clerk-sdk-ruby 1.0.0 → 2.0.0.alpha.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6f285e5ca6280db100eed30796279e412901f157a3fd43d16a41a64d9c0cd85f
-  data.tar.gz: 32d0fab6c78b57c0f06fa9d3ef077f077cb6533ada6a400f98bec6a087d939e8
+  metadata.gz: 1e7b69485de55997a4dac75759908e7709dcb7fdb83c92fe09d2c4748a0a74f7
+  data.tar.gz: a0afbe19f7d6a7a9a998e82b798a8a548f051505e14f3b1d50688d2aaa436d7f
 SHA512:
-  metadata.gz: 7721083974266f6b18c6ceb1e1a14abc623caad474a7fcf7a065aafa4ac51c11f732f12db257fa46e3f903a4c9985eb0e6c21e451d3ffc877b7f434ba482fe91
-  data.tar.gz: b6a5689badfc699d7d03accb5a301a3504adf8eae009ef450b462fee9a20f995c2ec255ec9b771175fd76209ba991544a51a9e8cd6f0a14f82d6342a922942fb
+  metadata.gz: 062e4297db4b8b20e1a6ed6bf6d69a2b0f2df0f5aecc5d716e6b883877fea484476c9d75bf7e7fda294b88774b707b60fd09a85604f7f9363b1161f622d4947a
+  data.tar.gz: 50ecd09031d4383b5d136840f8457841253c86122fb3a4a8769d8d86553fb3d2ff9323f0cb98bdde68f4990d2c4cc955b9996a3fca09a0c597e10a7bbb39d8eb

data/.gitignore

@@ -6,3 +6,5 @@
 /pkg/
 /spec/reports/
 /tmp/
+
+.byebug_history

data/CHANGELOG.md

@@ -0,0 +1,27 @@
+## unreleased
+
+This release (v2) introduces the new networkless middleware which is compatible 
+with the new authentication scheme, dubbed *AuthV2*.
+
+It is backwards-incompatible with applications using AuthV1.
+
+- [BREAKING]: In order to use this version, you must set the authVersion prop 
+    accordingly in your frontend: `Clerk.load({authVersion: 2})`
+
+## 1.0.3 - 2021-07-21
+
+- fix: Proper endpoint for oauth_access_token method
+
+## 1.0.2 - 2021-06-03
+
+- fix: Instantiation of `Clerk::SDK` without prior call to `Clerk.configure`
+
+## 1.0.1 - 2021-06-03
+
+### enhancements
+
+- Middleware now uses a proxy object which lazy loads the Clerk session and user only when needed
+
+## 1.0.0 - 2021-05-27
+
+- initial release

data/Gemfile.lock

@@ -1,33 +1,43 @@
 PATH
   remote: .
   specs:
-    clerk-sdk-ruby (1.0.0)
+    clerk-sdk-ruby (1.0.3)
       faraday (~> 1.4.1)
+      jwt (~> 2.2)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    faraday (1.4.1)
+    byebug (11.1.3)
+    faraday (1.4.3)
+      faraday-em_http (~> 1.0)
+      faraday-em_synchrony (~> 1.0)
       faraday-excon (~> 1.1)
       faraday-net_http (~> 1.0)
       faraday-net_http_persistent (~> 1.1)
       multipart-post (>= 1.2, < 3)
       ruby2_keywords (>= 0.0.4)
+    faraday-em_http (1.0.0)
+    faraday-em_synchrony (1.0.0)
     faraday-excon (1.1.0)
     faraday-net_http (1.0.1)
-    faraday-net_http_persistent (1.1.0)
+    faraday-net_http_persistent (1.2.0)
+    jwt (2.2.3)
     minitest (5.14.2)
     multipart-post (2.1.1)
     rake (13.0.3)
-    ruby2_keywords (0.0.4)
+    ruby2_keywords (0.0.5)
+    timecop (0.9.4)
 
 PLATFORMS
   x86_64-linux
 
 DEPENDENCIES
+  byebug (~> 11.1)
   clerk-sdk-ruby!
   minitest (~> 5.0)
   rake (~> 13.0)
+  timecop (~> 0.9.4)
 
 BUNDLED WITH
-   2.2.15
+   2.2.24

data/README.md

@@ -1,5 +1,15 @@
 # Clerk Ruby SDK
 
+**NOTE**: This is the v2 branch of the SDK, which requires that you use AuthV2 
+in your frontend. This means that you have to set the `authVersion` prop 
+accordingly in your frontend:
+
+```javascript
+Clerk.load({authVersion: 2})
+```
+
+----------
+
 Thank you for choosing [Clerk](https://clerk.dev/) for your authentication,
 session & user management needs!
 
