clerk

Guide for authenticating a user via the Clerk Frontend API (FAPI) using username/password. Use when implementing the iLEAP Authentication Server Adapter or similar authentication backends that require programmatic username/password login via Clerk.

6 stars

byway-platform

View on GitHub Installation ↓

Best use case

clerk is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Teams using clerk should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/clerk/SKILL.md --create-dirs "https://raw.githubusercontent.com/way-platform/ileap-go/main/.agents/skills/clerk/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/clerk/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How clerk Compares

Feature / Agent	clerk	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Clerk Authentication Skill

This skill provides guidance on implementing an authentication backend using Clerk. Since iLEAP requires programmatic username/password authentication and doesn't support 3-legged OAuth flows, we must use the Clerk Frontend API (FAPI) to authenticate users directly.

## Using the Clerk Frontend API (FAPI) for Login

Clerk's design separates backend and frontend APIs. The Backend API (BAPI) is used for administrative tasks, while the Frontend API (FAPI) is used for authentication flows (logging in, signing up, etc.).

To programmatically authenticate a user with a username (or email) and password, you must interact with the FAPI `sign_ins` endpoint.

### 1. Initiate the Sign-In Flow

Send a `POST` request to the `/v1/client/sign_ins` endpoint on your Clerk Frontend API URL (e.g., `https://clerk.<your-domain>/v1/client/sign_ins`).

**Request Body (`application/x-www-form-urlencoded` or JSON):**
- `strategy`: Must be `"password"`
- `identifier`: The user's email address or username
- `password`: The user's password

**Example Request:**
```http
POST /v1/client/sign_ins
Content-Type: application/x-www-form-urlencoded

strategy=password&identifier=ileap-demo@way.cloud&password=HelloPrimaryData
```

### 2. Handle the Response

The API will return a `SignIn` object. You must check the `status` field to determine if the authentication was successful.

- If `status === "complete"`: The username and password are correct, and no further verification (like MFA) is required. The response will include a `created_session_id`.
- If `status === "needs_second_factor"`: The user has Multi-Factor Authentication enabled. (Note: For the iLEAP demo backend, MFA should ideally be disabled for the service account).
- If the credentials are invalid, the API will return a `4xx` error.

**Example Success Response:**
```json
{
"status": "complete",
"created_session_id": "sess_1234567890",
"identifier": "ileap-demo@way.cloud",
// ... other fields
}
```

### 3. Activate an Organization (Optional)

If your application requires scoping the user's session to a specific organization, you must set an "Active Organization" on the session after a successful sign-in.

Send a `POST` request to the `/v1/client/sessions/{session_id}/touch` endpoint on the FAPI URL:

**Request Body (`application/x-www-form-urlencoded` or JSON):**
- `active_organization_id`: The ID of the organization to activate (e.g., `org_2xMv7P...`)

**Example Request:**
```http
POST /v1/client/sessions/sess_1234567890/touch
Content-Type: application/x-www-form-urlencoded
Authorization: <optional_token_if_needed>

active_organization_id=org_2xMv7P...
```

The response will contain the updated `client.sessions` array, where the `last_active_token.jwt` will now include claims specific to the activated organization (like `org_id` and `org_role`).

### 4. Integrating with iLEAP

When adapting this for the iLEAP Authentication Server Adapter (e.g., the `POST /auth/token` route):
1. Extract the `username` and `password` from the incoming HTTP Basic Auth request.
2. Proxy these credentials to the Clerk FAPI `/v1/client/sign_ins` endpoint.
3. If Clerk returns `status: "complete"`, optionally call the `touch` endpoint if an organization ID is provided.
4. Extract the session JWT (`last_active_token.jwt`).
5. Generate the required iLEAP token (as seen in `demo/server.go`) or return the Clerk JWT directly to the client.

