starred/vinext
1
0
Fork 0
mirror of https://github.com/cloudflare/vinext.git synced 2026-05-09 08:25:34 +02:00
Code Issues 101 Projects Packages Wiki Activity

[GH-ISSUE #73] Docs: recommended Clerk auth migration pattern (@clerk/backend + @clerk/react) #19

New issue
Open
opened 2026-05-06 12:36:33 +02:00 by BreizhHardware · 5 comments
BreizhHardware commented 2026-05-06 12:36:33 +02:00
Owner
Copy link

Originally created by @solracnyc on GitHub (Feb 25, 2026).
Original GitHub issue: https://github.com/cloudflare/vinext/issues/73

Context

vinext's compatibility map correctly flags @clerk/nextjs as unsupported. We hit this during migration — import { auth } from '@clerk/nextjs/server' crashes with require is not defined because the ESM build has a CJS dependency chain (require("server-only")).

We successfully migrated by splitting Clerk usage into two packages that work cleanly with vinext:

  • Server-side auth: @clerk/backendverifyToken() for JWKS-verified JWT auth, createClerkClient() for the Clerk API
  • Client-side components: @clerk/react (via @clerk/nextjs client-only imports like ClerkProvider, SignIn, useAuth) — these already work fine since they're React components, not server imports
  • Middleware: clerkMiddleware from @clerk/nextjs/server still works in proxy.ts since vinext handles middleware in a separate context

What we built

A drop-in auth() replacement (~60 lines) that:

  1. Reads x-clerk-auth-token and x-clerk-auth-status headers (set by clerkMiddleware)
  2. Verifies the JWT cryptographically via @clerk/backend's verifyToken() (JWKS cached after first call)
  3. Returns the same shape as @clerk/nextjs/server's auth()userId, orgId, orgRole, has(), redirectToSignIn()

This let us swap import { auth } from '@clerk/nextjs/server'import { auth } from '@/lib/auth' across 16 files with zero behavior change. All 197 tests pass with the same mock shapes.

Request

Would it be helpful to document this pattern in vinext's docs or compatibility guide? Clerk is a popular auth provider for Next.js apps, so other users migrating to vinext will likely hit the same issue. We're happy to contribute a docs PR if there's interest.

Environment

  • vinext: 0.0.8
  • @clerk/nextjs: 6.36.5
  • @clerk/backend: 2.29.0
  • Next.js: 16.1.6
Originally created by @solracnyc on GitHub (Feb 25, 2026). Original GitHub issue: https://github.com/cloudflare/vinext/issues/73 ## Context vinext's compatibility map correctly flags `@clerk/nextjs` as unsupported. We hit this during migration — `import { auth } from '@clerk/nextjs/server'` crashes with `require is not defined` because the ESM build has a CJS dependency chain (`require("server-only")`). We successfully migrated by splitting Clerk usage into two packages that work cleanly with vinext: - **Server-side auth**: `@clerk/backend` — `verifyToken()` for JWKS-verified JWT auth, `createClerkClient()` for the Clerk API - **Client-side components**: `@clerk/react` (via `@clerk/nextjs` client-only imports like `ClerkProvider`, `SignIn`, `useAuth`) — these already work fine since they're React components, not server imports - **Middleware**: `clerkMiddleware` from `@clerk/nextjs/server` still works in `proxy.ts` since vinext handles middleware in a separate context ## What we built A drop-in `auth()` replacement (~60 lines) that: 1. Reads `x-clerk-auth-token` and `x-clerk-auth-status` headers (set by `clerkMiddleware`) 2. Verifies the JWT cryptographically via `@clerk/backend`'s `verifyToken()` (JWKS cached after first call) 3. Returns the same shape as `@clerk/nextjs/server`'s `auth()` — `userId`, `orgId`, `orgRole`, `has()`, `redirectToSignIn()` This let us swap `import { auth } from '@clerk/nextjs/server'` → `import { auth } from '@/lib/auth'` across 16 files with zero behavior change. All 197 tests pass with the same mock shapes. ## Request Would it be helpful to document this pattern in vinext's docs or compatibility guide? Clerk is a popular auth provider for Next.js apps, so other users migrating to vinext will likely hit the same issue. We're happy to contribute a docs PR if there's interest. ## Environment - **vinext**: 0.0.8 - **@clerk/nextjs**: 6.36.5 - **@clerk/backend**: 2.29.0 - **Next.js**: 16.1.6
BreizhHardware commented 2026-05-06 12:36:34 +02:00
Author
Owner
Copy link

