expo-web-browser'
import { useSSO } from '@clerk/clerk-expo'
import { View, Button, TextInput } from 'react-native'
@@ -29,10 +36,12 @@ export default function Page() {
const [email, setEmail] = useState('')
+ // Use the `useSSO()` hook to access the `startSSOFlow()` method
const { startSSOFlow } = useSSO()
- const onPress = useCallback(async () => {
+ const onPress = async () => {
try {
+ // Start the authentication process by calling `startSSOFlow()`
const { createdSessionId, setActive, signIn, signUp } = await startSSOFlow({
strategy: 'enterprise_sso',
identifier: email,
@@ -52,7 +61,7 @@ export default function Page() {
// for more info on error handling
console.error(JSON.stringify(err, null, 2))
}
- }, [])
+ }
return (
diff --git a/docs/_partials/expo/oauth-custom-flow.mdx b/docs/_partials/expo/oauth-custom-flow.mdx
index 9a652f467f..98d2d44682 100644
--- a/docs/_partials/expo/oauth-custom-flow.mdx
+++ b/docs/_partials/expo/oauth-custom-flow.mdx
@@ -1,42 +1,50 @@
-The following example demonstrates how to create a custom SSO flow for [Google OAuth](/docs/authentication/social-connections/google). In the following example, when the user selects the "Sign in with Google" button, they will be redirected to the Google authentication page. Once they authenticate, they will be redirected back to your app. If there are missing requirements, like they need to complete MFA, then the `createdSessionId` will remain `null`, and you'll need to add logic to handle the missing requirements. If there are no missing requirements, then the user will be signed in.
+The following example **will both sign up _and_ sign in users**, eliminating the need for a separate sign-up page.
+
+The following example:
+
+1. Accesses the `startSSOFlow()` method using the [`useSSO()`](/docs/references/expo/use-sso) hook.
+1. Calls the `startSSOFlow()` method with the `strategy` param set to `oauth_google`, but you can use any of the [supported OAuth strategies](/docs/references/javascript/types/sso#oauth-strategy).
+ - If authentication is successful, the `setActive()` method is called to set the active session with the new `createdSessionId`.
+ - If authentication is not successful, you can handle the missing requirements, such as MFA, using the [`signIn`](/docs/references/javascript/sign-in/sign-in) or [`signUp`](/docs/references/javascript/sign-up/sign-up) object returned from `startSSOFlow()`, depending on if the user is signing in or signing up. These objects include properties, like `status`, that can be used to determine the next steps. See the respective linked references for more information.
```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
-import React, { useCallback, useEffect } from 'react'
-import * as WebBrowser from 'expo-web-browser'
-import { useSSO } from '@clerk/clerk-expo'
-import { View, Button } from 'react-native'
+import React, { useCallback, useEffect } from "react";
+import * as WebBrowser from "expo-web-browser";
+import { useSSO } from "@clerk/clerk-expo";
+import { View, Button } from "react-native";
export const useWarmUpBrowser = () => {
useEffect(() => {
// Preloads the browser for Android devices to reduce authentication load time
// See: https://docs.expo.dev/guides/authentication/#improving-user-experience
- void WebBrowser.warmUpAsync()
+ void WebBrowser.warmUpAsync();
return () => {
// Cleanup: closes browser when component unmounts
- void WebBrowser.coolDownAsync()
- }
- }, [])
-}
+ void WebBrowser.coolDownAsync();
+ };
+ }, []);
+};
// Handle any pending authentication sessions
-WebBrowser.maybeCompleteAuthSession()
+WebBrowser.maybeCompleteAuthSession();
export default function Page() {
- useWarmUpBrowser()
+ useWarmUpBrowser();
// Use the `useSSO()` hook to access the `startSSOFlow()` method
- const { startSSOFlow } = useSSO()
+ const { startSSOFlow } = useSSO();
const onPress = useCallback(async () => {
try {
- // Start the OAuth process by calling `startSSOFlow()`
- const { createdSessionId, setActive, signIn, signUp } = await startSSOFlow({
- strategy: 'oauth_google',
- })
+ // Start the authentication process by calling `startSSOFlow()`
+ const { createdSessionId, setActive, signIn, signUp } =
+ await startSSOFlow({
+ strategy: "oauth_google",
+ });
// If sign in was successful, set the active session
if (createdSessionId) {
- setActive!({ session: createdSessionId })
+ setActive!({ session: createdSessionId });
} else {
// If there is no `createdSessionId`,
// there are missing requirements, such as MFA
@@ -46,14 +54,14 @@ export default function Page() {
} catch (err) {
// See https://clerk.com/docs/custom-flows/error-handling
// for more info on error handling
- console.error(JSON.stringify(err, null, 2))
+ console.error(JSON.stringify(err, null, 2));
}
- }, [])
+ }, []);
return (
- )
+ );
}
```
diff --git a/docs/custom-flows/enterprise-connections.mdx b/docs/custom-flows/enterprise-connections.mdx
index 3ab1e0534b..6453b68184 100644
--- a/docs/custom-flows/enterprise-connections.mdx
+++ b/docs/custom-flows/enterprise-connections.mdx
@@ -11,21 +11,10 @@ You must configure your application instance through the Clerk Dashboard for the
## Create the sign-up and sign-in flow
-When using Enterprise SSO, **the sign-up and sign-in flows are equivalent.** A successful Enterprise SSO authentication flow consists of the following steps:
-
-1. Access the [`SignIn`](/docs/references/javascript/sign-in/sign-in) or [`SignUp`](/docs/references/javascript/sign-up/sign-up) object using the [`useSignIn()`](/docs/references/react/use-sign-in) or [`useSignUp()`](/docs/references/react/use-sign-up) hook, respectively.