@@ -63,10 +73,10 @@ supported configuration settings their environment variable equivalents:
 
 ```ruby
 Clerk.configure do |c|
-  c.api_key = "your_api_key" # if omitted: ENV.fetch("CLERK_API_KEY") - will fail if unset
+  c.api_key = "your_api_key" # if omitted: ENV["CLERK_API_KEY"] - API calls will fail if unset
   c.base_url = "https://..." # if omitted: "https://api.clerk.dev/v1/"
   c.logger = Logger.new(STDOUT) # if omitted, no logging
-  c.middleware_cache_store = ActiveSupport::Cache::FileStore.new("/tmp/clerk_middleware_cache") # if omitted: Rails.cache or no caching (if not in a Rails app)
+  c.middleware_cache_store = ActiveSupport::Cache::FileStore.new("/tmp/clerk_middleware_cache") # if omitted: no caching
 end
 ```
 
@@ -94,17 +104,17 @@ for details.
 
 ## Rack middleware
 
-The SDK comes with a Rack middleware which sets the Clerk session and user in
-the Rack environment. The keys are: `clerk_session` and `clerk_user` for the
-session and user respectively. If the API responds with an error `clerk_error`
-will be set.
+The SDK comes with a Rack middleware which lazily loads the Clerk session and
+user. It inserts a `clerk` key in the Rack environment, which is an instance
+of `Clerk::Proxy`. To get the session or the user of the session, you call
+`session` or `user` respectively. In case there is no session, you can retrieve
+the API error with the `error` getter method.
 