@SuperJakov commented on GitHub (Feb 26, 2026):

If possible, it would be much better if we got require() support

<!-- gh-comment-id:3965975528 --> @SuperJakov commented on GitHub (Feb 26, 2026): If possible, it would be much better if we got `require()` support
BreizhHardware commented 2026-05-06 12:36:34 +02:00
Author
Owner
Copy link

@solracnyc commented on GitHub (Feb 28, 2026):

Agreed — native require() support would be the cleanest path. Great to see @nikosdouvlis already tackling this on the Clerk side with clerk/javascript#7954, which makes @clerk/nextjs ESM-safe for non-Node.js runtimes like Workers/vinext.

We'll test with the new @clerk/nextjs version once it ships. If it works cleanly, the docs PR we offered may not be needed — or could be simplified to a one-liner in the compatibility notes.

In the meantime, our @clerk/backend adapter pattern (~60 lines) works today for anyone who needs Clerk auth on vinext before that fix lands. Happy to contribute docs if it's still useful.

<!-- gh-comment-id:3976500472 --> @solracnyc commented on GitHub (Feb 28, 2026): Agreed — native `require()` support would be the cleanest path. Great to see @nikosdouvlis already tackling this on the Clerk side with clerk/javascript#7954, which makes `@clerk/nextjs` ESM-safe for non-Node.js runtimes like Workers/vinext. We'll test with the new `@clerk/nextjs` version once it ships. If it works cleanly, the docs PR we offered may not be needed — or could be simplified to a one-liner in the compatibility notes. In the meantime, our `@clerk/backend` adapter pattern (~60 lines) works today for anyone who needs Clerk auth on vinext before that fix lands. Happy to contribute docs if it's still useful.
BreizhHardware commented 2026-05-06 12:36:34 +02:00
Author
Owner
Copy link

@zebp commented on GitHub (Mar 1, 2026):

This should be fixed with #198 which landed in v0.0.16, please give it another try

<!-- gh-comment-id:3979885689 --> @zebp commented on GitHub (Mar 1, 2026): This should be fixed with #198 which landed in v0.0.16, please give it another try
BreizhHardware commented 2026-05-06 12:36:34 +02:00
Author
Owner
Copy link

@nikosdouvlis commented on GitHub (Mar 2, 2026):

Thanks a lot for initial exploration @solracnyc :) we plan to tackle this one the Clerk side with changes in @clerk/nextjs (or a new package, I can't share details yet as I'm still exploring our options).

As for the require fix in 0.0.16 is definitely a step towards the right direction, thank you @zebp!

Posting here for visibility as I haven't been able to dive deeper yet (plan to work on this more within the next few hours), but I'm still getting the following error running vite dev (same results when trying to deploy to CF Workers):

require is not defined
    at src/runtime/node/safe-node-apis.js (/Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/@clerk+nextjs@7.0.0-canary.v20260227223209_next@16.1.6_react-dom@19.2.4_react@19.2.4__r_b01c410657eca58d465360d2432c5a2b/node_modules/@clerk/nextjs/src/runtime/node/safe-node-apis.js:5:88)
    at __require (/Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/@clerk+nextjs@7.0.0-canary.v20260227223209_next@16.1.6_react-dom@19.2.4_react@19.2.4__r_b01c410657eca58d465360d2432c5a2b/node_modules/@clerk/nextjs/dist/esm/chunk-BUSYA2B4.js?v=73173554:6:50)
    at eval (/Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/@clerk+nextjs@7.0.0-canary.v20260227223209_next@16.1.6_react-dom@19.2.4_react@19.2.4__r_b01c410657eca58d465360d2432c5a2b/node_modules/@clerk/nextjs/src/runtime/node/safe-node-apis.js:19:34)
    at async ESModulesEvaluator.runInlinedModule (file:///Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/vite@7.3.1_@types+node@20.19.35_terser@5.46.0/node_modules/vite/dist/node/module-runner.js:913:3)
    at async ModuleRunner.directRequest (file:///Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/vite@7.3.1_@types+node@20.19.35_terser@5.46.0/node_modules/vite/dist/node/module-runner.js:1146:59)
    at async ModuleRunner.cachedRequest (file:///Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/vite@7.3.1_@types+node@20.19.35_terser@5.46.0/node_modules/vite/dist/node/module-runner.js:1053:73)
    at async eval (/Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/@clerk+nextjs@7.0.0-canary.v20260227223209_next@16.1.6_react-dom@19.2.4_react@19.2.4__r_b01c410657eca58d465360d2432c5a2b/node_modules/@clerk/nextjs/src/server/fs/utils.ts:5:1)
    at async ESModulesEvaluator.runInlinedModule (file:///Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/vite@7.3.1_@types+node@20.19.35_terser@5.46.0/node_modules/vite/dist/node/module-runner.js:913:3)
    at async ModuleRunner.directRequest (file:///Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/vite@7.3.1_@types+node@20.19.35_terser@5.46.0/node_modules/vite/dist/node/module-runner.js:1146:59)
    at async ModuleRunner.cachedRequest (file:///Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/vite@7.3.1_@types+node@20.19.35_terser@5.46.0/node_modules/vite/dist/node/module-runner.js:1053:73)