-1. Start the Enterprise SSO flow by calling [`SignIn.authenticateWithRedirect(params)`][sign-in-redirect] or [`SignUp.authenticateWithRedirect(params)`][sign-up-redirect]. Both of these methods require a `redirectUrl` param, which is the URL that the browser will be redirected to once the user authenticates with the identity provider.
-1. Create a route at the URL that the `redirectUrl` param points to. The following example names this route `/sso-callback`. This route should either call the [`Clerk.handleRedirectCallback()`](/docs/references/javascript/clerk/handle-navigation#handle-redirect-callback) method or render the prebuilt [``](/docs/components/control/authenticate-with-callback) component.
-
-The following example shows two files:
-
-1. The sign-in page where the user can start the Enterprise SSO flow.
-1. The SSO callback page where the flow is completed.
-
-{/* Does the signIn need to be awaited? If so, we should update to use try,catch */}
-
+
+
```tsx {{ filename: 'app/sign-in/page.tsx' }}
'use client'
@@ -36,14 +25,14 @@ The following example shows two files:
export default function Page() {
const { signIn, isLoaded } = useSignIn()
- const signInWithEnterpriseSSO = async (e: React.FormEvent) => {
+ const signInWithEnterpriseSSO = (e: React.FormEvent) => {
e.preventDefault()
if (!isLoaded) return null
const email = (e.target as HTMLFormElement).email.value
- await signIn
+ signIn
.authenticateWithRedirect({
identifier: email,
strategy: 'enterprise_sso',
@@ -74,8 +63,8 @@ The following example shows two files:
import { AuthenticateWithRedirectCallback } from '@clerk/nextjs'
export default function Page() {
- // Handle the redirect flow by rendering the
- // prebuilt AuthenticateWithRedirectCallback component.
+ // Handle the redirect flow by calling the Clerk.handleRedirectCallback() method
+ // or rendering the prebuilt component.
// This is the final step in the custom Enterprise SSO flow.
return
}
@@ -87,105 +76,3 @@ The following example shows two files:
-
-## Enterprise account transfer flows
-
-{/* TODO(Laura): I believe this is built in with Expo's `useSSO()` hook, so I don't think we need to add Expo example here. Is this correct? Also, I tested the above example with Nextjs: I went to /sign-in, and tried signing in with a non-existent user, and it created the user for me. So is this section even necessary? */}
-
-It is common for users who are authenticating with an enterprise account to use a sign-in button when they mean to sign-up, and vice versa. For those cases, the `SignIn` and `SignUp` objects have a `transferable` status that indicates whether the user can be transferred to the other flow.
-
-**If you would like to keep your sign-in and sign-up flows completely separate, then you can skip this section.**
-
-The following example demonstrates how to handle these cases in your sign-in flow. To apply the same logic to the sign-up flow, simply replace [`signIn.authenticateWithRedirect()`][sign-in-redirect] with [`signUp.authenticateWithRedirect()`][sign-up-redirect] in your code.
