Nonlinear Programming Methods

    TypeScript icon, indicating that this package has built-in type declarations

    2.0.2 • Public • Published

    Clerk logo



    This package provides Clerk Backend API core resources and low-level authentication utilities for JavaScript environments. It is mostly used as the base for other Clerk SDKs.

    Getting Started


    npm install @clerk/backend-core


    To build the package locally with the TypeScript compiler, run:

    npm run build


    @clerk/backend-core contains all the logic for basic Clerk functionalities, without being platform/environment, specific such as:

    • Determining the authentication state of a session.
    • Validating a Clerk token state.
    • Clerk API resource management.

    How it works

    This package is used as the base building block for Clerk JavaScript SDKs and environments. This is achieved by providing all the required business logic if only a few environment-specific utilities are implemented by the client.

    In essence, the client should supply these key functions in the Clerk Base and ClerkBackendApi classes:

    1. Public key import importKeyFunction.
    2. JWT signature verification verifySignatureFunction.
    3. Base64 decoding decodeBase64Function.
    4. HTTP fetching utility for the API resource management ClerkFetcher.

    After supplying those in the Base and ClerkBackendApi classes, you can use all the Clerk utilities required for the SDK business logic.


    Creating a Base for a new SDK

    const importKey = async (jwk: JsonWebKey, algorithm: Algorithm) => {
      //  ...
    const verifySignature = async (algorithm: Algorithm, key: CryptoKey, signature: Uint8Array, data: Uint8Array) => {
      // ...
    const decodeBase64 = (base64: string) => {
      // ...
    /** Base initialization */
    const examplePlatformBase = new Base(importKey, verifySignature, decodeBase64);

    After creating the Base instance you can use core functions such as:


    The Base utilities include the building blocks for developing any extra logic and middleware required for the target platform.

    Validate the Authorized Party of a session token

    Clerk's JWT session token, contains the azp claim, which equals the Origin of the request during token generation. You can provide a list of whitelisted origins to verify against, during every token verification, to protect your application of the subdomain cookie leaking attack. You can find an example below:

    const authorizedParties = ['http://localhost:3000', ''];
    examplePlatformBase.verifySessionToken(token > { authorizedParties });

    Clerk API Resources

    API resource management is also provided by this package through the ClerkBackendApi class. For more information on the API resources you can checkout the resource documentation page.

    To use the Clerk Backend API wrapper in any JavaScript platform, you would need to provide some specific SDK information and an HTTP fetching utility. See more at the ClerkBackendAPIProps implementation.


    You can get in touch with us in any of the following ways:


    We're open to all community contributions! If you'd like to contribute in any way, please read our contribution guidelines.


    @clerk/backend-core follows good practices of security, but 100% security cannot be assured.

    @clerk/backend-core is provided "as is" without any warranty. Use at your own risk.

    For more information and to report security issues, please refer to our security documentation.


    This project is licensed under the MIT license.

    See LICENSE for more information.




    npm i @clerk/backend-core


    DownloadsWeekly Downloads






    Unpacked Size

    617 kB

    Total Files


    Last publish


    • giannis-clerk
    • igneel64
    • chanioxaris
    • agis-clerk
    • colinclerk
    • bradenclerk
    • sokratis
    • yourtallness
    • nikosdouvlis