Add changeset

LauraBeatris · LauraBeatris · commit 4d75ad8f0486 · 2025-05-05T19:04:44.000-03:00
diff --git a/.changeset/flat-papers-begin.md b/.changeset/flat-papers-begin.md
@@ -0,0 +1,16 @@
+---
+'@clerk/backend': minor
+'@clerk/express': minor
+---
+
+Introduce `treatPendingAsSignedOut` option to `getAuth`
+
+```ts
+// `pending` sessions will be treated as signed-out by default
+const { userId } = getAuth(req)
+```
+
+```ts
+// Both `active` and `pending` sessions will be treated as authenticated when `treatPendingAsSignedOut` is false
+const { userId } = getAuth(req, { treatPendingAsSignedOut: false })
+```
diff --git a/packages/backend/src/tokens/authStatus.ts b/packages/backend/src/tokens/authStatus.ts
@@ -99,7 +99,7 @@ export function signedIn(
     afterSignInUrl: authenticateContext.afterSignInUrl || '',
     after#Url: authenticateContext.after#Url || '',
     isSignedIn: true,
-    // @ts-expect-error Dynamically return `SignedOutAuthObject` based on options
+    // @ts-expect-error The return type is intentionally overridden here to support consumer-facing logic that treats pending sessions as signed out. This override does not affect internal session management like handshake flows.
     toAuth: ({ treatPendingAsSignedOut = true } = {}) => {
       if (treatPendingAsSignedOut && authObject.sessionStatus === 'pending') {
         return signedOutAuthObject(undefined, authObject.sessionStatus);
diff --git a/packages/express/src/__tests__/helpers.ts b/packages/express/src/__tests__/helpers.ts
@@ -28,7 +28,7 @@ export function mockRequest(): ExpressRequest {
 
 export function mockRequestWithAuth(auth: Partial<AuthObject> = {}): ExpressRequestWithAuth {
   return {
-    auth: {
+    auth: () => ({
       sessionClaims: null,
       sessionId: null,
       actor: null,
@@ -41,7 +41,7 @@ export function mockRequestWithAuth(auth: Partial<AuthObject> = {}): ExpressRequ
       has: () => false,
       debug: () => ({}),
       ...auth,
-    },
+    }),
   } as unknown as ExpressRequestWithAuth;
 }
 
diff --git a/packages/express/src/getAuth.ts b/packages/express/src/getAuth.ts
@@ -20,6 +20,5 @@ export const getAuth = (req: ExpressRequest, options?: GetAuthOptions): AuthObje
     throw new Error(middlewareRequired('getAuth'));
   }
 
-  // this has to receive an option
   return req.auth(options);
 };

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,5 @@ export const getAuth = (req: ExpressRequest, options?: GetAuthOptions): AuthObje`
`20`	`20`	`throw new Error(middlewareRequired('getAuth'));`
`21`	`21`	`}`
`22`	`22`
`23`		`- // this has to receive an option`
`24`	`23`	`return req.auth(options);`
`25`	`24`	`};`