Merge branch 'main' into jacek/gate-api-changes-turbo-cache

Author: jacekradko

.changeset/bump-break-check-chunk-filter.md

@@ -0,0 +1,2 @@
+---
+---

.changeset/expo-bump-clerk-android-1-0-18.md

@@ -0,0 +1,5 @@
+---
+'@clerk/expo': patch
+---
+
+Bump the bundled `clerk-android` SDK (`clerk-android-api` and `clerk-android-ui`) from `1.0.16` to `1.0.18`. This pulls in the fix from clerk-android [#671](https://github.com/clerk/clerk-android/pull/671), which sets the correct IME actions on the prebuilt auth input fields so pressing Enter/Return submits the form (e.g. "Continue") instead of inserting a newline.

.changeset/proud-lions-allow.md

@@ -0,0 +1,5 @@
+---
+'@clerk/backend': patch
+---
+
+Strip `private_metadata` from the backend resource `_raw` payload in `stripPrivateDataFromObject`, preventing it from leaking into `__clerk_ssr_state` when a `User`/`Organization` resource is passed to `buildClerkProps`.

.changeset/wide-items-flow.md

@@ -0,0 +1,7 @@
+---
+'@clerk/clerk-js': minor
+'@clerk/shared': minor
+'@clerk/ui': minor
+---
+
+Internal `<ConfigureSSO />` refactor to call new org-scoped enterprise connections FAPI endpoints, replacing the `/me/` deprecated scope.

.github/workflows/api-changes.yml

@@ -46,7 +46,7 @@ env:
   # The tool was renamed snapi -> break-check (package @clerk/break-check, binary
   # break-check, repo clerk/break-check). Pinned to a pkg.pr.new build of a
   # specific commit on main.
-  BREAK_CHECK_PACKAGE: https://pkg.pr.new/clerk/break-check/@clerk/break-check@a4db93a68e43e45a71cc958cc4a722d91c5f62b2
+  BREAK_CHECK_PACKAGE: https://pkg.pr.new/clerk/break-check/@clerk/break-check@98cb22591751a1628e4e260064ddffa5647d6de5
   BREAK_CHECK_FILTERS: >-
     --filter=@clerk/astro
     --filter=@clerk/backend
@@ -258,6 +258,7 @@ jobs:
           pnpm dlx --package "$BREAK_CHECK_PACKAGE" break-check detect \
             --baseline .api-snapshots-baseline \
             --output api-changes-report.md \
+            --ai-apply-downgrades \
             --fail-on-breaking
 