 ## Rails integration
 
 The SDK will automatically add the [Rack middleware](#rack-middleware) to the
-middleware stack, using `Rails.cache` for its cache. For easier access to the
-Clerk session and user, include the `Clerk::Authenticatable` concern in your
-controller:
+middleware stack. For easier access to the Clerk session and user, include the
+`Clerk::Authenticatable` concern in your controller:
 
 ```ruby
 require "clerk/authenticatable"

data/bin/console

@@ -3,6 +3,7 @@
 
 require "bundler/setup"
 require "clerk"
+require "byebug"
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.

data/clerk-sdk-ruby.gemspec

@@ -28,4 +28,8 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "faraday", "~> 1.4.1"
+  spec.add_dependency "jwt", '~> 2.2'
+
+  spec.add_development_dependency "byebug", "~> 11.1"
+  spec.add_development_dependency "timecop", "~> 0.9.4"
 end

data/lib/clerk/authenticatable.rb

@@ -5,16 +5,52 @@ module Clerk
     extend ActiveSupport::Concern
 
     protected
+
+    # Makes a request to the Clerk API to verify the session again and return
+    # the Session object. Subsequent calls to this method will return the cached
+    # Session object.
+    #
+    # NOTE: For better performance, you can instead use `#clerk_session_claims`
+    # which already contains the verified claims as retrieved from the session
+    # token.
     def clerk_session
-      request.env["clerk_session"]
+      request.env["clerk"].session
+    end
+
+    # Makes a request to the Clerk API to verify the session again. Returns the
+    # session object as fetched from the API.
+    #
+    # NOTE: For better performance, you can instead use `#clerk_session_claims`
+    # which already contains the verified claims as retrieved from the session
+    # token.
+    #
+    # See https://docs.clerk.dev/reference/backend-api-reference/sessions#verify-a-session
+    def clerk_reverify_session!
+      request.env["clerk"].verify_session
+    end
+
+    def clerk_verified_session_claims
+      request.env["clerk"].session_claims
     end
 
+    def clerk_verified_session_token
+      request.env["clerk"].session_token
+    end
+
+    # Makes a request to the Clerk API to fetch the data of the authenticated
+    # session's user. If caching is configured (see
+    # Config.middleware_cache_store), subsequent calls will return the cached
+    # object.
     def clerk_user
-      request.env["clerk_user"]
+      request.env["clerk"].user
+    end
+
+    def clerk_user_id
+      request.env["clerk"].user_id
     end
 
     def clerk_user_signed_in?
-      !!clerk_user
+      !!clerk_verified_session_claims
     end
 
     def clerk_sign_in_url
@@ -30,8 +66,10 @@ module Clerk
     end
 
     included do
-      helper_method :clerk_session, :clerk_user, :clerk_user_signed_in?,
-        :clerk_sign_in_url, :clerk_sign_up_url, :clerk_user_profile_url
+      helper_method :clerk_session, :clerk_reverify_session!,
+        :clerk_verified_session_claims, :clerk_verified_session_token,
+        :clerk_user, :clerk_user_id, :clerk_user_signed_in?, :clerk_sign_in_url,
+        :clerk_sign_up_url, :clerk_user_profile_url
     end
   end
 end

data/lib/clerk/rack_middleware.rb

@@ -8,48 +8,75 @@ module Clerk
 
     def call(env)
       req = Rack::Request.new(env)
-      token = req.cookies["__session"]
+      env["clerk"] = Proxy.new(env)
+      @app.call(env)
+    end
+  end
 
-      if token
-        sess_id = req.params["_clerk_session_id"]
-        begin
-          env["clerk_session"] = fetch_session(token, sess_id)
-        rescue Errors::Authentication => e
-          env["clerk_error"] = e
-        end
-      end
-      if sess = env["clerk_session"]
-        env["clerk_user"] = fetch_user(sess["user_id"])
+  class Proxy
+    attr_reader :session_id, :error
+    def initialize(env)
+      req = Rack::Request.new(env)
+      @token = req.cookies["__session"]
+      @session_id = req.params["_clerk_session_id"]
+      @session = nil
+      @user_id = nil
+      @user = nil
+    end
+
+    def session
+      return nil if @token.nil?
+      return @session if @session
+
+      begin
+        @session = fetch_session
+      rescue Errors::Authentication => e
+        @error = e
       end
-      @app.call(env)
+      @session
+    end
+
+    def user_id
+      @user_id ||= session.dig("user_id")
+    end
+
+    def user
+      return nil if session.nil?
+      @user ||= fetch_user(user_id)
+    end
+
+    def debug
+      (instance_variables - [:@sdk]).map do |ivar|
+        [ivar.to_s, instance_variable_get(ivar)]
+      end.to_h
     end
 
     private
-    def clerk_sdk
-      SDK.new