-
-
-
- ```tsx {{ filename: 'app/sign-in/page.tsx', collapsible: true }}
- 'use client'
-
- import * as React from 'react'
- import { useSignIn, useSignUp } from '@clerk/nextjs'
-
- export default function Page() {
- const { signIn } = useSignIn()
- const { signUp, setActive } = useSignUp()
-
- if (!signIn || !signUp) return null
-
- const signInWithEnterpriseSSO = (e: React.FormEvent) => {
- e.preventDefault()
-
- const email = (e.target as HTMLFormElement).email.value
-
- signIn
- .authenticateWithRedirect({
- identifier: email,
- strategy: 'enterprise_sso',
- redirectUrl: '/sign-in/sso-callback',
- redirectUrlComplete: '/',
- })
- .then((res) => {
- console.log(res)
- })
- .catch((err: any) => {
- console.log(err.errors)
- console.error(err, null, 2)
- })
- }
-
- async function handleSignIn(e: React.FormEvent) {
- if (!signIn || !signUp) return null
-
- // If the user has an account in your application, but does not yet
- // have a enterprise account connected to it, you can transfer the enterprise
- // account to the existing user account.
- const userExistsButNeedsToSignIn =
- signUp.verifications.externalAccount.status === 'transferable' &&
- signUp.verifications.externalAccount.error?.code === 'external_account_exists'
-
- if (userExistsButNeedsToSignIn) {
- const res = await signIn.create({ transfer: true })
-
- if (res.status === 'complete') {
- setActive({
- session: res.createdSessionId,
- })
- }
- }
-
- // If the user has a enterprise account but does not yet
- // have an account in your app, you can create an account
- // for them using the enterprise account's information.
- const userNeedsToBeCreated = signIn.firstFactorVerification.status === 'transferable'
-
- if (userNeedsToBeCreated) {
- const res = await signUp.create({
- transfer: true,
- })
-
- if (res.status === 'complete') {
- setActive({
- session: res.createdSessionId,
- })
- }
- } else {
- // If the user has an account in your application
- // and has an enterprise account connected to it, you can sign them in.
- signInWithEnterpriseSSO(e)
- }
- }
-
- return (
-
- )
- }
- ```
-
-
-
-[sign-in-redirect]: /docs/references/javascript/sign-in/authenticate-with#authenticate-with-redirect
-
-[sign-up-redirect]: /docs/references/javascript/sign-up/authenticate-with#authenticate-with-redirect
diff --git a/docs/custom-flows/oauth-connections.mdx b/docs/custom-flows/oauth-connections.mdx
index 880d9a6462..c6454ab04d 100644
--- a/docs/custom-flows/oauth-connections.mdx
+++ b/docs/custom-flows/oauth-connections.mdx
@@ -7,23 +7,13 @@ description: Learn how to use the Clerk API to build a custom sign-up and sign-i
## Before you start
-You must configure your application instance through the Clerk Dashboard for the social connection(s) that you want to use, as described at [the top of the OAuth guide](/docs/authentication/social-connections/oauth#configuration).
+You must configure your application instance through the Clerk Dashboard for the social connection(s) that you want to use. Visit [the appropriate guide for your platform](/docs/authentication/social-connections/overview) to learn how to configure your instance.
## Create the sign-up and sign-in flow
-When using OAuth, the sign-up and sign-in flows are equivalent.
-
- A successful OAuth flow consists of the following steps:
-
- 1. Start the OAuth flow by calling [`SignIn.authenticateWithRedirect(params)`](/docs/references/javascript/sign-in/authenticate-with#authenticate-with-redirect) or [`SignUp.authenticateWithRedirect(params)`](/docs/references/javascript/sign-up/authenticate-with#authenticate-with-redirect). Both of these methods require a `redirectUrl` param, which is the URL that the browser will be redirected to once the user authenticates with the OAuth provider.
- 1. Create a route at the URL that the `redirectUrl` param points to. The following example names this route `/sso-callback`. This route should call the [`Clerk.handleRedirectCallback()`](/docs/references/javascript/clerk/handle-navigation#handle-redirect-callback) method or simply render the prebuilt [``](/docs/components/control/authenticate-with-callback) component.
-
- The following example shows two files:
-
- 1. The sign-in page where the user can start the OAuth flow.
- 1. The SSO callback page where the OAuth flow is completed.
+
```tsx {{ filename: 'app/sign-in/page.tsx' }}
@@ -70,8 +60,8 @@ When using OAuth, the sign-up and sign-in flows are equivalent.
import { AuthenticateWithRedirectCallback } from '@clerk/nextjs'
export default function SSOCallback() {
- // Handle the redirect flow by rendering the
- // prebuilt AuthenticateWithRedirectCallback component.