## Reference Material

For further details on Clerk's APIs and custom flows, refer to the bundled reference documentation:

- **OpenAPI FAPI Spec:** `.agents/skills/clerk/references/openapi/frontend-api-2025-11-10.yml` (Look for `/v1/client/sign_ins` and `/v1/client/sessions/{session_id}/touch`)
- **Active Organization Concept:** `.agents/skills/clerk/references/docs/_tooltips/active-organization.mdx`
- **Custom Organization Switcher Flow:** `.agents/skills/clerk/references/docs/guides/development/custom-flows/organizations/organization-switcher.mdx`
- **Custom Email/Password Flow Docs:** `.agents/skills/clerk/references/docs/guides/development/custom-flows/authentication/email-password.mdx`
- **Backend API Spec (for administrative tasks):** `.agents/skills/clerk/references/openapi/backend-api-2025-11-10.yml`

*Note: The Clerk Backend API also provides a `/users/{user_id}/verify_password` endpoint, but it requires knowing the `user_id` beforehand. The FAPI `/v1/client/sign_ins` endpoint allows direct authentication with just the identifier and password.*

Related Skills

way-magefile

from way-platform/ileap-go

Build tool for Go projects. Use when the user wants to create, edit, or understand Way-specific Magefiles, build targets, or automate Go project tasks.

protobuf

from way-platform/ileap-go

Use when working with Protocol Buffer (.proto) files, buf.yaml, buf.gen.yaml, or buf.lock. Covers proto design, buf CLI, gRPC/Connect services, protovalidate constraints, schema evolution, and troubleshooting lint/breaking errors.

prd

from way-platform/ileap-go

Generate a Product Requirements Document (PRD) for a new feature. Use when planning a feature, starting a new project, or when asked to create a PRD. Triggers on: create a prd, write prd for, plan this feature, requirements for, spec out.

ileap

from way-platform/ileap-go

iLEAP technical specs for exchanging logistics emissions data (ISO 14083 / GLEC Framework) via the PACT protocol. Use when implementing iLEAP APIs, data models (ShipmentFootprint, TCE, TOC, HOC, TAD), PACT DataModelExtensions, or conformance testing. Language-agnostic.

agents-md

from way-platform/ileap-go

This skill should be used when the user asks to "create AGENTS.md", "update AGENTS.md", "maintain agent docs", "set up CLAUDE.md", or needs to keep agent instructions concise. Guides discovery of local skills and enforces minimal documentation style.

clerk-auth

31392

from sickn33/antigravity-awesome-skills

Expert patterns for Clerk auth implementation, middleware, organizations, webhooks, and user sync

Authentication & Identity ManagementClaude

clerk-auth

24269

from davila7/claude-code-templates

Expert patterns for Clerk auth implementation, middleware, organizations, webhooks, and user sync Use when: adding authentication, clerk auth, user authentication, sign in, sign up.

clerk-webhooks-events

1868

from jeremylongshore/claude-code-plugins-plus-skills

Configure Clerk webhooks and handle authentication events. Use when setting up user sync, handling auth events, or integrating Clerk with external systems via Svix webhooks. Trigger with phrases like "clerk webhooks", "clerk events", "clerk user sync", "clerk svix", "clerk event handling".

clerk-upgrade-migration

1868

from jeremylongshore/claude-code-plugins-plus-skills

Manage Clerk SDK version upgrades and handle breaking changes. Use when upgrading Clerk packages, migrating to new SDK versions, or handling deprecation warnings. Trigger with phrases like "upgrade clerk", "clerk migration", "update clerk SDK", "clerk breaking changes".

clerk-security-basics

1868

from jeremylongshore/claude-code-plugins-plus-skills

Implement security best practices with Clerk authentication. Use when securing your application, reviewing auth implementation, or hardening Clerk configuration. Trigger with phrases like "clerk security", "secure clerk", "clerk best practices", "clerk hardening".

clerk-sdk-patterns

1868

from jeremylongshore/claude-code-plugins-plus-skills

Common Clerk SDK patterns and best practices. Use when implementing authentication flows, accessing user data, or integrating Clerk SDK methods in your application. Trigger with phrases like "clerk SDK", "clerk patterns", "clerk best practices", "clerk API usage".

clerk-reference-architecture

1868

from jeremylongshore/claude-code-plugins-plus-skills

Reference architecture patterns for Clerk authentication. Use when designing application architecture, planning auth flows, or implementing enterprise-grade authentication. Trigger with phrases like "clerk architecture", "clerk design", "clerk system design", "clerk integration patterns".