Merge branch 'main' into jacek/fix-testing-concurrent-workers

Author: jacekradko

.changeset/fix-ci-artifact-name.md

@@ -0,0 +1,2 @@
+---
+---

.changeset/fix-keyless-claim-test.md

@@ -0,0 +1,2 @@
+---
+---

.changeset/fix-proxy-redirect-manual.md

@@ -0,0 +1,5 @@
+---
+'@clerk/backend': patch
+---
+
+Fix frontend API proxy following redirects server-side instead of passing them to the browser. The proxy's `fetch()` call now uses `redirect: 'manual'` so that 3xx responses from FAPI (e.g. after OAuth callbacks) are returned to the client as-is, matching standard HTTP proxy behavior.

.changeset/green-hotels-study.md

@@ -0,0 +1,5 @@
+---
+'@clerk/localizations': patch
+---
+
+fix(localizations): add missing Hungarian translations for form placeholders and legal consent

.changeset/humble-trams-laugh.md

@@ -0,0 +1,9 @@
+---
+'@clerk/clerk-js': minor
+'@clerk/shared': minor
+'@clerk/ui': minor
+---
+
+Add `EnterpriseConnection` resource
+
+`User.getEnterpriseConnections()` was wrongly typed as returning `EnterpriseAccountConnectionResource[]`, it now returns `EnterpriseConnectionResource[]`

.github/workflows/ci.yml

@@ -457,11 +457,20 @@ jobs:
           NODE_EXTRA_CA_CERTS: ${{ github.workspace }}/integration/certs/rootCA.pem
           VERCEL_AUTOMATION_BYPASS_SECRET: ${{ secrets.VERCEL_AUTOMATION_BYPASS_SECRET }}
 
+      - name: Sanitize artifact name
+        if: ${{ cancelled() || failure() }}
+        id: sanitize
+        run: |
+          SANITIZED="${TEST_NAME//:/-}"
+          echo "artifact-suffix=${SANITIZED}" >> $GITHUB_OUTPUT
+        env:
+          TEST_NAME: ${{ matrix.test-name }}
+
       - name: Upload test-results
         if: ${{ cancelled() || failure() }}
         uses: actions/upload-artifact@v4
         with:
-          name: playwright-traces-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.test-name }}${{ matrix.next-version && format('-next{0}', matrix.next-version) || '' }}
+          name: playwright-traces-${{ github.run_id }}-${{ github.run_attempt }}-${{ steps.sanitize.outputs.artifact-suffix }}${{ matrix.next-version && format('-next{0}', matrix.next-version) || '' }}
           path: test-results
           retention-days: 1
 

integration/testUtils/keylessHelpers.ts

@@ -48,34 +48,15 @@ export async function testToggleCollapsePopoverAndClaim({
 
   const claim = u.po.keylessPopover.promptsToClaim();
 
-  const [newPage] = await Promise.all([context.waitForEvent('page'), claim.click()]);
-
-  await newPage.waitForLoadState();
-
-  await newPage.waitForURL(url => {
-    const signInForceRedirectUrl = url.searchParams.get('sign_in_force_redirect_url');
-    const signUpForceRedirectUrl = url.searchParams.get('sign_up_force_redirect_url');
-
-    const signInHasRequiredParams =
-      signInForceRedirectUrl?.includes(`${dashboardUrl}apps/claim`) &&
-      signInForceRedirectUrl?.includes('token=') &&
-      signInForceRedirectUrl?.includes(`framework=${framework}`);
-
-    const signUpRegularCase =
-      signUpForceRedirectUrl?.includes(`${dashboardUrl}apps/claim`) &&
-      signUpForceRedirectUrl?.includes('token=') &&
-      signUpForceRedirectUrl?.includes(`framework=${framework}`);
-
-    const signUpPrepareAccountCase =
-      signUpForceRedirectUrl?.startsWith(`${dashboardUrl}prepare-account`) &&
-      signUpForceRedirectUrl?.includes(encodeURIComponent('apps/claim')) &&
-      signUpForceRedirectUrl?.includes(encodeURIComponent('token=')) &&
-      signUpForceRedirectUrl?.includes(encodeURIComponent(`framework=${framework}`));
-
-    const signUpHasRequiredParams = signUpRegularCase || signUpPrepareAccountCase;
-
-    return url.pathname === '/apps/claim/sign-in' && signInHasRequiredParams && signUpHasRequiredParams;
-  });
+  const href = await claim.getAttribute('href');
+  expect(href).toBeTruthy();
+
+  const claimUrl = new URL(href!);
+  expect(claimUrl.origin + '/').toBe(dashboardUrl);
+  expect(claimUrl.pathname).toBe('/apps/claim');
+  expect(claimUrl.searchParams.get('framework')).toBe(framework);
+  expect(claimUrl.searchParams.has('token')).toBe(true);
+  expect(claimUrl.searchParams.has('return_url')).toBe(true);
 }
 
