feat(js,shared): always send the session-minter request shape for /tokens

[nikosdouvlis]

The auth_config.session_minter gate in clerk-js no longer adds value. The FAPI proxy in cloudflare-workers strips token and force_origin from the /tokens body unconditionally (regardless of SESSION_MINTER_DISPATCH_ENABLED), and the Go backend's /tokens handler has a matching strip-and-sentry safety net. So clerk-js can send the minter shape for every instance without breaking the ones the Minter hasn't activated yet.

Paired with clerk_go#19095, which drops the corresponding FLAG_SESSION_TOKEN_OIAT_INSTANCE_IDS and FLAG_SYNC_SESSION_TO_EDGE_INSTANCE_IDS flags on the Go side.

What changes

• AuthConfigResource.sessionMinter and AuthConfigJSON.session_minter are removed
• Session.#createTokenResolver always includes token (when lastActiveToken exists) and forceOrigin: 'true' (when skipCache) in the POST body
• The expired_token retry on 422 missing_expired_token was the fallback for non-minter clients - removed along with the gate
• Tests updated, legacy-retry describe block deleted
• Changeset added (minor for @clerk/clerk-js and @clerk/shared)

Why this is safe

• Older clerk-js bundles still in the wild keep working: the field becoming undefined on the AuthConfig instance just routes them through their existing legacy path
• For instances where the Minter isn't dispatched (SESSION_MINTER_DISPATCH_ENABLED=false, currently prod), the FAPI proxy strips the extra body fields before forwarding to origin, so Go receives the same payload it always did
• For instances where the Minter is dispatched, this is the shape it already expects

Test plan

• pnpm --filter @clerk/clerk-js test src/core/resources/__tests__/Session.test.ts src/core/resources/__tests__/AuthConfig.test.ts (71 pass)
• pnpm --filter @clerk/clerk-js build:declarations clean vs main (no new TS errors)
• Manual: verify a /tokens request from a fresh clerk-js always carries token in body for non-template mints

[changeset-bot]

🦋 Changeset detected

Latest commit: 260061f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 20 packages

Name	Type
@clerk/clerk-js	Minor
@clerk/shared	Minor
@clerk/chrome-extension	Patch
@clerk/expo	Patch
@clerk/astro	Patch
@clerk/backend	Patch
@clerk/expo-passkeys	Patch
@clerk/express	Patch
@clerk/fastify	Patch
@clerk/hono	Patch
@clerk/localizations	Patch
@clerk/msw	Patch
@clerk/nextjs	Patch
@clerk/nuxt	Patch
@clerk/react-router	Patch
@clerk/react	Patch
@clerk/tanstack-react-start	Patch
@clerk/testing	Patch
@clerk/ui	Patch
@clerk/vue	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	May 24, 2026 9:18am

[pkg-pr-new]

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8638

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8638

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8638

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8638

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@8638

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8638

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8638

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8638

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8638

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8638

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8638

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8638

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8638

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8638

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8638

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8638

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8638

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8638

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8638

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8638

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8638

commit: 260061f

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 9f0a3902-122d-4bdc-86de-7793940f5315

📥 Commits

Reviewing files that changed from the base of the PR and between fe5a49c and 260061f.

📒 Files selected for processing (7)

• .changeset/drop-session-minter-gate.md
• packages/clerk-js/src/core/resources/AuthConfig.ts
• packages/clerk-js/src/core/resources/Session.ts
• packages/clerk-js/src/core/resources/__tests__/AuthConfig.test.ts
• packages/clerk-js/src/core/resources/__tests__/Session.test.ts
• packages/shared/src/types/authConfig.ts
• packages/shared/src/types/json.ts

💤 Files with no reviewable changes (4)

• packages/clerk-js/src/core/resources/tests/AuthConfig.test.ts
• packages/shared/src/types/json.ts
• packages/shared/src/types/authConfig.ts
• packages/clerk-js/src/core/resources/AuthConfig.ts

---

📝 Walkthrough

Walkthrough

This PR removes the sessionMinter gate from auth configuration and simplifies token request behavior. The shared type interfaces remove the sessionMinter property and add preferredChannels, claimed_at, and reverification fields to AuthConfigJSON. The AuthConfig class implementation is updated to match, removing sessionMinter processing from its JSON mapping and snapshot methods. The Session.ts token creation logic is refactored to unconditionally use the Session Minter request shape, eliminating the prior sessionMinterEnabled branching logic and the expired token retry path that used MissingExpiredTokenError. Tests are updated to remove sessionMinter-dependent mock configuration and the test case validating sessionMinter=false behavior.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: removing the session-minter gate and always sending the session-minter request shape for /tokens calls.
Description check	✅ Passed	The description clearly explains what changed, why it's safe, and provides context about the backend coordination and test plan.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}