+    def sdk
+      @sdk ||= SDK.new
+    end
+
+    def cache_key
+      @cache_key ||= @token.split(".")[1]
     end
 
-    def fetch_session(token, sess_id)
-      cache_key = token.split(".")[1]
-      if sess_id
-        session = cached_fetch("clerk_session:#{sess_id}:#{cache_key}") do
-          sdk = clerk_sdk
-          sdk.sessions.verify_token(sess_id, token)
+    def fetch_session
+      if session_id
+        cached_fetch("clerk_session:#{session_id}:#{cache_key}") do
+          sdk.sessions.verify_token(session_id, @token)
         end
       else
-        session = cached_fetch("clerk_session:#{cache_key}") do
-          sdk = clerk_sdk
-          client = sdk.clients.verify_token(token)
-          sess_id = client["last_active_session_id"]
+        cached_fetch("clerk_session:#{cache_key}") do
+          client = sdk.clients.verify_token(@token)
+          @session_id = client["last_active_session_id"]
           client["sessions"].find do |sess|
-            sess["id"] == sess_id
+            sess["id"] == @session_id
           end
         end
       end
     end
 
     def fetch_user(user_id)
-      sdk = clerk_sdk
       cached_fetch("clerk_user:#{user_id}") do
         sdk.users.find(user_id)
       end

data/lib/clerk/rack_middleware_v2.rb

@@ -0,0 +1,168 @@
+require "clerk"
+
+module Clerk
+  class RackMiddlewareV2
+    class ProxyV2
+      CACHE_TTL = 60 # seconds
+
+      attr_reader :session_claims, :session_token
+
+      def initialize(session_claims: nil, session_token: nil)
+        @session_claims = session_claims
+        @session_token = session_token
+        @session = nil
+      end
+
+      def session
+        return nil if @session_claims.nil?
+
+        @session ||= verify_session
+      end
+
+      def verify_session
+        return nil if @session_claims.nil?
+
+        sdk.sessions.verify_token(@session_claims["sid"], @session_token)
+      end
+
+      def user
+        return nil if user_id.nil?
+
+        @user ||= fetch_user(user_id)
+      end
+
+      def user_id
+        return nil if @session_claims.nil?
+
+        @session_claims["sub"]
+      end
+
+      private
+
+      def fetch_user(user_id)
+        cached_fetch("clerk_user:#{user_id}") do
+          sdk.users.find(user_id)
+        end
+      end
+
+      def cached_fetch(key, &block)
+        if store = Clerk.configuration.middleware_cache_store
+          store.fetch(key, expires_in: CACHE_TTL, &block)
+        else
+          yield
+        end
+      end
+
+      def sdk
+        @sdk ||= Clerk::SDK.new
+      end
+    end
+
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      @env = env
+      @req = Rack::Request.new(env)
+      @env["clerk"] = ProxyV2.new
+      @header_token = @req.env["HTTP_AUTHORIZATION"]&.strip
+      @cookie_token = @req.cookies["__session"]
+      @client_uat = @req.cookies["__client_uat"]
+
+      ##########################################################################
+      #                                                                        #
+      #                          HEADER AUTHENTICATION                         #
+      #                                                                        #
+      ##########################################################################
+      if @header_token
+        return signed_out if !sdk.decode_token(@header_token) # malformed JWT
+
+        token = verify_token(@header_token)
+        return signed_in(token, @header_token) if token
+
+        # Clerk.js should refresh the token and retry
+        return unknown(interstitial: false)
+      end
+
+      # in cross-origin XHRs the use of Authorization header is mandatory.
+      if cross_origin_request?(@req) && @header_token.nil?
+        return signed_out
+      end
+
+      ##########################################################################
+      #                                                                        #
+      #                             COOKIE AUTHENTICATION                      #
+      #                                                                        #
+      ##########################################################################
+      if development_or_staging? && (@req.referrer.nil? || cross_origin_request?(@req))
+        return unknown(interstitial: true)
+      end
+
+      if production? && @client_uat.nil?
+        return signed_out
+      end
+
+      if @client_uat == "0"
+        return signed_out
+      end
+
+      token = verify_token(@cookie_token)
+
+      if token && token["iat"] && @client_uat && Integer(@client_uat) <= token["iat"]
