-
Notifications
You must be signed in to change notification settings - Fork 1k
Add OAuthConsent and useOAuthConsent docs #3315
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
wobsoriano
wants to merge
26
commits into
main
Choose a base branch
from
rob/oauth-consent-docs
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
26 commits
Select commit
Hold shift + click to select a range
adf0d78
Add OAuthConsent and useOAuthConsent docs
wobsoriano 07b2e32
chore: improve examples
wobsoriano d1db103
chore: idiomatic tanstack start search params
wobsoriano 4082e14
chore: pass scope to hook
wobsoriano 2cfed0c
Merge branch 'main' into rob/oauth-consent-docs
wobsoriano 63c770a
docs review
SarahSoutoul f559280
Merge branch 'main' into rob/oauth-consent-docs
SarahSoutoul 99cae19
Fix hook parameter description
wobsoriano 1773cf8
Specify optional properties
wobsoriano eec2182
Fix props
SarahSoutoul f34c8f9
Missing optional
SarahSoutoul 2376a65
Make filenames consistent
SarahSoutoul 4f8a5ed
Merge branch 'main' into rob/oauth-consent-docs
SarahSoutoul 3f560db
docs review pt 2
SarahSoutoul 6ff167a
Merge branch 'main' into rob/oauth-consent-docs
SarahSoutoul 8055401
chore: add OAuthApplicatioNamespace docs
wobsoriano ea38cbe
Change to Typedoc
SarahSoutoul 1a27d2f
small nits
alexisintech aec79db
Make OAuthApplication a type
SarahSoutoul 3609879
Merge branch 'main' into rob/oauth-consent-docs
SarahSoutoul 4c731f5
Remove typedoc ignore
SarahSoutoul a0bee88
Add OAuthApplication back to Clerk object overview
SarahSoutoul 5b1e699
Fix build
SarahSoutoul 5b7dccc
Add shared partial for consent requirements
wobsoriano 2824cbd
chore: update partial content
wobsoriano b195ab9
Improve wording callout
SarahSoutoul File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| > [!IMPORTANT] | ||
| > Pages that host OAuth consent flows must set the referrer policy to `strict-origin-when-cross-origin`. This ensures the cross-origin `POST` request to FAPI includes the `Origin` header and Clerk can validate the CSRF token. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
281 changes: 281 additions & 0 deletions
281
docs/reference/components/authentication/oauth-consent.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,281 @@ | ||
| --- | ||
| title: '`<OAuthConsent />` component' | ||
| description: Clerk's <OAuthConsent /> component renders an OAuth consent screen for authenticated users. | ||
| sdk: astro, nextjs, nuxt, react, react-router, tanstack-react-start, vue, js-frontend | ||
| --- | ||
|
|
||
| The `<OAuthConsent />` component renders an OAuth consent screen for authenticated users after they are redirected to the OAuth authorization page. It retrieves the OAuth application's consent metadata and displays the requested scopes, allowing the user to approve or deny access. | ||
|
|
||
| By default, `<OAuthConsent />` reads the OAuth `client_id`, `scope`, and `redirect_uri` from the current URL. You can override the `client_id` and `scope` with props when rendering the component on a custom route. | ||
|
|
||
| > [!IMPORTANT] | ||
| > `<OAuthConsent />` only renders for authenticated users. If the user is signed out, the component will not be displayed. | ||
|
|
||
| <Include src="_partials/oauth-consent/callout" /> | ||
|
|
||
| ## Example | ||
|
|
||
| The following example includes a basic implementation of the `<OAuthConsent />` component. You can use this as a starting point for your own implementation. | ||
|
|
||
| <If sdk="nextjs"> | ||
| ```tsx {{ filename: 'app/oauth-consent/page.tsx' }} | ||
| import { OAuthConsent } from '@clerk/nextjs' | ||
|
|
||