       # Note: on the cache-hit skip path we intentionally post nothing. A turbo HIT is

packages/backend/src/util/__tests__/decorateObjectWithResources.test.ts

@@ -0,0 +1,121 @@
+import { describe, expect, it } from 'vitest';
+
+import { Organization } from '../../api/resources/Organization';
+import { User } from '../../api/resources/User';
+import { stripPrivateDataFromObject } from '../decorateObjectWithResources';
+
+describe('stripPrivateDataFromObject', () => {
+  it('removes top-level private metadata from user and organization', () => {
+    const result = stripPrivateDataFromObject({
+      user: { id: 'user_1', privateMetadata: { secret: 'a' } } as any,
+      organization: { id: 'org_1', privateMetadata: { secret: 'b' } } as any,
+    });
+
+    expect(result.user).not.toHaveProperty('privateMetadata');
+    expect(result.organization).not.toHaveProperty('privateMetadata');
+  });
+
+  it('strips private_metadata nested under the backend resource `_raw` payload', () => {
+    const user = User.fromJSON({
+      id: 'user_1',
+      object: 'user',
+      private_metadata: { ssn: '000-00-0000' },
+      public_metadata: { plan: 'pro' },
+      email_addresses: [],
+      phone_numbers: [],
+      web3_wallets: [],
+      external_accounts: [],
+      enterprise_accounts: [],
+    } as any);
+
+    const organization = Organization.fromJSON({
+      id: 'org_1',
+      object: 'organization',
+      name: 'Acme',
+      slug: 'acme',
+      private_metadata: { billingCustomerId: 'cus_secret' },
+      public_metadata: { tier: 'enterprise' },
+    } as any);
+
+    const result = stripPrivateDataFromObject({ user, organization });
+
+    // Serialize the way `buildClerkProps` embeds the state into the HTML response.
+    const serialized = JSON.stringify(result);
+    expect(serialized).not.toContain('000-00-0000');
+    expect(serialized).not.toContain('cus_secret');
+
+    expect((result.user as any)._raw).not.toHaveProperty('private_metadata');
+    expect((result.organization as any)._raw).not.toHaveProperty('private_metadata');
+
+    // Public metadata under `_raw` is intentionally preserved.
+    expect((result.user as any)._raw.public_metadata).toEqual({ plan: 'pro' });
+    expect((result.organization as any)._raw.public_metadata).toEqual({ tier: 'enterprise' });
+  });
+
+  it('recursively strips private_metadata nested under `_raw.organization_memberships`', () => {
+    const user = User.fromJSON({
+      id: 'user_1',
+      object: 'user',
+      private_metadata: { ssn: '000-00-0000' },
+      public_metadata: { plan: 'pro' },
+      email_addresses: [],
+      phone_numbers: [],
+      web3_wallets: [],
+      external_accounts: [],
+      enterprise_accounts: [],
+      organization_memberships: [
+        {
+          id: 'orgmem_1',
+          object: 'organization_membership',
+          role: 'admin',
+          permissions: [],
+          private_metadata: { membershipSecret: 'mem_secret' },
+          public_metadata: { seat: 'a' },
+          created_at: 1,
+          updated_at: 1,
+          organization: {
+            id: 'org_1',
+            object: 'organization',
+            name: 'Acme',
+            slug: 'acme',
+            private_metadata: { billingCustomerId: 'cus_secret' },
+            public_metadata: { tier: 'enterprise' },
+          },
+        },
+      ],
+    } as any);
+
+    const result = stripPrivateDataFromObject({ user });
+
+    const serialized = JSON.stringify(result);
+    expect(serialized).not.toContain('000-00-0000');
+    expect(serialized).not.toContain('mem_secret');
+    expect(serialized).not.toContain('cus_secret');
+
+    const membership = (result.user as any)._raw.organization_memberships[0];
+    expect(membership).not.toHaveProperty('private_metadata');
+    expect(membership.organization).not.toHaveProperty('private_metadata');
+
+    // Public metadata throughout the nested payload is intentionally preserved.
+    expect(membership.public_metadata).toEqual({ seat: 'a' });
+    expect(membership.organization.public_metadata).toEqual({ tier: 'enterprise' });
+  });
+
+  it('does not mutate the original resource `raw` payload', () => {
+    const user = User.fromJSON({
+      id: 'user_1',
+      object: 'user',
+      private_metadata: { ssn: '000-00-0000' },
+      email_addresses: [],
+      phone_numbers: [],
+      web3_wallets: [],
+      external_accounts: [],
+      enterprise_accounts: [],
+    } as any);
+
+    stripPrivateDataFromObject({ user });
+
+    // The server-side `raw` getter must still expose the full payload.
+    expect(user.raw?.private_metadata).toEqual({ ssn: '000-00-0000' });
+  });
+});

packages/backend/src/util/decorateObjectWithResources.ts

@@ -52,7 +52,7 @@ export function stripPrivateDataFromObject<T extends WithResources<object>>(auth
   return { ...authObject, user, organization };
 }
 
