Bump @clerk/backend from 1.34.0 to 2.0.0

[dependabot]

Bumps @clerk/backend from 1.34.0 to 2.0.0.

Release notes

Sourced from @​clerk/backend's releases.

@​clerk/backend@​2.0.0

Major Changes

• Introduces machine authentication, supporting four token types: api_key, oauth_token, machine_token, and session_token. For backwards compatibility, session_token remains the default when no token type is specified. This enables machine-to-machine authentication and use cases such as API keys and OAuth integrations. Existing applications continue to work without modification. (#5689) by @​wobsoriano

  You can specify which token types are allowed by using the acceptsToken option in the authenticateRequest() function. This option can be set to a specific type, an array of types, or 'any' to accept all supported tokens.

  Example usage:

  import express from 'express';
  import { clerkClient } from '@clerk/backend';
  const app = express();
  app.use(async (req, res, next) => {
  const requestState = await clerkClient.authenticateRequest(req, {
  acceptsToken: 'any',
  });
  if (!requestState.isAuthenticated) {
  // do something for unauthenticated requests
  }
  const authObject = requestState.toAuth();
  if (authObject.tokenType === 'session_token') {
  console.log('this is session token from a user');
  } else {
  console.log('this is some other type of machine token');
  console.log('more specifically, a ' + authObject.tokenType);
  }
  // Attach the auth object to locals so downstream handlers
  // and middleware can access it
  res.locals.auth = authObject;
  next();
  });

Minor Changes

• The svix dependency is no longer needed when using the verifyWebhook() function. verifyWebhook() was refactored to not rely on svix anymore while keeping the same functionality and behavior. (#6059) by @​royanger

  If you previously installed svix to use verifyWebhook() you can uninstall it now:

  npm uninstall svix

... (truncated)

Changelog

Sourced from @​clerk/backend's changelog.

2.0.0

Major Changes

• Introduces machine authentication, supporting four token types: api_key, oauth_token, machine_token, and session_token. For backwards compatibility, session_token remains the default when no token type is specified. This enables machine-to-machine authentication and use cases such as API keys and OAuth integrations. Existing applications continue to work without modification. (#5689) by @​wobsoriano

  You can specify which token types are allowed by using the acceptsToken option in the authenticateRequest() function. This option can be set to a specific type, an array of types, or 'any' to accept all supported tokens.

  Example usage:

  import express from 'express';
  import { clerkClient } from '@clerk/backend';
  const app = express();
  app.use(async (req, res, next) => {
  const requestState = await clerkClient.authenticateRequest(req, {
  acceptsToken: 'any',
  });
  if (!requestState.isAuthenticated) {
  // do something for unauthenticated requests
  }
  const authObject = requestState.toAuth();
  if (authObject.tokenType === 'session_token') {
  console.log('this is session token from a user');
  } else {
  console.log('this is some other type of machine token');
  console.log('more specifically, a ' + authObject.tokenType);
  }
  // Attach the auth object to locals so downstream handlers
  // and middleware can access it
  res.locals.auth = authObject;
  next();
  });

Minor Changes

• The svix dependency is no longer needed when using the verifyWebhook() function. verifyWebhook() was refactored to not rely on svix anymore while keeping the same functionality and behavior. (#6059) by @​royanger

  If you previously installed svix to use verifyWebhook() you can uninstall it now:

  npm uninstall svix

... (truncated)

Commits

• 5f645bc ci(repo): Version packages (#6031)
• c656270 fix(backend): Remove peerDep of svix for verifyWebhook() (#6059)
• 918e2e0 fix(backend): JSDoc for verifyWebook & verifyToken (#6060)
• 795d09a chore(backend): Add JSDoc comments to resources (#6049)
• 4f93634 chore(backend,nextjs,astro): Introduce getAuthObjectFromJwt as internal uti...
• acb146c chore(backend): Update [DEV] minor & patch dependencies (#6038)
• ea622ba feat(backend,nextjs): Introduce machine authentication (#5689)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #95.