javascript icon indicating copy to clipboard operation
javascript copied to clipboard

Published 20 hours ago verified publisher icon clerk

No way to skip authentication with Clerk + Remix

Open tmcw opened this issue 1 year ago • 2 comments

Preliminary Checks

  • [X] I have reviewed the documentation: https://clerk.com/docs
  • [X] I have searched for existing issues: https://github.com/clerk/javascript/issues
  • [X] I have not already reached out to Clerk support via email or Discord (if you have, no need to open an issue here)
  • [X] This issue is not a question, general help request, or anything other than a bug report directly related to Clerk. Please ask questions in our Discord community: https://clerk.com/discord.

Reproduction / Replay Link

.

Publishable key

.

Description

We've been suffering from the various remix issues and have an app that supports iframe embeds. Clerk does not work with iframe embeds at all - it produces a 401 and breaks. Ideally, Clerk wouldn't break when used inside of iframes. But, sparing that, it would be nice if we could disable Clerk for certain routes.

We got recommended to something like this:

export const loader = (args: LoaderFunctionArgs) => {
  const u = new URL(args.request.url);
  // If we're loading an embed path, skip authentication
  // because of Clerk's quality problems.
  if (u.pathname.startsWith("/embed")) {
    return loaderInner({
      ...args,
      request: {
        ...args.request,
        auth: {
          // Faking the request just in case a downstream
          // loader expects realism
          sessionClaims: {} as any,
          userId: null,
          orgId: null,
          debug: false as any,
          orgRole: null,
        } as any,
      },
    } satisfies LoaderFunctionArgsWithAuth);
  } else {
    return rootAuthLoader(args, loaderInner);
  }
};

To resolve this without an update on Clerk's end, but that produces the error message:

🔒 Clerk: Looks like you didn't pass 'clerkState' to "".
 
Use 'rootAuthLoader' as your root loader. Then, simply wrap the App component with ClerkApp and make it the default export.
Example:

So, in short:

  • Clerk doesn't work in iframes. When it renders an interstitial, it breaks the page.
  • We'd love for it to work in iframes, but if not, for it to be disable'able on specific routes, like it appears it is for Next.js

Steps to reproduce:

  1. Embed a page that uses clerk
  2. Have an expired session

Expected behavior:

Clerk shouldn't authenticate in the iframe.

Actual behavior:

It does and breaks the iframe environment

Environment

@remix-run/dev: 2.8.0 => 2.8.0
    @remix-run/eslint-config: 2.6.0 => 2.8.0
    @remix-run/node: 2.6.0 => 2.8.0
    @remix-run/react: 2.6.0 => 2.8.0
    @remix-run/serve: 2.6.0 => 2.8.0
    @clerk/backend: ^0.38.3 => 0.38.3
    @clerk/clerk-sdk-node: ^4.13.11 => 4.13.11
    @clerk/remix: ^3.1.21 => 3.1.21

tmcw avatar Mar 05 '24 22:03 tmcw