The test app above uses vintext@0.0.18 and @clerk/nextjs@canary - build passes with the changes from https://github.com/clerk/javascript/pull/7954 but we still have middleware-level compat issues of course.

<!-- gh-comment-id:3984911517 --> @nikosdouvlis commented on GitHub (Mar 2, 2026): Thanks a lot for initial exploration @solracnyc :) we plan to tackle this one the Clerk side with changes in `@clerk/nextjs` (or a new package, I can't share details yet as I'm still exploring our options). As for the `require` fix in `0.0.16` is definitely a step towards the right direction, thank you @zebp! Posting here for visibility as I haven't been able to dive deeper yet (plan to work on this more within the next few hours), but I'm still getting the following error running `vite dev` (same results when trying to deploy to CF Workers): ```ts require is not defined at src/runtime/node/safe-node-apis.js (/Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/@clerk+nextjs@7.0.0-canary.v20260227223209_next@16.1.6_react-dom@19.2.4_react@19.2.4__r_b01c410657eca58d465360d2432c5a2b/node_modules/@clerk/nextjs/src/runtime/node/safe-node-apis.js:5:88) at __require (/Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/@clerk+nextjs@7.0.0-canary.v20260227223209_next@16.1.6_react-dom@19.2.4_react@19.2.4__r_b01c410657eca58d465360d2432c5a2b/node_modules/@clerk/nextjs/dist/esm/chunk-BUSYA2B4.js?v=73173554:6:50) at eval (/Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/@clerk+nextjs@7.0.0-canary.v20260227223209_next@16.1.6_react-dom@19.2.4_react@19.2.4__r_b01c410657eca58d465360d2432c5a2b/node_modules/@clerk/nextjs/src/runtime/node/safe-node-apis.js:19:34) at async ESModulesEvaluator.runInlinedModule (file:///Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/vite@7.3.1_@types+node@20.19.35_terser@5.46.0/node_modules/vite/dist/node/module-runner.js:913:3) at async ModuleRunner.directRequest (file:///Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/vite@7.3.1_@types+node@20.19.35_terser@5.46.0/node_modules/vite/dist/node/module-runner.js:1146:59) at async ModuleRunner.cachedRequest (file:///Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/vite@7.3.1_@types+node@20.19.35_terser@5.46.0/node_modules/vite/dist/node/module-runner.js:1053:73) at async eval (/Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/@clerk+nextjs@7.0.0-canary.v20260227223209_next@16.1.6_react-dom@19.2.4_react@19.2.4__r_b01c410657eca58d465360d2432c5a2b/node_modules/@clerk/nextjs/src/server/fs/utils.ts:5:1) at async ESModulesEvaluator.runInlinedModule (file:///Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/vite@7.3.1_@types+node@20.19.35_terser@5.46.0/node_modules/vite/dist/node/module-runner.js:913:3) at async ModuleRunner.directRequest (file:///Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/vite@7.3.1_@types+node@20.19.35_terser@5.46.0/node_modules/vite/dist/node/module-runner.js:1146:59) at async ModuleRunner.cachedRequest (file:///Users/nikos/Projects/vinext-clerk-smoke-v2/node_modules/.pnpm/vite@7.3.1_@types+node@20.19.35_terser@5.46.0/node_modules/vite/dist/node/module-runner.js:1053:73) ``` The test app above uses `vintext@0.0.18` and `@clerk/nextjs@canary` - build passes with the changes from https://github.com/clerk/javascript/pull/7954 but we still have middleware-level compat issues of course.
BreizhHardware commented 2026-05-06 12:36:35 +02:00
Author
Owner
Copy link

