Add changeset

Author: LauraBeatris

.changeset/flat-papers-begin.md

@@ -0,0 +1,16 @@
+---
+'@clerk/backend': minor
+'@clerk/express': minor
+---
+
+Introduce `treatPendingAsSignedOut` option to `getAuth`
+
+```ts
+// `pending` sessions will be treated as signed-out by default
+const { userId } = getAuth(req)
+```
+
+```ts
+// Both `active` and `pending` sessions will be treated as authenticated when `treatPendingAsSignedOut` is false
+const { userId } = getAuth(req, { treatPendingAsSignedOut: false })
+```

packages/backend/src/tokens/authStatus.ts

@@ -99,7 +99,7 @@ export function signedIn(
     afterSignInUrl: authenticateContext.afterSignInUrl || '',
     afterSignUpUrl: authenticateContext.afterSignUpUrl || '',
     isSignedIn: true,
-    // @ts-expect-error Dynamically return `SignedOutAuthObject` based on options
+    // @ts-expect-error The return type is intentionally overridden here to support consumer-facing logic that treats pending sessions as signed out. This override does not affect internal session management like handshake flows.
     toAuth: ({ treatPendingAsSignedOut = true } = {}) => {
       if (treatPendingAsSignedOut && authObject.sessionStatus === 'pending') {
         return signedOutAuthObject(undefined, authObject.sessionStatus);

packages/express/src/getAuth.ts

@@ -20,6 +20,5 @@ export const getAuth = (req: ExpressRequest, options?: GetAuthOptions): AuthObje
     throw new Error(middlewareRequired('getAuth'));
   }
 
-  // this has to receive an option
   return req.auth(options);
 };