-function prunePrivateMetadata(resource?: { private_metadata: any } | { privateMetadata: any } | null) {
+function prunePrivateMetadata(resource?: { private_metadata?: any; privateMetadata?: any; _raw?: any } | null) {
   // Delete sensitive private metadata from resource before rendering in SSR
   if (resource) {
     if ('privateMetadata' in resource) {
@@ -61,7 +61,38 @@ function prunePrivateMetadata(resource?: { private_metadata: any } | { privateMe
     if ('private_metadata' in resource) {
       delete resource['private_metadata'];
     }
+    // Backend resources (`User`, `Organization`) retain the full Backend API
+    // payload on the enumerable `_raw` property, which still contains
+    // `private_metadata`. The payload is also nested (e.g. a `User`'s
+    // `organization_memberships[*]` each carry their own `private_metadata`
+    // and a nested `organization.private_metadata`), so redact recursively on
+    // a deep clone — leaving the original resource (and its `raw` getter)
+    // untouched.
+    if ('_raw' in resource && resource['_raw']) {
+      resource['_raw'] = redactPrivateMetadataDeep(resource['_raw']);
+    }
   }
 
   return resource;
 }
+
+/**
+ * Returns a deep clone of `value` with every `private_metadata` / `privateMetadata`
+ * property removed at any depth.
+ */
+function redactPrivateMetadataDeep(value: any): any {
+  if (Array.isArray(value)) {
+    return value.map(redactPrivateMetadataDeep);
+  }
+  if (value && typeof value === 'object') {
+    const clone: Record<string, any> = {};
+    for (const key of Object.keys(value)) {
+      if (key === 'private_metadata' || key === 'privateMetadata') {
+        continue;
+      }
+      clone[key] = redactPrivateMetadataDeep(value[key]);
+    }
+    return clone;
+  }
+  return value;
+}

packages/clerk-js/src/core/resources/Organization.ts

@@ -2,8 +2,20 @@ import type {
   AddMemberParams,
   ClerkPaginatedResponse,
   ClerkResourceReloadParams,
+  CreateOrganizationEnterpriseConnectionParams,
   CreateOrganizationParams,
+  DeletedObjectJSON,
+  DeletedObjectResource,
+  EnterpriseConnectionJSON,
+  EnterpriseConnectionResource,
+  EnterpriseConnectionTestRunInitJSON,
+  EnterpriseConnectionTestRunInitResource,
+  EnterpriseConnectionTestRunJSON,
+  EnterpriseConnectionTestRunResource,
+  EnterpriseConnectionTestRunsPaginatedJSON,
   GetDomainsParams,
+  GetEnterpriseConnectionsParams,
+  GetEnterpriseConnectionTestRunsParams,
   GetInvitationsParams,
   GetMembershipRequestParams,
   GetMemberships,
@@ -23,13 +35,22 @@ import type {
   RoleJSON,
   SetOrganizationLogoParams,
   UpdateMembershipParams,
+  UpdateOrganizationEnterpriseConnectionParams,
   UpdateOrganizationParams,
 } from '@clerk/shared/types';
 
 import { convertPageToOffsetSearchParams } from '../../utils/convertPageToOffsetSearchParams';
 import { unixEpochToDate } from '../../utils/date';
+import { toEnterpriseConnectionBody } from '../../utils/enterpriseConnection';
 import { addPaymentMethod, getPaymentMethods, initializePaymentMethod } from '../modules/billing';
-import { BaseResource, OrganizationInvitation, OrganizationMembership } from './internal';
+import {
+  BaseResource,
+  DeletedObject,
+  EnterpriseConnection,
+  EnterpriseConnectionTestRun,
+  OrganizationInvitation,
+  OrganizationMembership,
+} from './internal';
 import { OrganizationDomain } from './OrganizationDomain';
 import { OrganizationMembershipRequest } from './OrganizationMembershipRequest';
 import { Role } from './Role';
@@ -142,6 +163,107 @@ export class Organization extends BaseResource implements OrganizationResource {
     return new OrganizationDomain(json);
   };
 