@solracnyc commented on GitHub (Mar 6, 2026):

Thanks @zebp! We're currently pinned to ~0.0.15 in production. We'll retest on a preview branch against the latest vinext release (0.0.21) and report back with dev/build/deploy results for native @clerk/nextjs on Workers.

We're also tracking clerk/javascript#7954 — noted that @nikosdouvlis reported build passes but vite dev and Workers deploy still fail as of vinext 0.0.18 + canary Clerk. Will include that combination in our test matrix.

<!-- gh-comment-id:4008870491 --> @solracnyc commented on GitHub (Mar 6, 2026): Thanks @zebp! We're currently pinned to `~0.0.15` in production. We'll retest on a preview branch against the latest vinext release (0.0.21) and report back with dev/build/deploy results for native `@clerk/nextjs` on Workers. We're also tracking clerk/javascript#7954 — noted that @nikosdouvlis reported build passes but `vite dev` and Workers deploy still fail as of vinext 0.0.18 + canary Clerk. Will include that combination in our test matrix.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
alt/prerender-rsc-sidechannel
codex/pages-router-suite-main
claude/dev-socket-emit-patch
james/wip-agent-test
codex/fix-wrangler-suspense-streaming
hrushikesh/add-semgrep-oss-workflow
fix/preload-link-header-uses-served-url
fix/isr-always-mark-dynamic-with-searchparams
fix/strip-set-cookie-from-app-route-isr-cache-clean
fix/app-pages-fallback-sees-middleware-overrides-v2
opencode/misty-river
opencode/calm-meadow
codex/pages-router-cjs-node-modules
codex/refresh-ai-docs-vp-vite8
fix/suspense-flash-navigation-639
fix/issue-589
fix/route-handler-dynamic-detection-v3
fix/route-handler-dynamic-detection-v2
fix/route-handler-dynamic-detection
opencode/quiet-nebula
fix/include-query-in-route-handler-isr-key
fix/block-dangerous-uri-schemes
fix/use-post-middleware-context-for-headers
opencode/playful-mountain
opencode/quiet-sailor
feat/payload-cms-fixture
feat/static-prerender-build
opencode/cosmic-knight
fix/isr-stream-tee-no-double-render
codex/wrangler-auth-ux
docs/update-contributing
improve/vitest-workspace-split
feat/auto-pr-review
docs/skills-field-learnings
feat/nuqs-e2e-clean
feat/next-font-implementation
fix/rsc-navigation-credentials
chonky-list
fix/cli-version
ci/commit-version-bump
ci/publish-chat-notification
opencode/mighty-mountain
fix/rsc-optimizedeps-react-server
v0.0.49
v0.0.48
v0.0.47
v0.0.46
v0.0.45
v0.0.44
v0.0.43
v0.0.42
v0.0.41
v0.0.40
v0.0.39
v0.0.38
v0.0.37
v0.0.36
v0.0.35
v0.0.34
v0.0.33
v0.0.32
v0.0.31
v0.0.30
v0.0.29
v0.0.28
v0.0.27
v0.0.26
v0.0.25
v0.0.24
v0.0.23
v0.0.22
v0.0.21
v0.0.20
v0.0.19
v0.0.18
v0.0.17
v0.0.16
v0.0.15
v0.0.14
v0.0.13
v0.0.12
v0.0.11
v0.0.10
v0.0.9
v0.0.8
v0.0.7
v0.0.6
Labels
Clear labels   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
nextjs-tracking

   
nextjs-tracking

   
pull-request
Mirrored from GitHub Pull Request

No labels
enhancement
enhancement
good first issue
help wanted
nextjs-tracking
nextjs-tracking
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vinext#19
No description provided.