Skills

clerk-chrome-extension-patterns

Installation
SKILL.md

Chrome Extension Patterns

CRITICAL RULES

  1. OAuth (Google, GitHub, etc.) and SAML are NOT supported in popups or side panels -- use syncHost to delegate auth to your web app
  2. Email links (magic links) don't work in popups -- the popup closes when the user clicks outside, resetting sign-in state
  3. Side panels don't auto-refresh auth state -- users must close and reopen the side panel after signing in via the web app
  4. Service workers and content scripts have NO access to Clerk React hooks -- use createClerkClient() or message passing
  5. Extension URLs use chrome-extension:// not http:// -- all redirect URLs must use chrome.runtime.getURL('.')
  6. Without a stable CRX ID, every rebuild breaks auth -- configure key in manifest BEFORE deploying
  7. Content scripts cannot use Clerk directly due to origin restrictions -- Clerk enforces strict allowed origins
  8. Bot protection must be DISABLED in Clerk Dashboard -- Cloudflare bot detection is not supported in extension environments

Authentication Options

Installs
3.9K
Repository
clerk/skills
GitHub Stars
50
First Seen
Apr 6, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykFail
clerk-chrome-extension-patterns — clerk/skills