| export const metadata: Metadata = { | ||
| referrer: 'strict-origin-when-cross-origin', | ||
| } | ||
|
|
||
| export default function Page() { | ||
| return <OAuthConsent /> | ||
| } | ||
| ``` | ||
| </If> | ||
|
|
||
| <If sdk="react"> | ||
| ```tsx {{ filename: 'src/routes/oauth-consent.tsx' }} | ||
| import { OAuthConsent } from '@clerk/react' | ||
|
|
||
| export const meta = () => [ | ||
| { | ||
| name: 'referrer', | ||
| content: 'strict-origin-when-cross-origin', | ||
| }, | ||
| ] | ||
|
|
||
| export default function OAuthConsentPage() { | ||
| return <OAuthConsent /> | ||
| } | ||
| ``` | ||
| </If> | ||
|
|
||
| <If sdk="react-router"> | ||
| ```tsx {{ filename: 'app/routes/oauth-consent.tsx' }} | ||
| import type { Route } from './+types/oauth-consent' | ||
| import { OAuthConsent } from '@clerk/react-router' | ||
|
|
||
| export const meta: Route.MetaFunction = () => [ | ||
| { | ||
| name: 'referrer', | ||
| content: 'strict-origin-when-cross-origin', | ||
| }, | ||
| ] | ||
|
|
||
| export default function OAuthConsentPage() { | ||
| return <OAuthConsent /> | ||
| } | ||
| ``` | ||
| </If> | ||
|
|
||
| <If sdk="tanstack-react-start"> | ||
| ```tsx {{ filename: 'app/routes/oauth-consent.tsx' }} | ||
| import { OAuthConsent } from '@clerk/tanstack-react-start' | ||
| import { createFileRoute } from '@tanstack/react-router' | ||
|
|
||
| export const Route = createFileRoute('/oauth-consent')({ | ||
| head: () => ({ | ||
| meta: [ | ||
| { | ||
| name: 'referrer', | ||
| content: 'strict-origin-when-cross-origin', | ||
| }, | ||
| ], | ||
| }), | ||
| component: OAuthConsentPage, | ||
| }) | ||
|
|
||
| function OAuthConsentPage() { | ||
| return <OAuthConsent /> | ||
| } | ||
| ``` | ||
| </If> | ||
|
|
||
| <If sdk="astro"> | ||
| ```astro {{ filename: 'pages/oauth-consent.astro' }} | ||
| --- | ||
| import { OAuthConsent } from '@clerk/astro/components' | ||
| --- | ||
|
|
||
| <html lang="en"> | ||
| <head> | ||
| <meta name="referrer" content="strict-origin-when-cross-origin" /> | ||
| </head> | ||
| <body> | ||
| <OAuthConsent /> | ||
| </body> | ||
| </html> | ||
| ``` | ||
| </If> | ||
|
|
||
| <If sdk="vue"> | ||
| ```vue {{ filename: 'oauth-consent.vue' }} | ||
| <script setup lang="ts"> | ||
| import { OAuthConsent } from '@clerk/vue' | ||
| import { useHead } from '@unhead/vue' | ||
|
|
||
| useHead({ | ||
| meta: [ | ||
| { | ||
| name: 'referrer', | ||
| content: 'strict-origin-when-cross-origin', | ||
| }, | ||
| ], | ||
| }) | ||
| </script> | ||
|
|
||
| <template> | ||
| <OAuthConsent /> | ||
| </template> | ||
| ``` | ||
| </If> | ||
|
|
||
| <If sdk="nuxt"> | ||
| ```vue {{ filename: 'oauth-consent.vue' }} | ||
| <script setup lang="ts"> | ||
| // Components are automatically imported | ||
| useHead({ | ||
| meta: [ | ||
| { | ||
| name: 'referrer', | ||
| content: 'strict-origin-when-cross-origin', | ||
| }, | ||
| ], | ||
| }) | ||
| </script> | ||
|
|
||
| <template> | ||
| <OAuthConsent /> | ||
| </template> | ||
| ``` | ||
| </If> | ||
|
|
||
| <If sdk="js-frontend"> | ||
| ## Usage with JavaScript | ||
|
|
||
| Add the following `<meta>` tag to the page that hosts the OAuth consent screen: | ||
|
|
||
| ```html {{ filename: 'index.html' }} | ||
| <meta name="referrer" content="strict-origin-when-cross-origin" /> | ||
| ``` | ||
|
|
||
| The following methods available on an instance of the [`Clerk`](/docs/reference/objects/clerk) class are used to render and control the `<OAuthConsent />` component: | ||
|
|
||
| - [`mountOAuthConsent()`](#mount-o-auth-consent) | ||
| - [`unmountOAuthConsent()`](#unmount-o-auth-consent) | ||
|
|
||
