clerk · wobsoriano · Sep 30, 2024 · Sep 30, 2024 · Sep 30, 2024
diff --git a/.changeset/quiet-chicken-cover.md b/.changeset/quiet-chicken-cover.md
@@ -0,0 +1,5 @@
+---
+"@clerk/express": minor
+---
+
+Enable handshake flow by default
diff --git a/packages/express/src/__tests__/clerkMiddleware.test.ts b/packages/express/src/__tests__/clerkMiddleware.test.ts
@@ -18,13 +18,13 @@ describe('clerkMiddleware', () => {
     });
 
     it('throws error if secretKey is not passed as parameter', async () => {
-      const response = await runMiddleware(clerkMiddleware({ enableHandshake: true })).expect(500);
+      const response = await runMiddleware(clerkMiddleware()).expect(500);
 
       assertNoDebugHeaders(response);
     });
 
     it('works if secretKey is passed as parameter', async () => {
-      const options = { secretKey: 'sk_test_....', enableHandshake: true };
+      const options = { secretKey: 'sk_test_....' };
 
       const response = await runMiddleware(clerkMiddleware(options), { Cookie: '__clerk_db_jwt=deadbeef;' }).expect(
         200,
@@ -54,7 +54,7 @@ describe('clerkMiddleware', () => {
     });
 
     it('works if publishableKey is passed as parameter', async () => {
-      const options = { publishableKey: 'pk_test_Y2xlcmsuZXhhbXBsZS5jb20k', enableHandshake: true };
+      const options = { publishableKey: 'pk_test_Y2xlcmsuZXhhbXBsZS5jb20k' };
 
       const response = await runMiddleware(clerkMiddleware(options), { Cookie: '__clerk_db_jwt=deadbeef;' }).expect(
         200,
@@ -72,7 +72,7 @@ describe('clerkMiddleware', () => {
   });
 
   it('supports usage with parameters: app.use(clerkMiddleware(options))', async () => {
-    const options = { publishableKey: 'pk_test_Y2xlcmsuZXhhbXBsZS5jb20k', enableHandshake: true };
+    const options = { publishableKey: 'pk_test_Y2xlcmsuZXhhbXBsZS5jb20k' };
 
     const response = await runMiddleware(clerkMiddleware(options), { Cookie: '__clerk_db_jwt=deadbeef;' }).expect(
       200,
@@ -95,23 +95,23 @@ describe('clerkMiddleware', () => {
     expect(response.header).not.toHaveProperty('x-clerk-auth-custom', 'custom-value');
   });
 
-  it('disables handshake flow by default', async () => {
+  it('handshake flow supported by default', async () => {
     const response = await runMiddleware(clerkMiddleware(), {
       Cookie: '__client_uat=1711618859;',
       'Sec-Fetch-Dest': 'document',
-    }).expect(200);
+    }).expect(307);
 
-    assertNoDebugHeaders(response);
+    expect(response.header).toHaveProperty('x-clerk-auth-status', 'handshake');
+    expect(response.header).toHaveProperty('location', expect.stringContaining('/v1/client/handshake?redirect_url='));
   });
 
-  it('supports handshake flow', async () => {
-    const response = await runMiddleware(clerkMiddleware({ enableHandshake: true }), {
+  it('can disable handshake flow', async () => {
+    const response = await runMiddleware(clerkMiddleware({ enableHandshake: false }), {
       Cookie: '__client_uat=1711618859;',
       'Sec-Fetch-Dest': 'document',
-    }).expect(307);
+    }).expect(200);
 
-    expect(response.header).toHaveProperty('x-clerk-auth-status', 'handshake');
-    expect(response.header).toHaveProperty('location', expect.stringContaining('/v1/client/handshake?redirect_url='));
+    assertNoDebugHeaders(response);
   });
 
   it('calls next with an error when request URL is invalid', () => {

diff --git a/packages/express/src/__tests__/requireAuth.test.ts b/packages/express/src/__tests__/requireAuth.test.ts
@@ -2,6 +2,7 @@ import type { RequestHandler } from 'express';
 
 import { clerkMiddleware } from '../clerkMiddleware';
 import { requireAuth } from '../requireAuth';
+import type { ExpressRequestWithAuth } from '../types';
 import { mockRequestWithAuth, runMiddleware } from './helpers';
 
 let mockAuthenticateAndDecorateRequest: jest.Mock;
@@ -76,7 +77,7 @@ describe('requireAuth', () => {
 
     mockAuthenticateAndDecorateRequest.mockImplementation((): RequestHandler => {
       return (req, _res, next) => {
-        if ((req as any).auth) {
+        if ((req as ExpressRequestWithAuth).auth) {
           return next();
         }
         const requestState = mockAuthenticateRequest({ request: req });

diff --git a/packages/express/src/authenticateRequest.ts b/packages/express/src/authenticateRequest.ts
@@ -99,7 +99,7 @@ const absoluteProxyUrl = (relativeOrAbsoluteUrl: string, baseUrl: string): strin
 
 export const authenticateAndDecorateRequest = (options: ClerkMiddlewareOptions = {}) => {
   const clerkClient = options.clerkClient || defaultClerkClient;
-  const enableHandshake = options.enableHandshake || false;
+  const enableHandshake = options.enableHandshake ?? true;
 
   // eslint-disable-next-line @typescript-eslint/no-misused-promises
   const middleware: RequestHandler = async (request, response, next) => {

diff --git a/packages/express/src/types.ts b/packages/express/src/types.ts
@@ -14,6 +14,8 @@ export type ClerkMiddlewareOptions = AuthenticateRequestOptions & {
    *
    * This is useful for server-rendered fullstack applications to handle
    * expired JWTs securely and maintain session continuity.
+   *
+   * @default true
    */
   enableHandshake?: boolean;
 };