 /**

packages/backend/src/proxy.ts

@@ -278,6 +278,7 @@ export async function clerkFrontendApiProxy(request: Request, options?: Frontend
     const fetchOptions: RequestInit = {
       method: request.method,
       headers,
+      redirect: 'manual',
       // @ts-expect-error - duplex is required for streaming bodies but not in all TS definitions
       duplex: hasBody ? 'half' : undefined,
     };

packages/clerk-js/bundlewatch.config.json

@@ -1,10 +1,10 @@
 {
   "files": [
-    { "path": "./dist/clerk.js", "maxSize": "540KB" },
+    { "path": "./dist/clerk.js", "maxSize": "543KB" },
     { "path": "./dist/clerk.browser.js", "maxSize": "67KB" },
-    { "path": "./dist/clerk.legacy.browser.js", "maxSize": "108KB" },
-    { "path": "./dist/clerk.no-rhc.js", "maxSize": "307KB" },
-    { "path": "./dist/clerk.native.js", "maxSize": "66KB" },
+    { "path": "./dist/clerk.legacy.browser.js", "maxSize": "110KB" },
+    { "path": "./dist/clerk.no-rhc.js", "maxSize": "309KB" },
+    { "path": "./dist/clerk.native.js", "maxSize": "68KB" },
     { "path": "./dist/vendors*.js", "maxSize": "7KB" },
     { "path": "./dist/coinbase*.js", "maxSize": "36KB" },
     { "path": "./dist/base-account-sdk*.js", "maxSize": "203KB" },