+        return signed_in(token, @cookie_token)
+      end
+
+      unknown(interstitial: true)
+    end
+
+    private
+
+    # Outcome A
+    def signed_in(claims, token)
+      @env["clerk"] = ProxyV2.new(session_claims: claims, session_token: token)
+
+      @app.call(@env)
+    end
+
+    # Outcome B
+    def signed_out
+      @app.call(@env)
+    end
+
+    # Outcome C
+    def unknown(interstitial: false)
+      return [401, {}, []] if !interstitial
+
+      # Load Clerk.js to update the __session and __client_uat cookies.
+      [401, {"Content-Type" => "text/html"}, [sdk.interstitial]]
+    end
+
+    def development_or_staging?
+      Clerk.configuration.api_key.start_with?("test_")
+    end
+
+    def production?
+      !development_or_staging?
+    end
+
+    def cross_origin_request?(req)
+      origin = req.env["HTTP_ORIGIN"]
+      origin && origin != req.host
+    end
+
+    def verify_token(token)
+      return false if token.nil? || token.strip.empty?
+
+      begin
+        @session = sdk.verify_token(token)
+      rescue JWT::DecodeError, JWT::RequiredDependencyError => e
+        false
+      end
+    end
+
+    def sdk
+      @sdk ||= Clerk::SDK.new
+    end
+  end
+end

data/lib/clerk/railtie.rb

@@ -1,17 +1,12 @@
 # frozen_string_literal: true
 #
 require_relative "rack_middleware"
+require_relative "rack_middleware_v2"
 
 module Clerk
   class Railtie < ::Rails::Railtie
     initializer "clerk_railtie.configure_rails_initialization" do |app|
-      app.middleware.use Clerk::RackMiddleware
-    end
-
-    config.to_prepare do
-      Clerk.configure do |c|
-        c.middleware_cache_store ||= Rails.cache
-      end
+      app.middleware.use Clerk::RackMiddlewareV2
     end
   end
 end

data/lib/clerk/resources/jwks.rb

@@ -0,0 +1,18 @@
+require "forwardable"
+require_relative "plural_resource"
+
+module Clerk
+  module Resources
+    class JWKS
+      extend Forwardable
+
+      def initialize(client)
+        @client = client
+      end
+
+      def all(timeout: 5)
+        @client.request(:get, "jwks", timeout: timeout)
+      end
+    end
+  end
+end

data/lib/clerk/resources/users.rb

@@ -7,10 +7,15 @@ module Clerk
       extend Forwardable
 
       def initialize(client)
+        @client = client
         @resource = PluralResource.new(client, "users")
       end
 
       def_delegators :@resource, :all, :find, :update, :delete
+
+      def oauth_access_token(user_id, provider)
+        @client.request(:get, "#{@resource.resource_path(user_id)}/oauth_access_tokens/#{provider}")
+      end
     end
   end
 end

data/lib/clerk/resources.rb

@@ -5,3 +5,4 @@ require_relative "resources/emails"
 require_relative "resources/sessions"
 require_relative "resources/sms_messages"
 require_relative "resources/users"
+require_relative "resources/jwks"

data/lib/clerk/sdk.rb

@@ -4,6 +4,7 @@ require "faraday"
 require "logger"
 require "net/http"
 require "json"
+require "jwt"
 
 require_relative "resources/allowlist_identifiers"
 require_relative "resources/allowlist"
@@ -12,6 +13,8 @@ require_relative "resources/emails"
 require_relative "resources/sessions"
 require_relative "resources/sms_messages"
 require_relative "resources/users"
+require_relative "resources/users"
+require_relative "resources/jwks"
 require_relative "errors"
 
 module Clerk
@@ -20,8 +23,13 @@ module Clerk
       "User-Agent" => "Clerk/#{Clerk::VERSION}; Faraday/#{Faraday::VERSION}; Ruby/#{RUBY_VERSION}"
     }
 
+    # How often (in seconds) should JWKs be refreshed
+    JWKS_CACHE_LIFETIME = 3600 # 1 hour
+
     def initialize(api_key: nil, base_url: nil, logger: nil, ssl_verify: true,
                    connection: nil)
+      @jwks_fetched_at = nil
+
       if connection # Inject a Faraday::Connection for testing or full control over Faraday
         @conn = connection
         return
@@ -48,16 +56,26 @@ module Clerk
       end
     end
 
-    def request(method, path, query: [], body: nil)
+    def request(method, path, query: [], body: nil, timeout: nil)
       response = case method
                  when :get
-                   @conn.get(path, query)
+                   @conn.get(path, query) do |req|
+                     req.options.timeout = timeout if timeout
+                   end
                  when :post
-                   @conn.post(path, body)
+                   @conn.post(path, body) do |req|
+                     req.body = body
+                     req.options.timeout = timeout if timeout
+                   end
                  when :patch
-                   @conn.patch(path, body)
+                   @conn.patch(path, body) do |req|