| The following examples assume that you have followed the [quickstart](/docs/js-frontend/getting-started/quickstart) in order to add Clerk to your JavaScript application. | ||
|
|
||
| ### `mountOAuthConsent()` | ||
|
|
||
| Render the `<OAuthConsent />` component to an HTML `<div>` element. | ||
|
|
||
| ```typescript | ||
| function mountOAuthConsent(node: HTMLDivElement, props?: OAuthConsentProps): void | ||
| ``` | ||
|
|
||
| #### `mountOAuthConsent()` params | ||
|
|
||
| <Properties> | ||
| - `node` | ||
| - [`HTMLDivElement`](https://developer.mozilla.org/en-US/docs/Web/API/HTMLDivElement) | ||
|
|
||
| The container `<div>` element used to render the `<OAuthConsent />` component. | ||
|
|
||
| --- | ||
|
|
||
| - `props?` | ||
| - [`OAuthConsentProps`](#properties) | ||
|
|
||
| The properties to pass to the `<OAuthConsent />` component. | ||
| </Properties> | ||
|
|
||
| #### `mountOAuthConsent()` usage | ||
|
|
||
| ```js {{ filename: 'main.js', mark: [15] }} | ||
| import { Clerk } from '@clerk/clerk-js' | ||
|
|
||
| const clerkPubKey = import.meta.env.VITE_CLERK_PUBLISHABLE_KEY | ||
|
|
||
| const clerk = new Clerk(clerkPubKey) | ||
| await clerk.load() | ||
|
|
||
| document.getElementById('app').innerHTML = ` | ||
| <div id="oauth-consent"></div> | ||
| ` | ||
|
|
||
| const oauthConsentDiv = document.getElementById('oauth-consent') | ||
|
|
||
| clerk.mountOAuthConsent(oauthConsentDiv) | ||
| ``` | ||
|
|
||
| ### `unmountOAuthConsent()` | ||
|
|
||
| Unmount and run cleanup on an existing `<OAuthConsent />` component instance. | ||
|
|
||
| ```typescript | ||
| function unmountOAuthConsent(node: HTMLDivElement): void | ||
| ``` | ||
|
|
||
| #### `unmountOAuthConsent()` params | ||
|
|
||
| <Properties> | ||
| - `node` | ||
| - [`HTMLDivElement`](https://developer.mozilla.org/en-US/docs/Web/API/HTMLDivElement) | ||
|
|
||
| The container `<div>` element with a rendered `<OAuthConsent />` component instance. | ||
| </Properties> | ||
|
|
||
| #### `unmountOAuthConsent()` usage | ||
|
|
||
| ```js {{ filename: 'main.js', mark: [19] }} | ||
| import { Clerk } from '@clerk/clerk-js' | ||
|
|
||
| const clerkPubKey = import.meta.env.VITE_CLERK_PUBLISHABLE_KEY | ||
|
|
||
| const clerk = new Clerk(clerkPubKey) | ||
| await clerk.load() | ||
|
|
||
| document.getElementById('app').innerHTML = ` | ||
| <div id="oauth-consent"></div> | ||
| ` | ||
|
|
||
| const oauthConsentDiv = document.getElementById('oauth-consent') | ||
|
|
||
| clerk.mountOAuthConsent(oauthConsentDiv) | ||
|
|
||
| // ... | ||
|
|
||
| clerk.unmountOAuthConsent(oauthConsentDiv) | ||
| ``` | ||
| </If> | ||
|
|
||
| ## Properties | ||
|
|
||
| All props are optional. | ||
|
|
||
| <Properties> | ||
| - `appearance?` | ||
| - <code>[Appearance](/docs/guides/customizing-clerk/appearance-prop/overview) | undefined</code> | ||
|
|
||
| An object to style your components. Will only affect [Clerk components](/docs/reference/components/overview) and not [Account Portal](/docs/guides/account-portal/overview) pages. | ||
|
|
||
| --- | ||
|
|
||
| - `fallback?` | ||
| - `ReactNode` | ||
|
|
||
| An element to be rendered while the component is mounting. | ||
|
|
||
| --- | ||
|
|
||
| - `oauthClientId?` | ||
| - `string` | ||
|
|
||
| Override the OAuth client ID. By default, Clerk reads this from the `client_id` query parameter in the current URL. | ||
|
|
||
| --- | ||
|
|
||
| - `scope?` | ||
| - `string` | ||
|
|
||
| Override the OAuth scope. By default, Clerk reads this from the `scope` query parameter in the current URL. | ||
| </Properties> | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.