clerk-sessions-webhooks-security

Installation
SKILL.md

Clerk Sessions, Webhooks, and Security

Overview

Use this skill for Clerk's security-sensitive surfaces: sessions, JWTs, token retrieval, organizations and authorization, webhook synchronization, environment separation, and production hardening. Prioritize trust boundaries and replay-safe design.

Sessions and Tokens

Distinguish the token or session type before writing code:

Surface Use
Session token Authenticates a signed-in user session
Custom JWT template Supplies custom claims for an external service integration
API key Authenticates an application/user-created key where Clerk supports API keys
OAuth token Authenticates OAuth access flows where enabled
Machine-to-machine token Authenticates service-to-service requests

Use getToken() from the relevant Clerk auth object or hook to retrieve a session token or custom JWT template where supported. Always await it. Do not store tokens in localStorage, log them, embed them in URLs, or send them to origins that do not need them.

Installs
8
GitHub Stars
47
First Seen
14 days ago
clerk-sessions-webhooks-security — josiahsiegel/claude-plugin-marketplace