@clerk/backend 3.0.0-snapshot.v20260113135251 → 3.0.0-snapshot.v20260114095952

package/dist/index.mjs

@@ -2,7 +2,7 @@ import {
   createAuthenticateRequest,
   createBackendApiClient,
   verifyToken
-} from "./chunk-LJ7TIBGO.mjs";
+} from "./chunk-DSCJUJ44.mjs";
 import "./chunk-YBVFDYDR.mjs";
 import {
   withLegacyReturn

package/dist/internal.js

@@ -228,7 +228,7 @@ module.exports = __toCommonJS(internal_exports);
 // src/constants.ts
 var API_URL = "https://api.clerk.com";
 var API_VERSION = "v1";
-var USER_AGENT = `${"@clerk/backend"}@${"3.0.0-snapshot.v20260113135251"}`;
+var USER_AGENT = `${"@clerk/backend"}@${"3.0.0-snapshot.v20260114095952"}`;
 var MAX_CACHE_LAST_UPDATED_AT_SECONDS = 5 * 60;
 var SUPPORTED_BAPI_VERSION = "2025-11-10";
 var Attributes = {
@@ -249,7 +249,9 @@ var Cookies = {
   HandshakeNonce: "__clerk_handshake_nonce"
 };
 var QueryParameters = {
+  /** @deprecated Use ClerkSync with ClerkSyncStatus instead */
   ClerkSynced: "__clerk_synced",
+  ClerkSync: "__clerk_sync",
   SuffixedCookies: "suffixed_cookies",
   ClerkRedirectUrl: "__clerk_redirect_url",
   // use the reference to Cookies to indicate that it's the same value
@@ -295,12 +297,19 @@ var Headers2 = {
 var ContentTypes = {
   Json: "application/json"
 };
+var ClerkSyncStatus = {
+  /** Trigger sync - satellite needs to handshake after returning from primary sign-in */
+  NeedsSync: "1",
+  /** Sync completed - prevents re-sync loop after handshake completes */
+  Completed: "2"
+};
 var constants = {
   Attributes,
   Cookies,
   Headers: Headers2,
   ContentTypes,
-  QueryParameters
+  QueryParameters,
+  ClerkSyncStatus
 };
 
 // src/createRedirect.ts
@@ -5991,17 +6000,46 @@ var authenticateRequest = (async (request, options) => {
       }
     }
     const isRequestEligibleForMultiDomainSync = authenticateContext.isSatellite && authenticateContext.secFetchDest === "document";
-    if (authenticateContext.instanceType === "production" && isRequestEligibleForMultiDomainSync) {
-      return handleMaybeHandshakeStatus(authenticateContext, AuthErrorReason.SatelliteCookieNeedsSyncing, "");
-    }
-    if (authenticateContext.instanceType === "development" && isRequestEligibleForMultiDomainSync && !authenticateContext.clerkUrl.searchParams.has(constants.QueryParameters.ClerkSynced)) {
-      const redirectURL = new URL(authenticateContext.signInUrl);
-      redirectURL.searchParams.append(
-        constants.QueryParameters.ClerkRedirectUrl,
-        authenticateContext.clerkUrl.toString()
-      );
-      const headers = new Headers({ [constants.Headers.Location]: redirectURL.toString() });
-      return handleMaybeHandshakeStatus(authenticateContext, AuthErrorReason.SatelliteCookieNeedsSyncing, "", headers);
+    const syncStatus = authenticateContext.clerkUrl.searchParams.get(constants.QueryParameters.ClerkSync);
+    const needsSync = syncStatus === constants.ClerkSyncStatus.NeedsSync;
+    const legacySynced = authenticateContext.clerkUrl.searchParams.get(constants.QueryParameters.ClerkSynced) === "true";
+    const syncCompleted = syncStatus === constants.ClerkSyncStatus.Completed || legacySynced;
+    const hasCookies = hasSessionToken || hasActiveClient;
+    const shouldSkipSatelliteHandshake = authenticateContext.satelliteAutoSync === false && !hasCookies && !needsSync;
+    if (authenticateContext.instanceType === "production" && isRequestEligibleForMultiDomainSync && !syncCompleted) {
+      if (shouldSkipSatelliteHandshake) {
+        return signedOut({
+          tokenType: TokenType.SessionToken,
+          authenticateContext,
+          reason: AuthErrorReason.SessionTokenAndUATMissing
+        });
+      }
+      if (!hasCookies || needsSync) {
+        return handleMaybeHandshakeStatus(authenticateContext, AuthErrorReason.SatelliteCookieNeedsSyncing, "");
+      }
+    }
+    if (authenticateContext.instanceType === "development" && isRequestEligibleForMultiDomainSync && !syncCompleted) {
+      if (shouldSkipSatelliteHandshake) {
+        return signedOut({
+          tokenType: TokenType.SessionToken,
+          authenticateContext,
+          reason: AuthErrorReason.SessionTokenAndUATMissing
+        });
+      }
+      if (!hasCookies || needsSync) {
+        const redirectURL = new URL(authenticateContext.signInUrl);
+        redirectURL.searchParams.append(
+          constants.QueryParameters.ClerkRedirectUrl,
+          authenticateContext.clerkUrl.toString()
+        );
+        const headers = new Headers({ [constants.Headers.Location]: redirectURL.toString() });
+        return handleMaybeHandshakeStatus(
+          authenticateContext,
+          AuthErrorReason.SatelliteCookieNeedsSyncing,
+          "",
+          headers
+        );
+      }
     }
     const redirectUrl = new URL(authenticateContext.clerkUrl).searchParams.get(
       constants.QueryParameters.ClerkRedirectUrl
@@ -6014,7 +6052,10 @@ var authenticateRequest = (async (request, options) => {
           authenticateContext.devBrowserToken
         );
       }
-      redirectBackToSatelliteUrl.searchParams.append(constants.QueryParameters.ClerkSynced, "true");
+      redirectBackToSatelliteUrl.searchParams.set(
+        constants.QueryParameters.ClerkSync,
+        constants.ClerkSyncStatus.Completed
+      );
       const headers = new Headers({ [constants.Headers.Location]: redirectBackToSatelliteUrl.toString() });
       return handleMaybeHandshakeStatus(authenticateContext, AuthErrorReason.PrimaryRespondsToSyncing, "", headers);
     }