# Clerk The `@mastra/auth-clerk` package provides authentication for Mastra using Clerk. It verifies incoming requests using Clerk's authentication system and integrates with the Mastra server using the `auth` option. ## Prerequisites This example uses Clerk authentication. Make sure to add your Clerk credentials to your `.env` file and ensure your Clerk project is properly configured. ```env CLERK_PUBLISHABLE_KEY=pk_test_... CLERK_SECRET_KEY=sk_test_... CLERK_JWKS_URI=https://your-clerk-domain.clerk.accounts.dev/.well-known/jwks.json ``` > **Note:** You can find these keys in your Clerk Dashboard under "API Keys". ## Installation Before you can use the `MastraAuthClerk` class you have to install the `@mastra/auth-clerk` package. **npm**: ```bash npm install @mastra/auth-clerk@latest ``` **pnpm**: ```bash pnpm add @mastra/auth-clerk@latest ``` **Yarn**: ```bash yarn add @mastra/auth-clerk@latest ``` **Bun**: ```bash bun add @mastra/auth-clerk@latest ``` ## Usage example ```typescript import { Mastra } from '@mastra/core' import { MastraAuthClerk } from '@mastra/auth-clerk' export const mastra = new Mastra({ server: { auth: new MastraAuthClerk({ publishableKey: process.env.CLERK_PUBLISHABLE_KEY, secretKey: process.env.CLERK_SECRET_KEY, jwksUri: process.env.CLERK_JWKS_URI, }), }, }) ``` > **Info:** The default `authorizeUser` method allows all authenticated users. To customize user authorization, provide a custom `authorizeUser` function when constructing the provider. > > Visit [MastraAuthClerk](https://mastra.ai/reference/auth/clerk) for all available configuration options. ## Client-side setup When using Clerk auth, you'll need to retrieve the access token from Clerk on the client side and pass it to your Mastra requests. ### Retrieving the access token Use the Clerk React hooks to authenticate users and retrieve their access token: ```typescript import { useAuth } from '@clerk/nextjs' export const useClerkAuth = () => { const { getToken } = useAuth() const getAccessToken = async () => { const token = await getToken() return token } return { getAccessToken } } ``` > **Info:** Refer to the [Clerk documentation](https://clerk.com/docs) for more information. ## Configuring `MastraClient` When `auth` is enabled, all requests made with `MastraClient` must include a valid Clerk access token in the `Authorization` header: ```typescript import { MastraClient } from '@mastra/client-js' export const mastraClient = new MastraClient({ baseUrl: 'https://', headers: { Authorization: `Bearer ${accessToken}`, }, }) ``` > **Info:** The access token must be prefixed with `Bearer` in the Authorization header. > > Visit [Mastra Client SDK](https://mastra.ai/docs/server/mastra-client) for more configuration options. ### Making authenticated requests Once `MastraClient` is configured with the Clerk access token, you can send authenticated requests: **React**: ```tsx 'use client' import { useAuth } from '@clerk/nextjs' import { MastraClient } from '@mastra/client-js' export const TestAgent = () => { const { getToken } = useAuth() async function handleClick() { const token = await getToken() const client = new MastraClient({ baseUrl: 'http://localhost:4111', headers: token ? { Authorization: `Bearer ${token}` } : undefined, }) const weatherAgent = client.getAgent('weatherAgent') const response = await weatherAgent.generate("What's the weather like in New York") console.log({ response }) } return } ``` **cURL**: ```bash curl -X POST http://localhost:4111/api/agents/weatherAgent/generate \ -H "Content-Type: application/json" \ -H "Authorization: Bearer " \ -d '{ "messages": "Weather in London" }' ```