+  getEnterpriseConnections = async (
+    params?: GetEnterpriseConnectionsParams,
+  ): Promise<EnterpriseConnectionResource[]> => {
+    const { withOrganizationAccountLinking } = params || {};
+
+    const json = (
+      await BaseResource._fetch({
+        path: `/organizations/${this.id}/enterprise_connections`,
+        method: 'GET',
+        ...(withOrganizationAccountLinking !== undefined
+          ? {
+              search: {
+                with_organization_account_linking: String(withOrganizationAccountLinking),
+              },
+            }
+          : {}),
+      })
+    )?.response as unknown as EnterpriseConnectionJSON[];
+
+    return (json || []).map(connection => new EnterpriseConnection(connection));
+  };
+
+  createEnterpriseConnection = async (
+    params: CreateOrganizationEnterpriseConnectionParams,
+  ): Promise<EnterpriseConnectionResource> => {
+    const json = (
+      await BaseResource._fetch<EnterpriseConnectionJSON>({
+        path: `/organizations/${this.id}/enterprise_connections`,
+        method: 'POST',
+        body: toEnterpriseConnectionBody(params, { omitOrganizationId: true }) as any,
+      })
+    )?.response as unknown as EnterpriseConnectionJSON;
+
+    return new EnterpriseConnection(json);
+  };
+
+  updateEnterpriseConnection = async (
+    enterpriseConnectionId: string,
+    params: UpdateOrganizationEnterpriseConnectionParams,
+  ): Promise<EnterpriseConnectionResource> => {
+    const json = (
+      await BaseResource._fetch<EnterpriseConnectionJSON>({
+        path: `/organizations/${this.id}/enterprise_connections/${enterpriseConnectionId}`,
+        method: 'PATCH',
+        body: toEnterpriseConnectionBody(params, { omitOrganizationId: true }) as any,
+      })
+    )?.response as unknown as EnterpriseConnectionJSON;
+
+    return new EnterpriseConnection(json);
+  };
+
+  deleteEnterpriseConnection = async (enterpriseConnectionId: string): Promise<DeletedObjectResource> => {
+    const json = (
+      await BaseResource._fetch<DeletedObjectJSON>({
+        path: `/organizations/${this.id}/enterprise_connections/${enterpriseConnectionId}`,
+        method: 'DELETE',
+      })
+    )?.response as unknown as DeletedObjectJSON;
+
+    return new DeletedObject(json);
+  };
+
+  createEnterpriseConnectionTestRun = async (
+    enterpriseConnectionId: string,
+  ): Promise<EnterpriseConnectionTestRunInitResource> => {
+    const json = (
+      await BaseResource._fetch({
+        path: `/organizations/${this.id}/enterprise_connections/${enterpriseConnectionId}/test_runs`,
+        method: 'POST',
+      })
+    )?.response as unknown as EnterpriseConnectionTestRunInitJSON;
+
+    return { url: json.url };
+  };
+
+  getEnterpriseConnectionTestRuns = async (
+    enterpriseConnectionId: string,
+    params?: GetEnterpriseConnectionTestRunsParams,
+  ): Promise<ClerkPaginatedResponse<EnterpriseConnectionTestRunResource>> => {
+    const { status, ...rest } = params || {};
+    const search = convertPageToOffsetSearchParams(rest);
+    if (status?.length) {
+      for (const s of status) {
+        search.append('status', s);
+      }
+    }
+
+    const res = await BaseResource._fetch({
+      path: `/organizations/${this.id}/enterprise_connections/${enterpriseConnectionId}/test_runs`,
+      method: 'GET',
+      search,
+    });
+
+    const payload = res?.response as unknown as EnterpriseConnectionTestRunsPaginatedJSON | undefined;
+
+    return {
+      total_count: payload?.total_count ?? 0,
+      data: (payload?.data ?? []).map((row: EnterpriseConnectionTestRunJSON) => new EnterpriseConnectionTestRun(row)),
+    };
+  };
+
   getMembershipRequests = async (
     getRequestParam?: GetMembershipRequestParams,
   ): Promise<ClerkPaginatedResponse<OrganizationMembershipRequestResource>> => {