+ // Handle the redirect flow by calling the Clerk.handleRedirectCallback() method
+ // or rendering the prebuilt component.
// This is the final step in the custom OAuth flow.
return
}
@@ -148,108 +138,3 @@ When using OAuth, the sign-up and sign-in flows are equivalent.
```
-
-## OAuth account transfer flows
-
-It is common for users who are authenticating with OAuth to use a sign-in button when they mean to sign-up, and vice versa. For those cases, the `SignIn` and `SignUp` objects have a `transferable` status that indicates whether the user can be transferred to the other flow.
-
-**If you would like to keep your sign-in and sign-up flows completely separate, then you can skip this section.**
-
-The following example demonstrates how to handle these cases in your sign-in flow. To apply the same logic to the sign-up flow, simply replace `signIn.authenticateWithRedirect()` with `signUp.authenticateWithRedirect()` in your code.
-
-
-
- ```tsx {{ filename: 'app/sign-in/page.tsx', collapsible: true }}
- 'use client'
-
- import * as React from 'react'
- import { OAuthStrategy } from '@clerk/types'
- import { useSignIn, useSignUp } from '@clerk/nextjs'
-
- export default function OauthSignIn() {
- const { signIn } = useSignIn()
- const { signUp, setActive } = useSignUp()
-
- if (!signIn || !signUp) return null
-
- const signInWith = (strategy: OAuthStrategy) => {
- return signIn.authenticateWithRedirect({
- strategy,
- redirectUrl: '/sign-up/sso-callback',
- redirectUrlComplete: '/',
- })
- }
-
- async function handleSignIn(strategy: OAuthStrategy) {
- if (!signIn || !signUp) return null
-
- // If the user has an account in your application, but does not yet
- // have an OAuth account connected to it, you can transfer the OAuth
- // account to the existing user account.
- const userExistsButNeedsToSignIn =
- signUp.verifications.externalAccount.status === 'transferable' &&
- signUp.verifications.externalAccount.error?.code === 'external_account_exists'
-
- if (userExistsButNeedsToSignIn) {
- const res = await signIn.create({ transfer: true })
-
- if (res.status === 'complete') {
- setActive({
- session: res.createdSessionId,
- })
- }
- }
-
- // If the user has an OAuth account but does not yet
- // have an account in your app, you can create an account
- // for them using the OAuth information.
- const userNeedsToBeCreated = signIn.firstFactorVerification.status === 'transferable'
-
- if (userNeedsToBeCreated) {
- const res = await signUp.create({
- transfer: true,
- })
-
- if (res.status === 'complete') {
- setActive({
- session: res.createdSessionId,
- })
- }
- } else {
- // If the user has an account in your application
- // and has an OAuth account connected to it, you can sign them in.
- signInWith(strategy)
- }
- }
-
- // Render a button for each supported OAuth provider
- // you want to add to your app. This example uses only Google.
- return (
-
-
-
- )
- }
- ```
-
-
-
- ```swift {{ filename: 'OAuthView.swift', collapsible: true }}
- // If a user attempted to sign in but doesn't have an account,
- // Clerk will try to handle the transfer to sign up for you.
- // If that's not possible (i.e. maybe signing up requires a CAPTCHA Token),
- // authenticateWithRedirect() will return the original sign in to you
- // so you can manually perform the transfer to sign up.
