feat(clerk-js,shared): Remove expired_token retry flow (#8108)

nikosdouvlis · web-flow · commit 25a73fb6d9a1 · 2026-03-24T11:05:40.000+02:00
The previous session token is now always sent in the /tokens POST
body (via the `token` param), so the backend no longer needs to
request it via a 422 missing_expired_token error and retry.

Removes:
- MissingExpiredTokenError class and its re-export from @clerk/shared
- The catch-and-retry logic in Session.#createTokenResolver
- 4 related tests in Session.test.ts
diff --git a/.changeset/remove-expired-token-retry.md b/.changeset/remove-expired-token-retry.md
@@ -0,0 +1,5 @@
+---
+'@clerk/clerk-js': patch
+---
+
+Skip `expired_token` retry flow when Session Minter is enabled. When `sessionMinter` is on, the token is sent in the POST body, so the retry-with-expired-token fallback is unnecessary. The retry flow is preserved for non-Session Minter mode.
diff --git a/packages/clerk-js/src/core/resources/Session.ts b/packages/clerk-js/src/core/resources/Session.ts
@@ -490,16 +490,20 @@ export class Session extends BaseResource implements SessionResource {
           organizationId: organizationId ?? null,
           ...(sessionMinterEnabled && this.lastActiveToken ? { token: this.lastActiveToken.getRawString() } : {}),
         };
-    const lastActiveToken = this.lastActiveToken?.getRawString();
 
-    const tokenResolver = Token.create(path, params, skipCache ? { debug: 'skip_cache' } : undefined).catch(e => {
+    if (sessionMinterEnabled) {
+      // Session Minter sends the token in the body, no expired_token retry needed
+      return Token.create(path, params, skipCache ? { debug: 'skip_cache' } : undefined);
+    }
+
+    // TODO: Remove this expired_token retry flow when the sessionMinter flag is removed
+    const lastActiveToken = this.lastActiveToken?.getRawString();
+    return Token.create(path, params, skipCache ? { debug: 'skip_cache' } : undefined).catch(e => {
       if (MissingExpiredTokenError.is(e) && lastActiveToken) {
         return Token.create(path, { ...params }, { expired_token: lastActiveToken });
       }
       throw e;
     });
-
-    return tokenResolver;
   }
 
   #dispatchTokenEvents(token: TokenResource, shouldDispatch: boolean): void {
diff --git a/scripts/validate-staging-instances.test.mjs b/scripts/validate-staging-instances.test.mjs
@@ -229,9 +229,7 @@ describe('collapseAttributeMismatches', () => {
       { path: 'user_settings.attributes.phone_number.verifications', prod: ['phone_code'], staging: [] },
     ];
     const result = collapseAttributeMismatches(mismatches);
-    expect(result).toEqual([
-      { path: 'user_settings.attributes.phone_number.enabled', prod: true, staging: false },
-    ]);
+    expect(result).toEqual([{ path: 'user_settings.attributes.phone_number.enabled', prod: true, staging: false }]);
   });
 
   it('keeps child diffs when .enabled does NOT differ', () => {
@@ -286,9 +284,7 @@ describe('collapseSocialMismatches', () => {
       { path: 'user_settings.social.google.strategy', prod: 'oauth_google', staging: undefined },
     ];
     const result = collapseSocialMismatches(mismatches);
-    expect(result).toEqual([
-      { path: 'user_settings.social.google', prod: { enabled: true }, staging: undefined },
-    ]);
+    expect(result).toEqual([{ path: 'user_settings.social.google', prod: { enabled: true }, staging: undefined }]);
   });
 
   it('collapses child diffs for extra social provider on staging', () => {
@@ -297,9 +293,7 @@ describe('collapseSocialMismatches', () => {
       { path: 'user_settings.social.github.enabled', prod: undefined, staging: true },
     ];
     const result = collapseSocialMismatches(mismatches);
-    expect(result).toEqual([
-      { path: 'user_settings.social.github', prod: undefined, staging: { enabled: true } },
-    ]);
+    expect(result).toEqual([{ path: 'user_settings.social.github', prod: undefined, staging: { enabled: true } }]);
   });
 
   it('keeps child diffs when both prod and staging have the provider', () => {
@@ -313,9 +307,7 @@ describe('collapseSocialMismatches', () => {
   });
 
   it('does not affect non-social mismatches', () => {
-    const mismatches = [
-      { path: 'auth_config.session_token_ttl', prod: 3600, staging: 7200 },
-    ];
+    const mismatches = [{ path: 'auth_config.session_token_ttl', prod: 3600, staging: 7200 }];
     const result = collapseSocialMismatches(mismatches);
     expect(result).toEqual(mismatches);
   });

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +'@clerk/clerk-js': patch
 +---
++
 +Skip `expired_token` retry flow when Session Minter is enabled. When `sessionMinter` is on, the token is sent in the POST body, so the retry-with-expired-token fallback is unnecessary. The retry flow is preserved for non-Session Minter mode.