packages/clerk-js/src/core/resources/EnterpriseConnection.ts

@@ -0,0 +1,141 @@
+import type {
+  EnterpriseConnectionJSON,
+  EnterpriseConnectionJSONSnapshot,
+  EnterpriseConnectionResource,
+  EnterpriseOAuthConfigJSON,
+  EnterpriseOAuthConfigResource,
+  EnterpriseSamlConnectionNestedJSON,
+  EnterpriseSamlConnectionNestedResource,
+} from '@clerk/shared/types';
+
+import { unixEpochToDate } from '../../utils/date';
+import { BaseResource } from './Base';
+
+function samlNestedFromJSON(data: EnterpriseSamlConnectionNestedJSON): EnterpriseSamlConnectionNestedResource {
+  return {
+    id: data.id,
+    name: data.name,
+    active: data.active,
+    idpEntityId: data.idp_entity_id,
+    idpSsoUrl: data.idp_sso_url,
+    idpCertificate: data.idp_certificate,
+    idpMetadataUrl: data.idp_metadata_url,
+    idpMetadata: data.idp_metadata,
+    acsUrl: data.acs_url,
+    spEntityId: data.sp_entity_id,
+    spMetadataUrl: data.sp_metadata_url,
+    allowSubdomains: data.allow_subdomains,
+    allowIdpInitiated: data.allow_idp_initiated,
+    forceAuthn: data.force_authn,
+  };
+}
+
+function samlNestedToJSON(data: EnterpriseSamlConnectionNestedResource): EnterpriseSamlConnectionNestedJSON {
+  return {
+    id: data.id,
+    name: data.name,
+    active: data.active,
+    idp_entity_id: data.idpEntityId,
+    idp_sso_url: data.idpSsoUrl,
+    idp_certificate: data.idpCertificate,
+    idp_metadata_url: data.idpMetadataUrl,
+    idp_metadata: data.idpMetadata,
+    acs_url: data.acsUrl,
+    sp_entity_id: data.spEntityId,
+    sp_metadata_url: data.spMetadataUrl,
+    allow_subdomains: data.allowSubdomains,
+    allow_idp_initiated: data.allowIdpInitiated,
+    force_authn: data.forceAuthn,
+  };
+}
+
+function oauthConfigFromJSON(data: EnterpriseOAuthConfigJSON): EnterpriseOAuthConfigResource {
+  return {
+    id: data.id,
+    name: data.name,
+    clientId: data.client_id,
+    providerKey: data.provider_key,
+    discoveryUrl: data.discovery_url,
+    logoPublicUrl: data.logo_public_url,
+    requiresPkce: data.requires_pkce,
+    createdAt: unixEpochToDate(data.created_at),
+    updatedAt: unixEpochToDate(data.updated_at),
+  };
+}
+
+function oauthConfigToJSON(data: EnterpriseOAuthConfigResource): EnterpriseOAuthConfigJSON {
+  return {
+    id: data.id,
+    name: data.name,
+    client_id: data.clientId,
+    provider_key: data.providerKey,
+    discovery_url: data.discoveryUrl,
+    logo_public_url: data.logoPublicUrl,
+    requires_pkce: data.requiresPkce,
+    created_at: data.createdAt?.getTime() ?? 0,
+    updated_at: data.updatedAt?.getTime() ?? 0,
+  };
+}
+
+export class EnterpriseConnection extends BaseResource implements EnterpriseConnectionResource {
+  id!: string;
+  name!: string;
+  active!: boolean;
+  domains: string[] = [];
+  organizationId: string | null = null;
+  syncUserAttributes!: boolean;
+  disableAdditionalIdentifications!: boolean;
+  allowOrganizationAccountLinking!: boolean;
+  customAttributes: unknown[] = [];
+  oauthConfig: EnterpriseOAuthConfigResource | null = null;
+  samlConnection: EnterpriseSamlConnectionNestedResource | null = null;
+  createdAt: Date | null = null;
+  updatedAt: Date | null = null;
+
+  constructor(data: EnterpriseConnectionJSON | EnterpriseConnectionJSONSnapshot | null) {
+    super();
+    this.fromJSON(data);
+  }
+
+  protected fromJSON(data: EnterpriseConnectionJSON | EnterpriseConnectionJSONSnapshot | null): this {
+    if (!data) {
+      return this;
+    }
+
+    this.id = data.id;
+    this.name = data.name;
+    this.active = data.active;
+    this.domains = data.domains ?? [];
+    this.organizationId = data.organization_id ?? null;
+    this.syncUserAttributes = data.sync_user_attributes;
+    this.disableAdditionalIdentifications = data.disable_additional_identifications;
+    this.allowOrganizationAccountLinking = data.allow_organization_account_linking ?? false;
+    this.customAttributes = data.custom_attributes ?? [];
+    this.createdAt = unixEpochToDate(data.created_at);
+    this.updatedAt = unixEpochToDate(data.updated_at);
+
+    this.samlConnection = data.saml_connection ? samlNestedFromJSON(data.saml_connection) : null;
+    this.oauthConfig = data.oauth_config ? oauthConfigFromJSON(data.oauth_config) : null;
+
+    return this;
+  }
+
+  public __internal_toSnapshot(): EnterpriseConnectionJSONSnapshot {
+    return {
+      object: 'enterprise_connection',
+      id: this.id,
+      name: this.name,
+      active: this.active,
+      domains: this.domains,
+      organization_id: this.organizationId,
+      sync_user_attributes: this.syncUserAttributes,
+      disable_additional_identifications: this.disableAdditionalIdentifications,
+      allow_organization_account_linking: this.allowOrganizationAccountLinking,
+      custom_attributes: this.customAttributes,
+      saml_connection: this.samlConnection ? samlNestedToJSON(this.samlConnection) : undefined,
+      oauth_config: this.oauthConfig ? oauthConfigToJSON(this.oauthConfig) : undefined,
+      created_at: this.createdAt?.getTime() ?? 0,
+      updated_at: this.updatedAt?.getTime() ?? 0,
+    };
+  }
+}