yen
Reputation: 2332
Clerk auth middleware settings
On this page
This example is given for using authorizedParties for extra security:
clerkMiddleware({
authorizedParties: ['https://example.com'],
})
But In the code I have to update, I have:
const isProtectedRoute = createRouteMatcher(['/movies(.*)', '/producers(.*)'])
export default clerkMiddleware(async (auth, req) => {
if (isProtectedRoute(req)) await auth.protect()
})
export const config = {
matcher: [
...
],
}
Question 1
I can't tell from the docs if authorizedParties is supposed to be part of the config (i.e. a the same level as matcher) or if it's part of the clerkMiddleware instance itself? I feel like it's the latter but not sure how to set it?
update: never mind, turns out with the second param to clerkMiddleware() u can set needed options
Question 2
Should the authorizedParties list include:
- just the application url?
- the application url plus all the clerk subdomains we had to create CNAMES for, when creating the production instance?
- all the above plus e.g. localhost:3000 for local dev? (I'm thinking no, except for local dev)
Question 3
Is it correct to use both createRouteMatcher() and matcher ? Seems like they are trying to do the same thing and I may have been referencing 2 conflicting docs?
Upvotes: 0
Views: 34
Answers (0)
Related Questions
- Clerk + Convex Auth
- How to add proxy for Clerk auth in Next.js/Vercel app?
- Clerk middleware afterAuth(auth, req), auth status is always signed-out
- NextJs multi-tenant middleware with Clerk Auth Middleware
- Issue with Clerk auth() helper
- NextJs with Clerk Auth. Uncaught (in promise) Error: Clerk: Failed to load Clerk
- Why do we need middleware for async flow in Redux?
- Remove fragment in URL with JavaScript w/out causing page reload
- Can I find the class name of a argument of the a function in javascript?