-
- // Check if the sign in needs to be transferred to a sign up
- if let signIn = externalAuthResult?.signIn,
- signIn.firstFactorVerification?.status == .transferable {
- // Create a new sign up with the strategy `.transfer`
- let signUp = try await SignUp.create(
- strategy: .transfer,
- captchaToken: "TOKEN"
- )
- }
- ```
-
-
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index 9606fae5b0..26964b5938 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -23,7 +23,7 @@ function startSSOFlow(startSSOFlowParams: StartSSOFlowParams): Promise
- `strategy`
- - `'oauth_'` | `'enterprise_sso'`
+ - [`OAuthStrategy`](/docs/references/javascript/types/sso#oauth-strategy) | [`EnterpriseSSOStrategy`](/docs/references/javascript/types/sso#enterprise-sso-strategy)
The strategy to use for authentication. The following strategies are supported:
@@ -86,10 +86,7 @@ function startSSOFlow(startSSOFlowParams: StartSSOFlowParams): Promise
-
-### With Enterprise SSO
-
-
+- [OAuth custom flow](/docs/references/expo/oauth-custom-flow)
+- [Enterprise SSO custom flow](/docs/references/expo/enterprise-sso-custom-flow)
From 5a8a7f9b7cd37f3fb227eb840a8324ff99f69888 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Tue, 4 Feb 2025 18:59:30 -0300
Subject: [PATCH 24/25] Add reference for `authSessionResult`
---
docs/references/expo/use-sso.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index 26964b5938..763ec8df30 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -60,7 +60,7 @@ function startSSOFlow(startSSOFlowParams: StartSSOFlowParams): Promise
Date: Tue, 4 Feb 2025 19:07:05 -0300
Subject: [PATCH 25/25] Fix linting and formatting
---
docs/_partials/expo/oauth-custom-flow.mdx | 39 +++++++++++------------
docs/references/expo/use-sso.mdx | 4 +--
2 files changed, 21 insertions(+), 22 deletions(-)
diff --git a/docs/_partials/expo/oauth-custom-flow.mdx b/docs/_partials/expo/oauth-custom-flow.mdx
index 98d2d44682..242c7840dc 100644
--- a/docs/_partials/expo/oauth-custom-flow.mdx
+++ b/docs/_partials/expo/oauth-custom-flow.mdx
@@ -8,43 +8,42 @@ The following example:
- If authentication is not successful, you can handle the missing requirements, such as MFA, using the [`signIn`](/docs/references/javascript/sign-in/sign-in) or [`signUp`](/docs/references/javascript/sign-up/sign-up) object returned from `startSSOFlow()`, depending on if the user is signing in or signing up. These objects include properties, like `status`, that can be used to determine the next steps. See the respective linked references for more information.
```tsx {{ filename: 'app/(auth)/sign-in.tsx', collapsible: true }}
-import React, { useCallback, useEffect } from "react";
-import * as WebBrowser from "expo-web-browser";
-import { useSSO } from "@clerk/clerk-expo";
-import { View, Button } from "react-native";
+import React, { useCallback, useEffect } from 'react'
+import * as WebBrowser from 'expo-web-browser'
+import { useSSO } from '@clerk/clerk-expo'
+import { View, Button } from 'react-native'
export const useWarmUpBrowser = () => {
useEffect(() => {
// Preloads the browser for Android devices to reduce authentication load time
// See: https://docs.expo.dev/guides/authentication/#improving-user-experience
- void WebBrowser.warmUpAsync();
+ void WebBrowser.warmUpAsync()
return () => {
// Cleanup: closes browser when component unmounts
- void WebBrowser.coolDownAsync();
- };
- }, []);
-};
+ void WebBrowser.coolDownAsync()
+ }
+ }, [])
+}
// Handle any pending authentication sessions
-WebBrowser.maybeCompleteAuthSession();
+WebBrowser.maybeCompleteAuthSession()
export default function Page() {
- useWarmUpBrowser();
+ useWarmUpBrowser()
// Use the `useSSO()` hook to access the `startSSOFlow()` method
- const { startSSOFlow } = useSSO();
+ const { startSSOFlow } = useSSO()
const onPress = useCallback(async () => {
try {
// Start the authentication process by calling `startSSOFlow()`
- const { createdSessionId, setActive, signIn, signUp } =
- await startSSOFlow({
- strategy: "oauth_google",
- });
+ const { createdSessionId, setActive, signIn, signUp } = await startSSOFlow({
+ strategy: 'oauth_google',
+ })
// If sign in was successful, set the active session
if (createdSessionId) {
- setActive!({ session: createdSessionId });
+ setActive!({ session: createdSessionId })
} else {
// If there is no `createdSessionId`,
// there are missing requirements, such as MFA
@@ -54,14 +53,14 @@ export default function Page() {
} catch (err) {
// See https://clerk.com/docs/custom-flows/error-handling
// for more info on error handling
- console.error(JSON.stringify(err, null, 2));
+ console.error(JSON.stringify(err, null, 2))
}
- }, []);
+ }, [])
return (
- );
+ )
}
```
diff --git a/docs/references/expo/use-sso.mdx b/docs/references/expo/use-sso.mdx
index 763ec8df30..b8a6d7a938 100644
--- a/docs/references/expo/use-sso.mdx
+++ b/docs/references/expo/use-sso.mdx
@@ -88,5 +88,5 @@ function startSSOFlow(startSSOFlowParams: StartSSOFlowParams): Promise