+                     req.body = body
+                     req.options.timeout = timeout if timeout
+                   end
                  when :delete
-                   @conn.delete(path)
+                   @conn.delete(path) do |req|
+                     req.options.timeout = timeout if timeout
+                   end
                  end
 
       body = if response["Content-Type"] == "application/json"
@@ -106,5 +124,50 @@ module Clerk
     def users
       Resources::Users.new(self)
     end
+
+    def jwks
+      Resources::JWKS.new(self)
+    end
+
+    def interstitial(refresh=false)
+      request(:get, "internal/interstitial")
+    end
+
+    # Returns the decoded JWT payload without verifying if the signature is
+    # valid.
+    #
+    # WARNING: This will not verify whether the signature is valid. You
+    # should not use this for untrusted messages! You most likely want to use
+    # verify_token.
+    def decode_token(token)
+      JWT.decode(token, nil, false).first
+    end
+
+    # Decode the JWT and verify it's valid (verify claims, signature etc.) using
+    # the provided algorithms.
+    #
+    # JWKS are cached for JWKS_CACHE_LIFETIME seconds, in order to avoid
+    # unecessary roundtrips. In order to invalidate the cache, pass
+    # `force_refresh_jwks: true`.
+    #
+    # A timeout for the request to the JWKs endpoint can be set with the
+    # `timeout` argument.
+    def verify_token(token, force_refresh_jwks: false, algorithms: ['RS256'], timeout: 5)
+      jwk_loader = ->(options) do
+        @cached_jwks = nil if options[:invalidate] || force_refresh_jwks
+        @cached_jwks = nil if @jwks_fetched_at && Time.now.to_i - @jwks_fetched_at > JWKS_CACHE_LIFETIME
+
+        @cached_jwks ||= begin
+          keys = jwks.all["keys"]
+          @jwks_fetched_at = Time.now.to_i
+
+          # JWT.decode requires that the 'keys' key in the Hash is a symbol (as
+          # opposed to a string which our SDK returns by default)
+          { keys: keys }
+        end
+      end
+
+      JWT.decode(token, nil, true, algorithms: algorithms, jwks: jwk_loader).first
+    end
   end
 end

data/lib/clerk/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Clerk
-  VERSION = "1.0.0"
+  VERSION = "2.0.0.alpha.1"
 end

data/lib/clerk.rb

@@ -5,12 +5,13 @@ require_relative "clerk/sdk"
 
 module Clerk
   class << self
-    attr_accessor :configuration
-
     def configure
-      self.configuration ||= Config.new
       yield(configuration)
     end
+
+    def configuration
+      @configuration ||= Config.new
+    end
   end
 
   class Config
@@ -19,7 +20,7 @@ module Clerk
 
     def initialize
       @base_url = ENV.fetch("CLERK_API_BASE", PRODUCTION_BASE_URL)
-      @api_key = ENV.fetch("CLERK_API_KEY")
+      @api_key = ENV["CLERK_API_KEY"]
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: clerk-sdk-ruby
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 2.0.0.alpha.1
 platform: ruby
 authors:
 - Clerk
-autorequire:
+autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-05-27 00:00:00.000000000 Z
+date: 2021-10-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -24,6 +24,48 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.4.1
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.1'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.4
 description: Client SDK for the Clerk backend API.
 email:
 - ruby-sdk@clerk.dev
@@ -33,6 +75,7 @@ extra_rdoc_files: []
 files:
 - ".github/workflows/main.yml"
 - ".gitignore"
+- CHANGELOG.md
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
@@ -44,13 +87,16 @@ files:
 - lib/clerk.rb
 - lib/clerk/authenticatable.rb
 - lib/clerk/errors.rb
+- lib/clerk/proxy.rb
 - lib/clerk/rack_middleware.rb
+- lib/clerk/rack_middleware_v2.rb
 - lib/clerk/railtie.rb
 - lib/clerk/resources.rb
 - lib/clerk/resources/allowlist.rb
 - lib/clerk/resources/allowlist_identifiers.rb
 - lib/clerk/resources/clients.rb
 - lib/clerk/resources/emails.rb
+- lib/clerk/resources/jwks.rb
 - lib/clerk/resources/plural_resource.rb
 - lib/clerk/resources/sessions.rb
 - lib/clerk/resources/singular_resource.rb
@@ -66,7 +112,7 @@ metadata:
   homepage_uri: https://github.com/clerkinc/clerk-sdk-ruby
   source_code_uri: https://github.com/clerkinc/clerk-sdk-ruby
   changelog_uri: https://github.com/clerkinc/clerk-sdk-ruby/blob/main/CHANGELOG.md
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -77,12 +123,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.4.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.2.15
-signing_key:
+rubygems_version: 3.2.5
+signing_key: 
 specification_version: 4
 summary: Clerk SDK for Ruby.
 test_files: []